Peiter Zatko
Peiter C. "Mudge" Zatko (born December 1, 1970 in Tuscaloosa) is a network security expert, open source software programmer, writer, hacker and whistleblower.
Zatko grew up in Tuscaloosa as the son of a chemistry professor at the University of Alabama. He became interested in computers as a child, tinkering with Apple IIs. He also excelled as a guitarist and graduated at the top of his class from the Berklee College of Music in Boston, Massachusetts.
While in Boston, Zatko became involved in the L0pht Heavy Industries hacker collective. He published an early paper on exploiting buffer overflow vulnerabilities in 1995 and also issued research and security advisories for Unix operating systems. He was a co-author of the L0phtCrack, AntiSniff and L0pht-watch security tools. In the late 1990s he worked for the federal contractor BBN Technologies.
As a prominent voice for "white hat" hackers and for "full disclosure" of discovered vulnerabilities, Zatko was a frequent speaker and panelist at hacker conferences organized by government, industry and academic sponsors. In May 1998 he and six other L0pht members testified about internet vulnerabilities before the U.S. Senate Committee on Governmental Affairs. Zatko served as vice president of research and development and later chief scientist of @stake, which acquired L0pht in 1999. In 2000, following a first wave of damaging distributed denial-of-service attacks, he participated in a security summit convened by President Bill Clinton.
In 2004 Zatko rejoined BBN as a division scientist. In 2007 he married mathematician Sarah Lieberman, who came to BBN from the National Security Agency. In 2010 he joined the Defense Advanced Research Projects Agency (DARPA) as a project manager for cyber security research. He created the Cyber Analytical Framework used to evaluate DoD investments in offensive and defensive cyber security and ran the Military Networking Protocol (MNP), Cyber-Insider Threat (CINDER), and Cyber Fast Track (CFT) programs. In 2013 he was awarded for "Exceptional Public Service" by the office of the Secretary of Defense.
Zatko left DARPA for a position at Google's Advanced Technology & Projects division in 2013. In 2015 he joined #CyberUL, an organization launched to fill the need for White House-mandated security testing.
In November 2020, several months following a high-profile hack that compromised multiple high-profile profile accounts Zatko was hired by Twitter CEO Jack Dorsey to lead the company's information security approach as a senior executive. Dorsey's successor, Parag Agrawal, dismissed him from the company in January 2022. In July of that year, Zatko compiled a 200-page whistleblower report detailing claims that Twitter routinely mishandled data, compromised account security, failed to exert control over spam bot activity, and misled investors, potential investors (including Elon Musk who had offered to buy the company), and regulators. In many cases he alleged that Twitter violated U.S. law and consent decrees from federal courts. He also claimed that Twitter executives prevented him from reporting such issues to the company's board of directors. Zatko sent copies of his report to the U.S. Securities & Exchange Commission, the Federal Trade Commission, the Department of Justice, and to various Congressional committees, including the Senate Intelligence and Judicial Committees.
References
- Lyngaas, Sean (August 24, 2022) "Meet the former Twitter exec blowing the whistle on the company." CNN.com
- O'Sullivan, Donie; Claire Duffy & Brian Fung (August 23, 2022) "Ex-Twitter exec blows the whistle, alleging reckless and negligent cybersecurity policies" CNN.com
- "Peiter Zatko" (August 30, 2022) Wikipedia - accessed August 30, 2022