Abuses at Twitter brought to light by famous hacker and former security boss

Hassle at Twitter? What now?

There is no time for breathing at Twitter for the time being. After the failed takeover by Elon Musk, the company is now again the focus of attention. The protagonist this time is Peiter Zatko. This Zatko was appointed in 2020 by then Twitter boss Jack Dorsey as the highest security boss to put things in order. It was not a success: in November last year Dorsey suddenly left the field and Zatko’s days turned out to be numbered. He was fired last January. Now he strikes back in a new role, that of whistleblower. He shared his findings with the Security and Exchange Commission, the US stock exchange regulator.

So what are those findings?

The documents, the details of which came out this week through various American media, paint a less rosy picture. Zatko’s main message is that his former employer is failing in just about every area in trying to be a safe platform. Not only the safety of users and shareholders is at risk, according to Zatko, but also democracy. Just about every criticism that descends on the platform from the outside world is endorsed by Zatko: Twitter is vulnerable to hacks, spreading disinformation and espionage. This is due to various problems, ranging from outdated software on which the servers run to human failure.

For example, according to him, Twitter does not properly remove terminated accounts and as many as half of the employees have extensive access to systems, without sufficient supervision. But Jack Dorsey also has to suffer. In his twilight years, the co-founder shined mainly through absence. It certainly didn’t help solve Twitter’s massive problems, Zatko said. After Dorsey was drained, Zatko found himself in a vacuum and was no longer heard, and the cover-up was the only place left for the problems he identified.

Who is Peiter Zatko anyway?

Zatko is not the first one. The 51-year-old American has been an ethical hacker for about thirty years. He has now exchanged his long wild hair for a short haircut and his beard is now gray, but his goal is still the same: to make the online world safer. In the early days of the world wide web, Zatko came to L0pht, a famous hacker collective. Those activities brought him a few years later, in 1998, to a US congressional hearing on security issues in the then-new web. He was sitting there, behind a long table, by the way under his hacker name: Mudge. It was the first time that the term “hacker” was put in a positive context by the government.

Later he joined the equally infamous activist hacker group Cult of the Dead Cow justly. In his thirties, he created an online password-cracking tool. The tool was so powerful that it is still used today. His solid reputation was precisely the reason for Dorsey’s hiring him in 2020. And for Zatko, this came at the right time, he says in an interview of The Washington Post. He took his chance at Twitter to “improve the health of public conversation.” That was just after a very painful incident for Twitter, in which the accounts of 130 prominent Twitter users were hacked.

And what next?

Twitter dismissed the revelations as outdated and exaggerated. Zatko was fired more than six months ago for poor performance and leadership, and now he appears opportunistically trying to harm Twitter, its customers and its shareholders. The Washington Post. Zatko finds more hearing in the Senate: he may give text and explanation during a hearing in September, it was announced on Wednesday.

Meanwhile, according to Reuters, Twitter is going well a major reorganization to the teams responsible for fighting ‘toxic content’ and spambots. Elon Musk will be happy to watch all this: the billionaire is still in a legal battle with Twitter over his canceled takeover. Musk cited precisely this spam bot problem as the reason for his withdrawal.