On August 23rd, a Slack chat for former employees of the payments company Stripe began filling with accounts of strange queries about an ex-colleague. “I’m getting inundated with paid interview requests,” one of the former employees, Dan Foster, wrote. Another, Marty Wasserman, later posted that he’d received a similar message via e-mail. “Hi Marty, Hope you’re having a great week!” the message read. “I’m currently working on a project regarding leadership in tech, and my client is hoping to speak to an experienced professional about a particular individual you may have worked with.” The message requested a “45-60 minute compensated phone consultation.” Wasserman was suspicious of the timing. “Preeeettyy sure this is regarding Mudge,” he wrote, pasting it in the Slack chat with his former colleagues. “Hard pass.”
Hours earlier, CNN and the Washington Post had reported that Twitter’s former head of security, Peiter (Mudge) Zatko, had filed a whistle-blower disclosure to federal agencies, accusing the social-media platform of reckless security practices. Zatko’s sweeping claims, if proven, could aid Elon Musk in his attempt to terminate his forty-four-billion-dollar agreement to acquire Twitter, a legal fight with implications of billions of dollars for investors. The dozens of e-mails and LinkedIn messages received by people in Zatko’s professional orbit appeared to be mostly from research-and-advisory companies, part of a burgeoning industry whose clients include investment firms and individuals jockeying for financial advantage through information. At least six research outfits—Gerson Lehrman Group (G.L.G.), AlphaSights, Mosaic Research Management, Ridgetop Research, Coleman Research Group, and Guidepoint—approached former colleagues of Zatko’s at Stripe, Google, and the Pentagon research agency DARPA. All offered to pay for information, sometimes noting that the compensation would be high or apparently unrestricted. At least two investment firms, Farallon Capital Management L.L.C. and Pentwater Capital Management L.P., also sought information from individuals close to Zatko.
An associate at AlphaSights reached out to Wasserman via e-mail. She did not identify her firm’s client, but she wrote that they wanted to understand Zatko’s “personality, leadership style, validity and history.” She added, “We compensate well because we know this is a difficult and confusing ask at first.” Another Stripe veteran, Jaclyn Schoof, wrote to the Slack group that she had received the same offer from AlphaSights. “They said they didn’t care how much it would cost them… seems really weird,” she said. A fourth member of the group, Niels Provos, who had worked with Zatko at Google and was later persuaded by him to fill his role at Stripe, received offers of payment from AlphaSights, as well as from two other firms, Farallon and Mosaic. “They were happy to pay $1000/hr when I was fishing for more information,” he wrote, of Farallon’s consultant. (A spokesperson for Farallon said that payment was discussed only after Provos broached the subject.)
The consultant told Provos that its analysts were assessing Zatko’s “personality professionally and socially,” his “strengths and weaknesses,” “motives for his whistle-blower complaint and any similar past complaints,” his “need for attention,” and whether he was a “zealot or ideologue,” “conspiratorial,” or “vengeful.” She also said they were interested in Zatko’s “view of Elon Musk and Musk’s bid for Twitter.” G.L.G. included links to detailed sets of questions discussing Zatko and Twitter’s C.E.O., Parag Agrawal. “In regards to Peiter Zatko, can you discuss thoughts on recent news with Peiter, what he did, why he was fired from TWTR?” read one of G.L.G.’s questions.
The firms cast a wide net. Some of the recipients, such as Wasserman, knew Zatko well, but others, including Foster, had never met him. More than a dozen of the people who received the messages told me that they found them unusual, compared with other research inquiries, because of their aggressiveness, persistence, or focus on an individual, as opposed to a product or a technology. One of the messages from G.L.G. suggested that the information was intended for an investment firm, Davidson Kempner Capital Management L.P. (A source close to G.L.G. told me that it represents multiple clients with an interest in Zatko but has no connection to Twitter and added that compensation for experts is standard.) Farallon, an investment firm rather than an expert network, identified itself in its inquiries. The other companies declined to identify their clients, though at least one told recipients that they were working on behalf of an unnamed hedge fund.
As the inquiries proliferated, the group of ex-Stripe employees began to believe, Wasserman told me, “that multiple different sources, multiple different people, multiple different companies, were all basically trying to dig up dirt on Mudge, all seemingly at the same time.” The firms, Provos surmised, were “trying to get information that could further discredit Mudge,” an effort that “seemed incredibly shady.” Jonathan Kaltwasser, Stripe’s former chief information security officer and a member of the Slack group, quickly alerted Zatko.
“My family and I are disturbed by what appears to be a campaign to approach our friends and former colleagues under apparently false pretenses with offers of money in exchange for information about us,” Zatko told me. “These tactics should be beneath whoever is behind them.” On Tuesday, Zatko is expected to testify before Congress and may reveal new details about what he has said are glaring data-security lapses by Twitter. He is also expected to play a key role in a trial set to begin next month in a Delaware courtroom, during which Musk will seek to be released from his agreement to acquire Twitter. Musk’s attorneys have subpoenaed Zatko, and a judge ruled last week that Musk could amend his countersuit to include Zatko’s allegations. A Twitter spokesperson, Rebecca Hahn, told me, “We look forward to presenting our case in Court beginning on October 17th and intend to close the transaction on the price and terms agreed upon with Mr. Musk.”
