Known and respected in the cybersecurity community, the former security chief of Twitter Peiter Zatko is a boon for Elon Musk in the case which opposes him to the social network, even if the scope of the accusations of the launcher warning remain to be demonstrated.
• Read also: Musk cites ex-Twitter security chief as justification for scrapping takeover
Nicknamed “Mudge”, the 51-year-old computer scientist answered questions from a Senate committee on Tuesday about his explosive report, where he accuses Twitter of having concealed flaws in its security system and lied about its fight against fake accounts.
“Twitter’s management is deceiving elected officials, regulators and even its own board of directors,” he said straight away.
Blessed bread for Elon Musk: the boss of Tesla has been raising the question of the proportion of inauthentic accounts for months to justify the abandonment of his plan to buy Twitter for 44 billion dollars.
The intervention of “Mudge” opened a “Pandora’s box” for the San Francisco company, said Dan Ives, analyst at Wedbush Securities. “Until the Zatko development, Wall Street gave Twitter the winner” during the trial scheduled for October before a specialized court.
If the Blue Bird wins, the judge could impose several billion dollars in damages on the richest man in the world, or even force him to honor his expensive commitment.
Son of two scientists, Peiter Zatko grew up in Alabama and Pennsylvania, dividing his time between music and computing.
In 1996, he joined a group of hackers called L0pht, with whom he testified before Congress two years later. “It was the first time that the US government cited + hackers + in a positive context,” he said in May 2019 on Twitter.
His profile picture shows him at that time, evoking Jesus with his long hair and a halo of light.
He then held various positions at Google and Stripe (online payment services company), then at Darpa, the Pentagon’s research agency.
Jack Dorsey, the founder of Twitter, recruited him in July 2020 after a spectacular hacking of the accounts of celebrities and political figures (including Barack Obama, Elon Musk and Kim Kardashian).
In January 2021, Joe Biden’s transition team offered him the position of director of security at the White House. He refuses, believing that he still has work to do for the social network, according to his lawyers. But he was fired last January due to “ineffective leadership and poor performance,” according to Twitter.
“False”, say his lawyers: according to them, Mudge was sacked after a confrontation with management (including current boss Parag Agrawal), who allegedly refused to admit to the security problems reported by the executive.
Peiter Zatko assured senators on Tuesday not to act out of “wickedness”.
“Given the real damage to users and national security, I decided it was necessary to take the personal and professional risk, for me and my family, to raise the alarm,” he added. , visibly moved.
“If Mudge says Twitter has cybersecurity issues, Twitter has big issues,” said Aaron Turner, chief technology officer of Vectra, a California-based cybersecurity company, who says he has known the computer scientist since the 1980s.
In late June, Twitter agreed to pay more than $7 million in severance pay to Peiter Zatko.
A few days later, the engineer sends his report to the authorities, where he directly mentions the questions asked by Elon Musk on the automated accounts. He mentions “misleading” statements by Parag Agrawal, “outdated” tools and “overwhelmed” and “inefficient” teams.
He also denounces “serious and shocking failures (of cybersecurity), willful ignorance and threats to national security and democracy”.
Harmful allegations, but not necessarily prohibitive, according to various analysts.
“This is still not proof that Twitter has distorted the figures”, notes Jasmine Enberg, of Insider Intelligence. “Rather, it demonstrates a potential lack of interest among Twitter executives in the fight against bots.”
Elon Musk’s lawyers will “try to prove that Twitter knowingly tried to sell him a house of cards,” said UC Berkeley law professor Adam Badawi. But “those (security) vulnerabilities would have to be really, really serious.”