Is it safe to use Twitter? Security fears rise after Elon Musk drives off staff
Category: News & Politics
Via: perrie-halpern • 2 years ago • 82 commentsBy: Kevin Collier and David Ingram
Elon Musk's two-week management of Twitter has made the platform more vulnerable to fraud and privacy violations by driving away key members of its longtime security staff, former Twitter employees and cybersecurity experts said Friday.
The fear that Twitter had become a more dangerous place for scams and the theft of personal information added to a growing sense of chaos around the service, which the tech billionaire bought last month for $44 billion.
Twitter's chief information security officer Lea Kissner and its chief privacy officer Damien Kieran announced their resignations, and they were joined out the door by others who worked on cybersecurity and related teams. Musk a week ago laid off about half of Twitter's workforce, citing financial constraints.
"They're just wounded right now," said Austin Berglas, a former FBI cybersecurity official in New York who's now a consultant at security firm BlueVoyant.
"They've lost a lot of important players on the field, so I think people are going to try to exploit them while they're down," he said.
Berglas said the threats were likely to come from scammers and organized crime, as well as from hostile governments looking to exploit a fluid situation.
San Francisco-based Twitter did not immediately respond to a request for comment on the security situation at the company.
Mountains of information
Twitter stores mountains of personal information, including not just email addresses and passwords but data that's inside its direct-message inboxes — a feature that does not have the end-to-end encryption that helps protect other popular messaging services.
The service for years has relied on its blue-checkmark verification system to increase confidence in the reliability of information on the platform, but impersonations and hoaxes proliferated this week after Musk attempted an overhaul of the system.
At the same time, Twitter is facing increased scrutiny from lawmakers and the Federal Trade Commission, which has a longstanding agreement with Twitter to ensure privacy protections.
Ian Brown, a former senior engineering manager at Twitter, said in an online public discussion Friday that the lack of a fully staffed security team could lead to the site not functioning properly or users losing control of their accounts.
"There are security vulnerabilities happening all the time," Brown said in a Twitter Spaces event.
He echoed a pessimistic view among some Twitter users this week: The service might go down entirely under Musk's ownership. But he said the scams were a more immediate problem.
"Maybe Twitter doesn't go down before every account has been pwned by a crypto scam," he said, using a euphemism for being hacked. Brown didn't respond to a request for comment.
Proofpoint, a company that tracks online fraud, said it had detected a "notable" increase in scammers operating on Twitter including a ruse designed to drain people of their savings.
Sherrod DeGrippo, the vice president of threat research and detection at Proofpoint, said one scam the company has tracked involves fraudsters sending Twitter users bulk direct messages, purportedly offering them work and encouraging them to speak with a young woman on the largely unregulated social media platform Telegram.
But those messages are actually introductions for an elaborate scam that tries to convince people to drain their savings by telling them they're investing in cryptocurrency, DeGrippo said.
Scams were already an issue on Twitter, as they are on many major social media websites. But some changes Musk made opened the door to making them worse.
Verification service
On Friday, Twitter paused the rollout of its Twitter Blue verification service, intended to let users pay $8 a month for a verification badge. Many users who signed up promptly changed their usernames and profile pictures to impersonate famous people and brands, leading to confusion on the site and Twitter to suspend the service.
Marc Rogers, a cybersecurity industry veteran and chief security officer of Q-Net Security, questioned Twitter's decision to roll out such a fundamental change so quickly and with little testing. Trust-and-safety teams exist to prevent that, he said.
"The debacle with the Twitter verification is a really strong indicator as to what can go wrong," Roger said.
"You know, it's comedy to see posts from George Washington, from Jesus, from 'Elon' himself allegedly, but at the same time it's terrifying. Because how do you know what's the truth?" he said.
Rogers said that by leaving users with less protection, the company is taking on greater risk.
"At the end of the day, security staff is not just there to protect the user, although that's like a critical part of it. They're there to protect the company from assault from all sorts of directions," he said. "They're the guardrails that prevent companies from going off those cliffs."