Sources close to three of the firms—Farallon, Mosaic, and G.L.G.—suggested that they were simply trying to obtain information about Zatko to guide stock trades involving Twitter and maximize profits. A person familiar with G.L.G.’s business said the outreach was “an attempt to assess the credibility of the allegations” and meant “to better inform investment decisions.” A spokesperson for AlphaSights said that, “as a matter of policy and contractual obligations, we do not disclose the identity of our clients.” Hahn, the Twitter spokesperson, told me, “We have no role in nor did we commission expert networks research regarding Mr. Zatko.” Two members of Musk’s team, who asked not to be named, owing to the sensitivity of the ongoing litigation, said that they also had no connection to the inquiries. “There’s a lot of hedge funds currently betting that the deal flows. And so they’re doing everything they possibly can to undermine that not happening,” one of them told me. “It’s obviously wrong. You can’t discredit a witness, as opposed to listening to what he has to say and taking seriously these security threats. . . . That should be the priority, not making a buck.”
Almost all of the inquiries that The New Yorker was able to document came from “expert networks,” enterprises that recruit specialists from various fields, like Zatko’s former colleagues, to share their knowledge with Wall Street investment firms and other companies. The firms deployed to uncover information about Zatko span the globe. According to its Web site, AlphaSights employs more than a thousand people, in nine cities around the world. Ridgetop, Mosaic, and Guidepoint are all New York-based firms of varying sizes. Coleman Research, a subsidiary of a Japanese company, maintains a network of four hundred and sixty thousand experts, while G.L.G.’s Web site claims a network of a million experts. The investment firm Farallon was founded in 1986 by the businessman and liberal activist Tom Steyer, who sought the Democratic nomination for President in 2020, and now maintains offices worldwide. Pentwater, another investment firm, which contacted one of Zatko’s attorneys seeking information, is one of Twitter’s ten largest shareholders.
The value of the sprawling expert-network industry surpassed $1.9 billion in 2021. The legality of the investigations conducted by such firms depends on the specific tactics used. They must strike a delicate balance, providing useful information to clients without running afoul of laws related to fraud, harassment, privacy, and insider trading. (In 2012, a G.L.G. expert was implicated in an elaborate insider-trading scheme uncovered by the S.E.C. He settled out of court. The firm was not accused of wrongdoing.) In 2016, a judge ruled that Uber’s hiring of a research firm called Ergo to interview, under false pretenses, people connected to the plaintiff in a lawsuit constituted “a reasonable basis to suspect the perpetration of fraud.” (The case later resulted in a settlement.) Michael Volkov, of the Volkov Law Group and an expert in ethics and compliance issues, told me that the inquiries received by Zatko’s associates were “definitely not something that is normal.” He added, “Seeking such information from former employees, without full disclosure of the interested party and without complete understanding of what confidentiality restrictions may be applicable to that party is beyond risky. . . . potentially illegal and could result easily in civil litigation.”
The apparent urgency and aggressiveness of the inquiries around Zatko underscore the enormous financial stakes bound up in Twitter’s dispute with Musk. If the judge rules that Musk must complete the acquisition, it will greatly enhance Twitter’s stock value; if he is permitted to walk away, the stock may crater. A spokesperson for Farallon told me that the moment reports of the whistle-blower claim broke, Zatko’s reputation became tied to billions of dollars of market value. “The value of Twitter stock depends on the outcome of the litigation and what happens with the buyout. The announcement that there even was a whistle-blower case impacted the stock price right off the bat,” the spokesperson said. “Investors have been trying to get their bearings, assessing the whistle-blower’s credibility, and to decide whether to buy or sell.”
One of Zatko’s attorneys, John Tye, of Whistleblower Aid, said that the inquiries highlight the many barriers whistle-blowers face in coming forward. “There’s a lot of people with a lot of interest in attacking his credibility,” he told me. “Campaigns to source disparaging information under apparently false pretenses is something we’ve seen when the facts of the disclosure are beyond dispute.”
Twitter hired Zatko, a prominent hacker and a respected network-security expert, in 2020, several months after the platform sustained a grievous breach, during which teen-agers hacked the accounts of Barack Obama, Joe Biden, and Kanye West, and used them to solicit Bitcoin payments. This January, Zatko was fired by Agrawal, Twitter’s C.E.O. Hahn, the Twitter spokesperson, said that Zatko was fired because of “poor performance and ineffective leadership.” Zatko disputes that. His legal team wrote in a statement that Zatko was removed after he “repeatedly raised concerns about Twitter’s grossly inadequate information security systems.”
Twitter later agreed to pay Zatko a seven-million-dollar settlement for lost compensation, the Wall Street Journal reported last week. A source with knowledge of the settlement, who asked not to be named, told me that the company hoped that nondisclosure provisions in the agreement would prevent Zatko from airing criticism of the company but left open the possibility that he could do so as a whistle-blower to federal agencies. In July, Zatko filed his disclosure to the S.E.C., the Federal Trade Commission, and the Department of Justice—an eighty-four-page document arguing that Twitter was replete with “egregious” security vulnerabilities and susceptible to foreign influence, which could pose a threat to national security. He also said that the company was led by executives willing to cover up the platform’s security issues, including by discouraging Zatko from informing its board of directors about them. (Hahn, the Twitter spokesperson, told me that Zatko’s portrayal of the company was “riddled with inconsistencies and inaccuracies, and lacks important context.”)
None of the members of the Stripe chat who spoke with me said that they accepted payment or agreed to speak to the firms about Zatko, and all said they wished to defend his credibility. For Zatko, the inquiries have been another source of anxiety in a dizzying period that has thrust him into an intense spotlight. He has been simultaneously preparing for his upcoming Congressional testimony—to which he has devoted long hours of preparation in recent days—and for a deposition in the Musk trial. “When I decided to become a lawful whistle-blower, I knew my claims would be aggressively scrutinized, and I welcome that,” he told me. “What I didn’t expect and find so disappointing are the anonymously sourced ad-hominem attacks—and especially the harassment of our friends, to find new ways to disparage and undermine us.” ♦
