Known and respected in the cybersecurity community, the former security chief of Twitter Peiter Zatko is a boon for Elon Musk in the case which opposes him to the social network, even if the scope of the accusations of the launcher warning remain to be demonstrated.
Nicknamed “Mudge”, the 51-year-old computer scientist must answer questions from a Senate committee on Tuesday on his report submitted to the authorities this summer. He accuses Twitter of having concealed flaws in its security system and lied about its fight against fake accounts.
Blessed bread for Elon Musk: the boss of Tesla has been raising the question of the proportion of inauthentic accounts for months to justify the abandonment of his plan to buy Twitter for 44 billion dollars.
Mudge’s intervention opened a “Pandora’s box” for the San Francisco company, said Dan Ives, analyst at Wedbush Securities. “Until the Zatko development, Wall Street gave Twitter the winner” during the trial scheduled for October before a specialized court.
If the blue bird wins, the judge could inflict several billion dollars in damages on the richest man in the world, or even force him to honor his expensive commitment under the terms of the agreement reached in april.
– Jesus –
“If Mudge says Twitter has cybersecurity problems, Twitter has big problems,” said Aaron Turner, chief technology officer of Vectra, a California-based cybersecurity company, who says he has known the whistleblower since the 1980s.
Son of two scientists, Peiter Zatko grew up in Alabama and Pennsylvania, dividing his time between music and computing.
In 1996, he joined a group of hackers called L0pht, with whom he testified before Congress two years later. “It was the first time that the US government cited + hackers + in a positive context,” he said in May 2019 on Twitter.
His profile picture shows him at that time, evoking Jesus with his long hair and a halo of light.
He then held various positions at Google and Stripe (online payment services company), then at Darpa, the Pentagon’s research agency.
Jack Dorsey, the founder and former boss of Twitter, recruited him in July 2020 after a spectacular hacking of the accounts of celebrities and political figures (including Barack Obama, Elon Musk and Kim Kardashian).
In January 2021, Joe Biden’s transition team offered him the position of director of security at the White House. He refuses, believing that he still has work to do for the social network, according to his lawyers.
But he was fired in January 2022 due to “ineffective leadership and poor performance”, according to Twitter. “False”, according to his lawyers.
According to them, Mudge was sacked after a confrontation with management (including current boss Parag Agrawal), who allegedly refused to admit to the security concerns reported by the executive.
By issuing the alert, “he put his career on the line because of his concern for Twitter users, the public and shareholders,” they say.
– “Card castle” –
“Those in the industry familiar with Mudge know that, historically, his intentions have been honorable, apolitical and benevolent,” said Andrew Hay, chief operating officer of cybersecurity consultancy Lares Consulting.
In late June, Twitter agreed to pay more than $7 million in severance pay to Peiter Zatko.
According to the Wall Street Journal, he signed a confidentiality agreement which does not cover a possible intervention as a whistleblower.
A few days later, the engineer sends his report to the authorities where he directly discusses the questions asked by Elon Musk on automated accounts. He cites “misleading” statements by Parag Agrawal and claims that Twitter’s tools are “dated” and the teams “overwhelmed” and “ineffective”.
He also denounces “serious and shocking failures (of cybersecurity), willful ignorance and threats to national security and democracy”.
Harmful allegations, but not necessarily prohibitive, according to various analysts.
“It’s still not evidence that Twitter misrepresented the numbers,” said Jasmine Enberg of Insider Intelligence. “Rather, it demonstrates a potential lack of interest among Twitter executives in the fight against bots.”
Elon Musk’s lawyers will “try to prove that Twitter knowingly tried to sell him a house of cards,” said UC Berkeley law professor Adam Badawi. But “those (security) vulnerabilities would have to be really, really serious.”