Twitter Appoints Hacker ‘Mudge’ as Head of Security

• A former “underground state” hacker has joined Twitter to help the platform fix its security.
• Twitter has been dealing with security problems since forever, but they were totally razzed this summer.
• There’s still nothing on introducing end-to-end encryption on the Twitter DMs so that one will have to wait.

Peiter C. Zatko, otherwise known as “Mudge,” has been announced by Twitter as the new Head of Security for the social media platform. CEO Jack Dorsey hopes that the networking security expert will help them make Twitter a lot more resilient to cyber-attacks in the future and to avoid getting ridiculed by a group of teenagers who made hacking into the platform’s administrator tools and accessing various high-profile accounts look like a walk in the park.

“Mudge” was previously involved in the “L0pht” hacker think tank, as well as the “Cult of the Dead Cow” (cDc) American hacking cooperative. The latter is a group that focuses on “hacktivism,” which is to launch cyber-attacks for sending a message or exposing information publicly, so it's not about making a profit.

The cDc has been involved with hacktivism campaigns against Chinese censorship in 1998, the Iraqi government in 1999, the Slobodan Milošević trial in 2001, and against Google for accepting to comply with China’s restrictive internet policies in 2006. cDc has also released numerous Windows hacking tools to apply pressure on Microsoft to improve its products’ security.

P. Zatko has since worked in special projects at Google, helping the tech giant implement secure systems at the Pentagon’s famed Defense Advanced Research and Projects Agency (DARPA). Recently, he oversaw security practices in Stripe, the electronic payments processor.

The process of “plugging” Twitter's security holes now that Zatko is aboard will begin with a comprehensive security review that’s going to last between 45 days and two months. After all the problems have been identified, Zatko will develop a plan for the teams to fix or mitigate them. Hopefully, this won’t take long as Twitter users have been exposed to risky security practices for years.

Unfortunately for those who have been waiting for Twitter to introduce end-to-end encryption on the “Direct Messages,” there’s still nothing on that front. When hackers accessed the valuable accounts back in July, they could see what communication was exchanged between the victims and their contacts.

Stopping hackers from being able to do that is, of course, welcome, but you can never be too cautious with security and privacy. Adding E2EE on Twitter DMs should be at the top of the list of priorities, but it still isn’t.