When Twitter hired Peiter “Mudge” Zatko as its new security lead in November 2020, he was warmly embraced by then-CEO Jack Dorsey, who had personally recruited him.
As a member of the legendary L0pht hacker collective in the 1990s, Mudge helped invent the concepts of ethical (“white hat”) hacking and responsible disclosure of vulnerabilities. He had worked for the Defense Advanced Research Projects Agency (DARPA) and Google before joining Twitter.
After a devastating hack four months earlier allowed attackers to take over accounts belonging to former President Barack Obama and Tesla CEO Elon Musk, among others, the company needed someone with Mudge’s towering reputation to restore its credibility. But less than two years later, the now ex-security lead was testifying before Congress about Twitter’s “grossly negligent” approach to security, after company leaders allegedly ignored his many warnings.
As Mudge discovered, the path from security savior to whistleblower is slippery and steep. For a high-profile executive to go public about unaddressed security vulnerabilities is exceedingly rare. But that may soon change with federal cybersecurity reporting rules about to go into effect.
In March 2022, the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) was signed into law. Once final rules go into effect, the act will require cybersecurity professionals in critical infrastructure companies to promptly report incidents and...
Images of the Whitegate fuel protests earlier this month were altered to make it appear gardaí were violent towards protesters. The AI-doctored images were shared widely online, including by inter...