Social media giant Twitter Inc, under increased threat of regulation and plagued by serious security breaches, is appointing one of the world's best-regarded hackers to tackle everything from engineering missteps to misinformation.
The company on Monday named Peiter Zatko, widely known by his hacker handle Mudge, to the new position of head of security, giving him a broad mandate to recommend changes in structure and practices. Zatko answers to CEO Jack Dorsey and is expected to take over management of key security functions after a 45- to 60-day review.
In an exclusive interview, Zatko said he will examine 'information security, site integrity, physical security, platform integrity -- which starts to touch on abuse and manipulation of the platform -- and engineering.'
Zatko most recently oversaw security at the electronic payments unicorn Stripe. Before that, he worked on special projects at Google and oversaw handing out grants for projects on cybersecurity at the Pentagon's famed Defense Advanced Research and Projects Agency .
Zatko's colorful career began in the 1990s, when he simultaneously conducted classified work for a government contractor and was among the leaders of Cult of the Dead Cow, a hacking group notorious for releasing Windows hacking tools in order to goad Microsoft into improving security.
'I don't know if anyone can fix Twitter's security, but he'd be at the top of my list,' said Dan Kaufman, who supervised Zatko at DARPA and now leads the advanced products group at Google.
Twitter faces numerous security challenges. A year ago, the U.S. government accused two men of spying for Saudi Arabia when they worked at Twitter years earlier, saying that they passed along private information about the kingdom's critics.
In July, a group of young hackers tricked employees and won access to internal tools, which let them change account settings and then tweet from the accounts of then-presidential candidate Joe Biden, Microsoft founder Bill Gates and Tesla Chief Executive Elon Musk.
'The data breach this summer was an important reminder of how far Twitter needs to go in building some of the basic security functions necessary to run a service targeted by adversaries much more skilled than the teenagers arrested for that incident,' said Alex Stamos, a former Facebook chief security officer and current Stanford researcher who has helped lead efforts to fight election disinformation.
Stamos, who once worked for Zatko's security consultancy, called him a great fit for a company lacking the financial muscle of Facebook and Google. 'They are going to have to find creative solutions to these problems, and if Mudge is famous for anything in security, it is being creative.'
Zatko said he was committed to improving public conversations on Twitter. He praised a recent move to increase 'friction' by prompting users to comment instead of simply retweeting; a next step could be to force people to understand a long conversation before participating in it, he said.
Zatko said he appreciated Twitter's openness to unconventional security approaches, such as his proposal for confusing bad actors by manipulating the data they receive from Twitter about how people interact with their posts.
'They are willing to take some risks,' Zatko said of his new employer. 'With the challenges of algorithms and algorithmic bias, they are not standing by and waiting until someone else solves the problem.'
WHO IS THE HACKER, MUDGE?
Mudge is a famed hacker who nearly 20 years ago told Congress he could take down the internet in 30 minutes.
Mudge is a famed hacker who nearly 20 years ago told Congress he could take down the internet in 30 minutes.Peiter Zatko, known in the hacker world as Mudge, was the best-known member of pioneering Boston hacking group the L0pht as well as the long-lived computer and culture hacking cooperative the Cult of the Dead Cow.
Peiter Zatko, known in the hacker world as Mudge, was the best-known member of pioneering Boston hacking group the L0pht as well as the long-lived computer and culture hacking cooperative the Cult of the Dead Cow.More recently, he headed a Defense Department grant program for computer security projects.
More recently, he headed a Defense Department grant program for computer security projects.While involved with the L0pht, Mudge contributed significantly to disclosure and education on information and security vulnerabilities.
In 2010 Mudge accepted a position as a program manager at Defense Advanced Research Projects Agency a government agency where he oversaw cyber security research.
In 2013 Mudge went to work for Google in their Advanced Technology & Projects division.
Born in December 1970, Mudge graduated from the Berklee College of Music at the top of his class and is an adept guitar player.
Mudge was responsible for early research into a type of security vulnerability known as the buffer overflow.
Mudge was one of the first people from the hacker community to reach out and build relationships with government and industry. In demand as a public speaker, he spoke at hacker conferences such as DEF CON and academic conferences such as USENIX.
He was one of the seven L0pht members who testified before a Senate committee in 1998 about the serious vulnerabilities of the Internet at that time.
In 2000, after the first crippling Internet distributed denial-of-service attacks, he was invited to meet with President Bill Clinton at a security summit alongside cabinet members and industry executives.
In 2004 he became a division scientist at government contractor BBN Technologies, where he originally worked in the 1990s, and also joined the technical advisory board of NFR Security.
In 2010, it was announced that he would be project manager of a DARPA project focused on directing research in cyber security
In 2013 he announced that he would leave DARPA for a position at Google ATAP.
In 2015 Zatko announced on Twitter he would join a project called #CyberUL, a testing organisation for computer security inspired by Underwriters Laboratories, mandated by the White House.