Legendary hacker and L0pht member Peiter Zatko joins Twitter as security chief

Mudge work to be done after high-profile Bitcoin scam earlier this year


Twitter has hired legendary hacker Peiter "Mudge" Zatko as head of security.

Under the newly created role, Mudge will take responsibility for everything from incident response to ensuring the "integrity" of the platform. Speaking to CNBC, he described his remit as including "information security, site integrity, physical security, platform integrity – which starts to touch on abuse and manipulation of the platform – and engineering."

Mudge will report directly to CEO Jack Dorsey, who also heads payments biz Square, and will take over the helm after a 45-to-60-day review.

The hire comes mere months after a major security incident in which unauthorised third parties accessed the Twitter accounts of 130 celebrities including Elon Musk, Bill Gates, former US president Barack Obama, and current President-elect Joe Biden.

The hackers used the accounts to promote a Bitcoin scam that asked members of the public to send cryptocurrency to a specific wallet in order to receive double the amount back. The coordinated nature of the attack forced the microblogging site to temporarily suspend "verified" accounts belonging to public figures.

Twitter has since confirmed that the culprits were able to access the site's internal account management tools following a successful social-engineering attack.

Mr L0pht goes to Washington [source: Chris Wysopal]

L0pht in the White House press room, 1998, Mudge right of centre (Photo © via Chris Wysopal)

Mudge is known for his affiliations with hacker collectives L0pht, which appeared before Congress in 1998 on the subject of "Weak Computer Security in Government", and The Cult of the Dead Cow, which previously included one-time US presidential candidate Beto O'Rourke as a member.

One of his earliest accomplishments was the creation of L0phtcrack, an iconic tool for cracking Windows passwords that exposed inadequacies in early Windows security. This was subsequently acquired by Symantec before returning to its original ownership in 2009. It has since switched hands again, this time to password security startup Terahash.

In later life, Mudge transitioned from the anarchic hacker scene of the early 1990s to the more formal world of industry and government, with stints at BBN Technologies, Google (via its Motorola Mobility subsidiary), and DARPA, where he was responsible for the creation of at least three Department of Defense cybersecurity programmes. ®


Biting the hand that feeds IT © 1998–2020