Former DARPA project manager and world reknowned hacker joins social media platform.
Twitter has hired a renowned hacker as its new security chief, after a devastating security breach earlier this year.
According to a number of media sources, the social media platform has hired Peiter Zatko, a famous hacker. Reuters stated Zatko will take over the position in 45 to 60 days, after a security review has been completed.
Zatko told Reuters “he will examine information security, site integrity, physical security, platform integrity — which starts to touch on abuse and manipulation of the platform — and engineering.”
The new Twitter security chief also confirmed his hiring on Twitter, with a post stating, “Looks like the cat is out of the bag. I’m very excited to be joining the executive team at Twitter! I truly believe in the mission of (equitably) serving the public conversation. I will do my best!”
In 2012, he was appointed as a project manager to the Defense Advanced Research Projects Agency (DARPA), the research and development agency of the United States Department of Defense responsible for the development of emerging technologies for use by the military.
In 2013 he left DARPA for a position at Google ATAP and in 2015 Zatko joined Twitter on a project called #CyberUL, a testing organisation for computer security inspired by Underwriters Laboratories, mandated by the White House.
In July this year, Twitter reported, attackers targeted certain Twitter employees through a social engineering scheme.
The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections.
In a statement Twitter wrote, “they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets. We are continuing our forensic review of all the accounts to confirm all actions that may have been taken. In addition, we believe they may have attempted to sell some of the usernames”.
At the time Morey Haber chief technology officer and chief information security officer at BeyondTrust told CIO Tech Asia, type of attack could happen to any organisation anywhere in the world.
“There is no security training or security solutions that are 100 per cent effective,” he said. “That is a hard fact to acknowledge.”
Haber said the primary issue of the situation that organisations should be mindful of is that tools existed in Twitter that had administrative access to accounts that were verified, secured, and reportedly protected from attacks and false posts.
“The truth is that tools internally bypassed all of these security controls and allowed it to happen,” he said. “All the threat actor needed to do was get inside and they accomplished this through social engineering and a phishing attack — the tools and their security are the issue.”
CIOs and CISOs should learn the importance of protecting “sensitive data” and “all the tools that interact” with that data from database tools to custom administration tools that could be abused like Twitter.