Known and respected in the cybersecurity community, the former security chief of Twitter Peiter Zatko is a godsend for Elon Musk in the case that opposes him to the social network, even if the scope of the whistleblower's accusations remain to be demonstrated.
Nicknamed “Mudge,” the 51-year-old computer scientist answered questions from a Senate committee on Tuesday about his bombshell report, where he blamed Twitter for covering up flaws in his system security and lied about its fight against fake accounts.
“Twitter's management is deceiving elected officials, regulators and even its own board of directors”, he launched from the outset.
Blessed bread for Elon Musk: the boss of Tesla has been raising the question of the proportion of inauthentic accounts for months to justify the abandonment of his plan to buy Twitter for 44 billion dollars.
The Mudge's intervention opened a “Pandora's box” for the San Francisco company, said Dan Ives, analyst at Wedbush Securities. “Until the Zatko development, Wall Street gave Twitter the winner” in the trial scheduled for October in a specialized court.
If the Blue Bird wins, the judge could impose several billion dollars in damages on the richest man in the world, or even force him to honor his expensive commitment.
The son of two scientists, Peiter Zatko grew up in Alabama and Pennsylvania, dividing his time between music and computing.
In 1996, he joined a group of hackers called L0pht, with whom he testified before Congress two years later. “It was the first time that the US government cited + hackers + in a positive context,” he said in May 2019 on Twitter.
His profile picture shows it at that time, evoking Jesus with his long hair and a halo of light.
He then held various positions at Google and Stripe (online payment services company), then at Darpa, the research agency of the Pentagon.
Jack Dorsey, the founder of Twitter, recruited him in July 2020 after a spectacular hacking of the accounts of celebrities and political figures (including Barack Obama, Elon Musk and Kim Kardashian).
In January 2021, the Joe Biden's transition team offers him the position of director of security at the White House. He refuses, believing that he still has work to do for the social network, according to his lawyers. But he was fired last January due to “ineffective leadership and poor performance,” according to Twitter.
“False,” say his lawyers: According to them, Mudge was sacked after a confrontation with management (including current boss Parag Agrawal), who allegedly refused to admit to the security concerns reported by the executive. p>
Peiter Zatko assured senators on Tuesday not to act out of “wickedness”.
“Given the real damage to users and national security, I decided it was necessary to take the personal and professional risk, for me and my family, of raising the alarm,” he added, visibly moved.
“House of Cards”
“If Mudge says Twitter has cybersecurity problems, Twitter has big problems,” said Aaron Turner, chief technology officer of Vectra, a California-based technology company. cybersecurity, who says he has known the computer scientist since the 1980s.
At the end of June, Twitter agreed to pay more than $7 million in severance pay to Peiter Zatko.
A few days later, the engineer sends his report to the authorities, where he directly mentions the questions asked by Elon Musk on the automated accounts. He mentions “misleading” statements by Parag Agrawal, “obsolete” tools and “overwhelmed” and “inefficient” teams.
He also denounces “serious and shocking failures (of cybersecurity), 'willful ignorance and threats to national security and democracy'.
Allegations that are damaging, but not necessarily fatal, according to various analysts.
“It is not always no evidence that Twitter has distorted the figures, ”notes Jasmine Enberg, of Insider Intelligence. “Rather, it demonstrates a potential lack of interest from Twitter executives in the fight against bots.”
Elon Musk's lawyers will “try to prove that Twitter tried to sell him a castle of cards with full knowledge of the facts, ”comments Adam Badawi, professor of law at the University of Berkeley. But “those (security) vulnerabilities would have to be really, really serious.”