So if this isn’t the pot calling the kettle black, I don’t know what is. Mudge, hired by Jack Dorsey to fulfill a security role at Twitter has now come out as a whistleblower claiming that Twitter is not secure at all, prone to have foreign spies working in high level access programs, and the usual Twitter is in disarray and needs major help. Mudge was fired early in the year for numerous problems the company just couldn’t put up with anymore.
You know how it is, you’re hired to do a shitty job, and then once you start doing that shitty job and run into obstacles doing it, you end up being more confrontational with coworkers in order to get that job done, and eventually you get booted because you won’t play ball. This apparently happened to Mudge, whose had that nickname since the dawn of time, I think Phrack issue #3, but I digress.
Mudge isn’t the kind of drama queen that most deep level thinkers in security tend to be. He’s a pretty straight shooter, and if you hire this guy to check your stuff out and report, you can be damn sure he will do that and more. But in that security game it’s all about power, not real security. Power knows that their shit is full of holes, but all they want out of you is to play ball, go along to get along, and most security researchers like Mudge just can’t do that. You either cede power to them and get your shit fixed, or you end up where we are today, with Mudge leaking out all the dirty laundry in public. In a large way companies that hire these people are in a damned if you do damned if you don’t dilemma. And Mudge just proved that you’re damned either way.
The one thing I might add is that this comes at a fortuitous time for Elon Musk, who will certainly subpoena Mudge and all the documents he leaked to get out of the deal to buy Twitter. The bots, the spam, the fake accounts, the Russian spies, it’s all been a part of Twitter for a very long time. People already knew this stuff and have been complaining about it for years. The fact that Mudge comes out now and tells the truth behind it all doesn’t really surprise many who live and breathe Twitter.
Many have already been screaming to the rafters about how fake it all is. So to be told hey, yeah, you were right, its filled with bullshit spam, Russian bots, bots from every country with a reason to be there spreading propaganda, and or spreading bullshit, playing divide and conquer games, or spreading disinformation, misinformation, misdirection, and all manner of psychological operations, infiltrated spies, is not something that shocks anyone who hasn’t been knee deep into Twitter.
The question really should be: what will this change? What steps will be taken to make Twitter a better place? My guess is a lot of company corporate horse shit will be delivered about how they care about their users whatever, and they are deeply committed to whatever yada yada, and that as a company we take issue with being exposed without the ability to speak back about how wrong we think the leaker/whistleblower is, etc etc etc,. And it is with profound grief we will take a hard look at ourselves and commit to more transparency and bullshit bullshit bullshit change, and we will strive to reach the impossible dream, to fight the unbeatable foe, to bear with unbearable sorrow, to run where the brave dare not go, etc etc etc ad infinitum.
Story link below: due to the length of the story, it was felt that posting the link would be better for reader/user experience..