Twitter’s whistleblower has pitched up at a very inconvenient moment

theguardian.com:

“Ex-Twitter exec blows the whistle, alleging reckless and negligent cybersecurity policies,” said the CNN headline. My initial reaction? Yawn… so what’s new: a social media company playing fast and loose with its users’ data? And who’s this whistleblower, anyway? A guy called Peiter Zatko. Never heard of him. Probably another tech bro who’s discovered his conscience…

But what’s this? He has a nickname – “Mudge”. (Cue audio of pennies dropping.) The mainstream media calls him a “hacker”, which is their usual way of undermining a gifted software expert. Which this Mudge certainly is. In fact, in that line of business, he has blue-chip status. He was the highest-profile member of a famous hacker thinktank, the L0pht (pronounced “loft”) and a member of the well-known cooperative Cult of the Dead Cow. In that sense, he was a pioneer of “hacktivism” who has spent much of his life trying to educate the world on cybersecurity and has a long list of discovered vulnerabilities to his credit.

During the Clinton administration, he was apparently sometimes involved in national security council briefings of the president. In 2010, he was recruited by Darpa, the Pentagon’s tech thinktank, where he oversaw cybersecurity research funded by the agency. After that, he worked at Google in its advanced technology and projects division and then for Stripe, a leading payment processing company. In 2020, he was hired by Twitter’s founder, Jack Dorsey, as the company’s head of security. It is said that the incoming Biden administration tried to hire Zatko as the country’s cybersecurity chief, but he decided to go to Twitter.

In July, he filed a complaint with the US Securities and Exchange Commission accusing Twitter of violating its 2011 agreement