Heads are Rolling at Twitter

10065313865?profile=RESIZE_400xA Twitter spokesman has said it is firing Peiter Zatko, the network security expert it hired in November 2020 as head of security. Changes in the composition of Twitter's security team followed "an assessment of how the organization was being led," according to a company memo.  Zatko, known by the handle "Mudge," gained fame as a member of the Cult of the Dead Cow ethical hacking collective in the 1990s and later moved to top cybersecurity research positions at the Defense Advanced Research and Projects Agency, aka DARPA, and Google.

Twitter CEO Parag Agrawal, who took over from Jack Dorsey in November, also announced that industry veteran Rinki Sethi, the chief information security officer, will be departing in the coming weeks. The company did not specify if the departure is voluntary. Sethi confirmed her departure and said, "It is with a heavy heart that I announce my impending departure from Twitter. Thanks to all of you that have reached out to check in with me, I appreciate all the kind words, thoughts, and love being sent my way."

The social media platform in a memo shared with the employees said, "The changes followed an assessment of how the organization was being led and the impact on top-priority work."  Twitter's head of privacy engineering, Lea Kissner, will become the company's interim CISO, according to the report.

Reportedly, after assuming the CEO position, Agrawal reorganized the management staff and dismissed Dantley Davis, the chief design officer, and Michael Montano, the head of engineering.

In a previous filing with the Securities and Exchange Commission, Twitter reported that Agrawal is restructuring the leadership team to drive increased accountability, speed, and operational efficiency, and shifting to a general manager model for consumer, revenue and core technologies, which will be led by Kayvon Beykpour, Bruce Falck and Nick Caldwell, respectively. "These GMs will lead all core teams across engineering, product management, design, and research. Lindsey Iannucci also joined the leadership team as chief of staff and vice president of operations to support Agrawal in strengthening operations across the leadership team, and the company. As part of these changes, Dantley Davis, design and research lead, will also be stepping down from his position at the company effective Dec. 31, 2021, and will remain an advisor through the end of the first quarter of 2022 to ensure an orderly transition," per the disclosure.

Zatko and Sethi joined Twitter in late 2020. Sethi was previously a vice president of data safety at IBM, vice president and CISO at Rubrik, and had undertaken various leadership roles in companies such as Palo Alto Network, Intuit and eBay.  Zatko was one of the first computer security researchers to gain a following for his hacking abilities and his understanding of cybersecurity. In one of his first papers in 1995, he described how a buffer overflow works and the threat this flaw posed to networks at the time.

Later, Zatko joined the ethical hacking collective Cult of the Dead Cow and began speaking at events such as Def Con about a range of security issues. In 1998, he testified before a U.S. Senate hearing about internet vulnerabilities. Later, he briefed then-President Bill Clinton about the dangers of distributed denial-of-service and other nascent attacks, according to reports from the time.

In response to Mudge's alleged firing, Jake Williams, a former member of the National Security Agency's elite hacking team, tweeted, "I get that this is a meme (and a damn good one at that), but losing 'a strong security team' significantly downplays the years of damage Twitter has done to its security program."  Williams stated: "Zatko and Sethi are two of the most sought-after security leaders in the entire cybersecurity industry. That any organization was ever lucky enough to have them at the same time was itself significant. To hear that they are both leaving the organization in what almost certainly are related circumstances should be concerning for anyone who is concerned with the security of the platform.  Some Twitter users suggested that they might be leaving the company to join their former boss Jack Dorsey at his digital payments firm Block.

"It won't surprise me to learn that their departure is related to security concerns over Twitter's recent embrace of web3 technologies, as demonstrated by a recent release of the NFT integrations. I would assess that being charged with the security of the Twitter platform while engineering teams are integrating with web3 frameworks would lead to conflict with the remainder of the leadership team. Of course, there are likely many factors at play that we don't yet know about publicly."

NFT profile pictures on iOS are now rolling out in labs as an option for Twitter Blue users. To verify ownership, users have to connect their crypto wallets to the Twitter Blue account.

Matthew Green, associate professor at Johns Hopkins University, says: "I don't know what's going on at Twitter. When CISOs leave social media companies unexpectedly, it can mean all sorts of unpleasant things."

The appointment of Zatko followed several high-profile security incidents at Twitter that led to criticism of the company's security practices.  In July 2020, three suspects, including a Florida teenager, were charged in connection with hacking 130 high-profile Twitter accounts, including those of Bill Gates, Barak Obama and Joe Biden, to pull off a cryptocurrency scam.

The hackers reportedly gained control of several high-profile Twitter accounts by using phone phishing and SIM-swapping techniques and sent fake messages to steal about $120,000 in bitcoins from victims. It is also believed that the suspects gained access to some Twitter account user data, including information stored in the Direct Message feature.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com     

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/5504229295967742989

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!