The cybersecurity community is coming to the defense of Peiter “Mudge” Zatko, the former Twitter executive turned whistleblower who has accused the platform of serious security issues.
In a whistleblower disclosure obtained by CNN and the Washington Post, Zatko told congress and numerous federal agencies last month that Twitter’s security woes not only posed a danger to its users but to national security and democracy as well.
Zatko, who worked as Twitter’s head of security before being fired in January, accused the company’s leadership of covering up security issues, giving too many employees access to sensitive user data, and failing to obtain the resources to determine the number of bots on the platform.
Even more explosive, Zatko has said that one or more current employees at Twitter may be working for a foreign intelligence service. Twitter responded to the allegations this week by suggesting that Zatko was merely retaliating against the company for firing him earlier this year. Yet while Twitter claims the firing was due to poor performance, Zatko says he was fired after trying to warn the company’s board about security issues.
The cybersecurity community responded almost unanimously to the allegations by siding with Zatko over Twitter, due largely to the whistleblower’s reputation. Zatko has been a legendary figure in the cybersecurity realm for decades, known best for his role in the hacker think tank L0pht during the 1990s as well as his membership in the hacking cooperative the Cult of the Dead Cow.
In 1998, Zatko and a group of fellow hackers famously appeared before a Senate committee to warn about major cybersecurity issues facing the country. Over the next two decades, Zatko would work for such high-profile employers as Google and DARPA.
Major figures in the cybersecurity industry are now defending Zatko on Twitter as the social media company attempts to deflect the allegations.
Jake Williams, a former NSA hacker, expressed sympathy for Twitter’s security employees but ultimately sided with Zatko.
“#HugOps to anyone on the Twitter security and compliance teams who has to deal with the fallout of this,” he tweeted. “I stand with Mudge in any case. His allegations are credible and everyone always knew ‘poor performance’ was code for ‘advocating to do things right.'”
Tarah M. Wheeler, a renowned author and CEO of the cybersecurity firm Red Queen Dynamics, argued that Zatko had a long history of putting the safety of internet users above all else.
“Mudge has repeatedly, faithfully, and publicly demonstrated that he will do the right thing to keep people safe,” she wrote.
Robert M. Lee, a former NSA employee and leading expert in critical infrastructure security, pushed back against Twitter for resorting to what he described as a “smear campaign” against Zatko.
“Hey @Twitter while y’all deal with the @dotMudge allegations resorting to a smear campaign against him is a really stupid idea,” Lee tweeted. “His character, skills, leadership, etc. are some of the most beloved and well documented in the community. Your response is telling. Focus on the facts.”
While some of Zatko’s allegations may sound sensational, Twitter’s history of major security lapses only adds more credibility to the claims. For example, Twitter was previously found to have hired a spy for Saudi Arabia who used his access to monitor dissidents.
Twitter’s security weaknesses were also laid bare in 2020 after the accounts of everyone from then-presidential candidate Joe Biden and former President Barack Obama to influencer Kim Kardashian and Tesla CEO Elon Musk were hacked.
Zatko says that although he was fired from Twitter, his whistleblowing is a continuation of his original promise to help secure the platform.