Previous scams and hoaxes
There's precedent for Twitter's use for large-scale scams and hoaxes.
In 2020, in one of the most visible hacks of an American company in years, a handful of cryptocurrency scammers tricked Twitter employees into giving them access to key company controls. They proceeded to take over many of the highest profile accounts on the site, including Musk's and now-President Joe Biden's, forcing those accounts to post a request for bitcoin.
"When the verified Twitter users got hacked a few months ago, it was only a bitcoin scam, right?" Rogers said. "But think about the possibilities of if you can take control of the voices of some of the most influential people in the world. It is actually kind of terrifying just how bad it could be."
In 2013, hackers took control of an Associated Press account and sent a false tweet about explosions at the White House, causing a sudden drop in the stock market.
Some cybersecurity experts have openly speculated how Twitter Blue could be used for nefarious purposes. Alex Stamos, a founder partner of the cybersecurity company the Krebs Stamos group and a former chief security officer of Facebook, theorized that North Korean hackers known as the Lazarus Group could shift their attention from cryptocurrency scams to Twitter-based stock manipulation.
"Gosh, would be a good time to have one of the world's experts on finding state-sponsored info ops on staff," he added.
Inside the operation
Some former Twitter employees have previously warned about the platform's security. Peiter Zatko, a widely respect cybersecurity veteran who was previously Twitter's head of cybersecurity, testified before the Senate in September that the platform was "a decade behind industry security standards."
And the company has dealt with spies on its own payroll. In August, a jury found a former Twitter employee guilty of spying on Saudi Arabian dissidents and passing their personal information to the Saudi government.
Berglas, the former FBI official, said he feared Twitter now has less capacity to catch such a person.
"You're losing eyes on the interior, making sure that new employees are vetted appropriately," he said.
"From a security perspective, it's pretty dire," he added. "When you fire so many folks in the security department at once, and then you've got some senior brass leaving, it's concerning."
Tags
Who is online
404 visitors
Oh cmon, what could go wrong in a place and time filled with misinformation….?
True. I use Twitter quite a bit and never once have I taken news information from there as 'fact'. I see someone say something, I go look it up to see if it's true or BS.
I was on twitter 10 or 12 years ago to taunt bill o'reilly, until he blocked me, then I never went back.
I hadn't been on twitter in quite some time but when I was just looking at stuff for an article I just posted about the trumpturd running again and his new slogan MAGAGA and I got on with no problem whatsoever. Not that I cared if I did or not.
I have never trusted Twitter.
It's all about money for Elon Musk.
He gladly collects eight bucks from anyone stupid enough to buy the "blue check".
When someone pays the $8, Twitter receives their account information.
Twitter can sell that personal information.
So it provides a new revenue stream.
I subscribed to Twitter years ago and never used it again. There were just two many nut cases and I just did not enjoy using it. They always seemed to want money for something or other.
LOL, that prick will probably end up on a slab... bfd.
I always thought Twitter was dumb and Musk somewhat of arrogant prick so I am enjoying this very much. I think Twitter and Facebook need to go into the dustbin of history ( social media has been terrible for us as a species) and watching Musk be drug back to earth and being very publicly shown to not be nearly and smart and savy as he thinks he is is good for everyone.
+10
Or as a cynic might put it, freedom of speech is an abrogation of freedom to think.
Musk is a self centered jackass.
Someone created a parody account of a Senator and musk basically laughed at him.
Someone made a parody account of Musk and he deleted and banned the account.
He is a hypocritical dick and I hope he loses everything.
So many a the most successful are.
I hope that doesn’t mean that we lose the capabilities of his innovations.
His innovations? I wonder about that. There is a team of people that work on things. He didn't do it all on his lonesome.
I had to laugh. I just noticed we have a tesla charging station at our shopping district. I saw one car, don't know if it was just parked by it or what. Drove by again and no cars there and the shopping was packed (so much for Biden hurting people).
