Twitter whistleblower: Who is Peiter Zatko?

24 Aug 2022

Peiter ‘Mudge’ Zaitko joined DARPA in 2010, where he worked for three years. Image: DARPA

Twitter’s former head of security was a big name among hackers in the ’90s and has worked with various organisations including DARPA, Google and Stripe.

Peiter Zatko has caused a stir this week with claims that Twitter’s leadership misled the board and regulators about serious security vulnerabilities at the company.

The former head of security at Twitter agreed to go public with allegations that the platform has “extreme, egregious deficiencies” that pose a security threat to its users and shareholders.

Also known by his hacker title ‘Mudge’, Zatko was hired by Twitter in 2020. The social platform was beefing up its security after it experienced a major hack targeting high-profile accounts such as Elon Musk, Bill Gates and Jeff Bezos.

But Zatko was fired by Twitter earlier this year when new CEO Parag Agrawal reorganised the company’s security team. Twitter has said that he was let go for “poor performance and ineffective leadership”.

Who is Peiter Zatko?

Zatko’s rise in the security world began long before his time at Twitter. He has been working in the realm of internet security for decades and was a big name in the hacking community in the 1990s.

He joined the hacker collective known as L0pht, which was a prominent group in the ’90s that became known for public warnings about security flaws in the growing tech world.

In 1998, he and other members of the organisation were invited to testify to US Congress about security vulnerabilities. According to Zatko, it was the first time the US government publicly referenced the term ‘hackers’ in a positive context.

During this period, Zatko joined another hacking network called the Cult of the Dead Cow. According to The Washington Post, this group was the first to coin the term ‘hacktivism’, the combination of hacking and activism.

Zatko would give his expertise to the US government in a more official capacity in 2010, when he joined the Defense Advanced Research Projects Agency (DARPA) as a cyber program manager.

He worked with DARPA for three years, before entering the world of Big Tech as a deputy director for Google’s Advanced Technology and Projects group. Zatko then joined Stripe as its head of security and IT in 2017, before starting his time with Twitter in 2020.

From hacker to whistleblower

Zatko has said he tried to make Twitter’s board aware of the company’s negligence regarding security before he was fired. He is now being represented by Whistleblower Aid, the same group that represented Meta whistleblower Frances Haugen.

Zatko sent a disclosure on Twitter’s security issues last month to US Congress and US federal agencies. This was later seen by CNN and The Washington Post.

His allegations against Twitter are damning of the company’s security practices and its leadership. He also claims that at least one staff member may be working for a foreign intelligence service.

Zatko’s allegations could also impact the current legal battle between Twitter and Elon Musk, as the billionaire attempts to back out of a $44bn takeover deal.

Musk’s legal team have subpoenaed Zatko, and experts are saying that if the former security chief’s assertions are true, it could provide a “smoking gun” for Musk’s case.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic