Twitter whistleblower Peiter 'Mudge' Zatko lands new gig at Rapid7
A long way from password crackers for Windows NT for former L0pht legend
Updated Former Twitter security chief and whistleblower Peiter "Mudge" Zatko has landed his first official role since he left the company, a part-time job as "executive in residence" with cybersecurity firm Rapid7.
Rapid7 describes itself as a company that "unites cloud risk management and threat detection." The biz offers pentesting along with other tools and services. It also owns the open source exploit project Metasploit.
In Zatko's new position, he'll be reportedly advising execs, customers and board members on the use of data for cybersecurity issues.
CEO Corey Thomas told The Washington Post, which broke the story, that Zatko's "candor" would be welcome at the company.
Zatko has a reputation for both bluntness and skill that only solidified after he was fired from Twitter. His departure was allegedly over fundamental disagreements with former boss Parag Agrawal about disclosing security issues to the company's board, although Twitter told The Register in August that Zatko was "fired from his senior executive role at Twitter in January 2022 for ineffective leadership and poor performance."
Mudge received a $7.75 million severance package for his services, which might explain why his new job is part-time.
Zatko filed a complaint with the US Securities and Exchange Commission, the Federal Trade Commission and the Justice Department that among other things Twitter failed to comply with a 2011 FTC Consent Order. It also painted Twitter IT operations as a circus, complete with non-compliant operating systems, outdated security and insufficient threat detection.
- Twitter savaged by former security boss Mudge in whistleblower complaint
- Analysis of leaked Conti files blows lid off ransomware gang
- Recycled Cobalt Strike key pairs show many crooks are using same cloned installation
- Musk seeks yet another excuse to get out of Twitter buyout: This time it's Mudge's severance check
Furthermore, thousands of workers were said to have access to live production systems and user data, and some had allegedly installed spyware on their computers on behalf of foreign intelligence.
In September, Zatko appeared before the Senate Judiciary Committee and stated that pre-Musk Twitter's "security failures threaten national security, compromise the privacy and security of users, and at times threaten the very continued existence of the company."
'90s hacker collective man turned infosec VIP: Internet security hasn't improved in 20 yearsREAD MORE
Prior to Twitter, Zatko was a well-known former member of the Cult of the Dead Cow hacking group, where he went by the alias Mudge, as well as legendary hacker collective L0pht, which appeared before Congress in 1998.
As we noted in our 2018 interview with L0pht luminary Chris Wysopal, the group released numerous security advisories and developed L0phtCrack, a password cracker for Windows NT. When Microsoft said a vulnerability was only theoretical, L0pht responded by creating an exploit and adopted the slogan "Making the theoretical practical since 1992."
Since then, he's worked for Google, Stripe and the Department of Defense.
But the new Rapid7 employee isn't the only person associated with the company that has beef with Twitter. Co-founder Chad Loder has reportedly had his account banned. Loder is an activist and antifascist infoseccer who investigated the January 6 insurrection attempt and believes he was purged due to a raft of changes during Musk's attempt to overhaul the site.
The Reg asked Mudge and Rapid7 to comment for this story and will report back if there is substantial reply. ®
Updated at 15.11 UTC on January 5 to add:
Rapid7 CEO and Chairman Corey Thomas sent us a statement:
"Peiter and I have a longstanding relationship and have spoken at length about the importance of data and research when it comes to measuring cybersecurity program effectiveness.
"In order to move our industry forward, we must educate organizations on how and what to measure to ensure we are making the right investment. Peiter's extensive experience in this field and his work around measuring cyber security practices will be invaluable for both Rapid7 and our customers."