Funny he thinks there are that many tesla drivers in the very red state of MS.
I question his actual decision making as he gets older. His megalomania seems to be getting in his way.
I think he also lost about half of his worth.
Of course not, nether the less, no one else has that string of accomplishments.
... never the less, no one else could make twitter hemorrhage cash value like he has.
Is that a win for income inequality?
I wonder what his innovations are. None that I use everyday.
Now that everyone is makings EVs he no longer has a niche market, plus most of his clientele were of the more liberal persuasion, not exactly a smart move to alienate his base. he got his original money from selling paypal, which I have never used. Some executive said the other day his self driving vehicles should never be allowed on the road...
or Tesla...
November 2021, over $900 a share.
November 2022, under $200 a share.
Way to go Ego Musk!
Exactly, he should have never gotten into the EV business.
Well there you go, can’t get more persuasive than that, thanks for the insight.
What has he done for you?
No, that's not it.
He never should have had the thought that he alone had the answers
to free speech on the internet. That he alone could fix something like Twitter
or social media sites like it.
He should have stuck to mechanical things like EVs and rocket ships.
His own words and actions are undermining his ability to raise more money
for Tesla or other ventures while the Twitter events may prove to be his own
personal Waterloo...
His success or failure with Twitter means little to me, what does it mean to you?
For free? I doubt it.
I also would never have satellite tv because you could not always rely on it.
So far he has provided it to Ukraine for free while denying its use to Russia.
Musk's Starlink Is Free To Ukrainians But Government Says They Are Looking For Alternatives (ibtimes.com)
True, even the multiple eye/multiple satellite systems are vulnerable during large weather events. ("unreliable")
I did read about Ukraine. He was wanting the government to take over the cost or something.
A satellite phone did work on Jurassic Park...
As usual, you are very well informed.
Ukraine is using Starling for communication for free.
Musk threatened to pull the plug in Ukraine then announced he wouldn't.
I think Biden may have threatened to nationalize Starlink if Musk pulled the plug on Ukraine.
Would that be legal or doesn’t Biden care?
Starlink was being by Ukrainian forces for communication and intel purposes.
It was the best way to monitor Russian troop movements
Starlink was also being used (Internet access and comms) by civilians in Ukraine.
An argument made that Starlink is a national security issue.
Perhaps for the Ukraine.
Well, Musk threatened to pull the plug if the Pentagon wouldn't start
paying the Starlink bills for Ukraine.
Do you think that's legal?
A thought crossed my mind. If he owns the satellites and runs them, if the government paid for it, wouldn't that then make it a government run institute and take away Musk having any oversight of it, basically butting him out of his own company.
I am not sure how all that works.
I agree with everything you say here - makes so much sense and people go on and on and on and on and on about him being so goddamned wonderful.
That megalomania and move to the dark side negates all of his so called innovations and alleged humanitarianism as far as I'm concerned.
Well that is something that he definitely deserves credit for. That's something decent that he's doing.
Let us know when he starts charging though!"
I take back what I said before.
The first, last, and only resort of all Fascists. Nationalize it!
Yes, or do you think private corporations always give their services away for a complete loss?
Complete loss? That requires some context.
From the guy that "owns" Tesla, a company that hasn't shown a profit in 15 years and he has publicly vowed it won't for a long time.
SpaceX, zero profits.
He was donating StarLink to Ukraine to boost his image and promote StarLink. Period.
Starlink is nearly profitable already and Musk expects it to support his entire portfolio by 2025 to the tune of 30 Billion a year.
Poor Elon...
Some folks pretend to know what they're talking about.
Yesterday Musk dared his remaining 4,000 employees to knuckle down to his
new rules by 5PM today or quit with 3 months' severance.
Today over 2,000 employees took Musk up on his kind offer.
Somehow, rather incredibly, Musk and his new leadership team were taken off
guard.
