After an infamous security breach that led to the takeover of some of the biggest accounts on its platform earlier this year, Twitter has hired well-known hacker Peiter Zatko as its head of security.
As reported by Reuters this week, Zatko was announced as the head of security at Twitter, a new role that will task the incoming programmer with providing changes in structure and practices at the social media firm.
Mudge’s impressive track record
Zatko, well-known online under his hacking pseudonym Mudge, has an impressive résumé in the field of open source programming, network security and hacking. ‘Mudge’ was in charge of a famous hacking think tank known as the L0pht and played a role in highlighting serious vulnerabilities to critical governmental infrastructure to the US Senate in 1998.
According to various online profiles, Mudge has played an important role in cyber security evolution, highlighting security flaws across a number of areras including code injection, race condition, side-channel attacks, exploitation of embedded systems as well as providing cryptanalysis of commercial systems.
In more recent years, Zatko served as a program manager for the US Department of Defence’s Defense Advanced Research Projects Agency (DARPA) from 2010 to 2013. He was then hired by Google as the company’s Deputy Director of its Advanced Technology & Projects division.
For his work in the cybersecurity space, Zatko was awarded the Secretary of Defense Exceptional Civilian Service Award medal and is also an inductee of the US Army’s Association of Cyber Military Professionals known as the Order of Thor.
Tightening up Twitter’s security
Zatko’s mandate is a fairly daunting one considering the recent security breach at Twitter in July 2020 which saw some of the world’s top industry leaders, politicians, celebrities and business accounts compromised and used to tout a fake Bitcoin giveaway.
The Daily Chain was one of the first publications to report on the incident, in which then unknown attackers took over several verified celebrity and business accounts, to promote a Bitcoin scam.
Authorities moved quickly to root out those responsible, and investigations revealed that the attack had been carried out by three teenagers. The main suspect was 17-year-old American Graham Ivan Clark who had possession of over 300 BTC worth over $3mln at the time. His two co-accused accomplices were identified as 19-year-old U.K. resident Mason Sheppard and 22-year-old Florida resident Nima Fazeli. The latter’s home was raided by the FBI a couple of weeks later.
Following the incident, Twitter confirmed that the attack was carried out by “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”
According to Reuters’ report, Zatko gave some insights into the work he’d be doing as he joins the social media giant, highlighting “information security, site integrity, physical security, platform integrity — which starts to touch on abuse and manipulation of the platform — and engineering.”