Twitter brings in notorious hacker who worked at Google and DARPA months after celebrity megahack

Twitter has hired famous hacker (and government contractor) Peiter Zatko, better known as ‘Mudge’, to beef up its security months after bitcoin scammers hijacked dozens of celebrity accounts with employee help.

Zatko joined the social media behemoth as head of security on Monday and is expected to take over “key security functions” after a 45- to 60-day trial period, according to Reuters, which interviewed him about his new role. He will report directly to CEO Jack Dorsey and will reportedly be given a free hand to change security practices at the company.

Twitter suffered its largest-ever hack in July, when 130 high-profile accounts belonging to tech billionaires, politicians, and major corporations were commandeered by a group of scammers asking for bitcoin donations. Some 36 of those accounts had their DMs infiltrated, and the hackers managed to con $118,000 out of gullible celebrity followers before Twitter shut down the scam. Despite that little issue, however, the company didn’t hire Zatko just to work on information security and engineering.

Zatko’s remit will also include “platform integrity – which starts to touch on abuse and manipulation of the platform,” the star hacker told Reuters, adding that he was “committed to improving public conversations on Twitter.” He praised the recent redesign of the retweet function, which prompts users to add a comment instead of simply reposting, and suggested the platform take things one step further by “forc[ing] people to understand a long conversation before participating in it.”

Along with Facebook and YouTube, Twitter has worked itself into a lather over the past few months over “platform integrity,” terrified of being blamed for another “incorrect” election outcome by the US intelligence agencies that increasingly rely on these platforms for information about their targets. Representatives from those agencies met repeatedly with the security heads of the major social media platforms in the run-up to the vote earlier this month. 

The cozy relationship between Big Tech and Big Brother was apparent in the decision to hire Zatko, who before heading security at payments processor Stripe and working in the Advanced Technology and Projects Group at Google was in charge of grant distribution for cybersecurity at the Pentagon’s Defense Advanced Research Projects Agency (DARPA). There, he received the Exceptional Public Service Award from the secretary of defense, the highest-level award given to non-career civilians, and secured a grant to strike out on his own to build a rating body for cybersecurity, a dream which – while yet unrealized – would give him an unprecedented stranglehold over who “makes it” in the industry.

Twitter initially blamed July’s hack on several employees falling victim to a “spear-phishing” attack, implying they were tricked into giving up their passwords and allowing the hackers to use their employee tools to take over the celebrity accounts. However, the platform ultimately admitted the affected employees had been subject to what it called a “coordinated social engineering attack” targeting those with “access to internal systems and tools” after hacker sources revealed the employees in question had actually been paid to do “all the work” for the infiltrators.

Worse – for Twitter, at least – the hackers released screenshots that thoroughly discredited Twitter’s longstanding claim that it does not blacklist users or manipulate trending topics. Despite the platform’s efforts to put the cat back in the bag – which extended to suspending even users who reposted the screenshots – the revelation spread rapidly. In the wake of the catastrophe, Twitter pledged to take “significant steps to limit access to internal systems and tools” and promised to look into what “other malicious activity” the hackers might have gotten up to while they had free rein of Twitter’s employee tools. 

Think your friends would be interested? Share this story!