In less than three weeks, Elon has lost most of Twitter's advertising and
somewhat inadvertently trimmed his payroll by up to 90%
and workforce by 75% to 80%.
Elon seems to be taking a page out of Charie Sheen' "winning" playbook./s
(deleted)
I would agree
hes an arrogant prick as well
Exactly, and with so little to be arrogant about.
Hey Iggy! And I agree totally. He has let his over zealous ego get the best of him this time and it is time he paid the price. Like many others, he will rue the day he sold his soul to the Devil, better known as Donald J Trump.
And it couldn't happen to a better person imo.
Some people can accomplish much, and NOTbe ARROGANT PRICKS, unlike this one and his LYING FCKN Buddy, The Art of the Steal Clown who’s Fe Male desires are easily disappointed in the irony of another dire non erect ion dew to his inability to wet her grass smoking hot ass she just lets em grab her BUY THE PUSSY, cause Buy Ass is a Trumpullthinskin treacherous trait found in traitors and truth deflatores, along with Democracy haters and Electric Car Formulators who B leave $ is numero uno when ordering people around and at Pizza Uno they both profess duh, tres times four till a Fifth drank in 6 hours on the seventh day B 4 Ate by a B nine Two more, than eight Ten. Times a day long of 24, cause their dazes be just the same length as say ours, or probably a tad bit shorter, that their wealth helps compensate 4, and much Moore than a pier
Agreed.
I want to thank you for making this article & the comments contained within it so amusing.
If I could stop laughing, I'd turn on Bret Baier.
Have a good night.
Before you go, could you help me out?
Please translate post 5.2.4 into something that at least is remotely related to making sense.
Exactly, he didn't build that...
About the umpteenth time you made basically that same comment about one of Iggy's comments it became blase...
That was like two years and five hundred times ago. It has zero impact anymore!
You really need to get some new material.
Like fake gas stations in the Bronx and dumbfuck claims of voter suppression?
[deleted]
I have no trouble understanding Iggy's comments, and find his comments to be very interesting and informative in many ways. And other seem to find his comments easy to follow as well.
I think the problem you have in understanding them lies solely with you.
Most of them are hilarious.
Yes indeed. And I love the way he writes.
Supposedly, it's a kind of cute code. A few on the left pretend to understand it and we get the forced laugh or thumbs up.
Noobody can figure it out and it makes no sense.
It takes wit and intelligence to get iggy.
Like I said Vic and Tex - it takes wit and intelligence to get iggy.
It's not just staff that he is driving off but also his advertisers.
The smarter ones
I had Twitter, but as soon as Musk fired half the staff I deleted my account. Now's he's saying bankruptcy could be an option?
Which goes to show that he is not as savvy a businessman as he thinks he is. And that's what he gets for trying to be like his hero Trump.
Seeing the freak out over Twitter is something. The left is outraged over an American company trying to build a platform with transparent fee speech policies and protections while it’s house multi national corporations are pulling advertising from Twitter in favor of sites like tik tok, which is literally used by the ccp to spy on Americans.
lesson from democrats and corporations: free speech :bad, supporting China spying on Americans :good.
Transparent free speech policies….WTF ?
Yeah, trying to move away from a model where they censor true stories in service of the Democratic Party.
Derp.
Derp.
Musk comes from a wealthy family. I don't think he's ever actually invented or developed anything but he did have the brains to hire the best and brightest to build his companies
A thought hit me a little while back.
It is almost like he works on something then moves on to another thing when he is only halfway done with the first.
I think he's on the autism scale so it may be hard for him to stay focused
He has the most outrageous compensation package from Tesla.
Zero salary. Various performance bonuses and stock options
to the tune of $55Billion
because the Tesla Board describes Musk as a serial Entrepeneur
who has trouble staying focused on one project at a time.
This compensation is to lead an EV maker that hasn't made money in 15 years
and Musk says he doesn't plan to let it for the foreseeable future.
Yes his father owned an emerald mine. You are exactly right, as usual TG.
Sadly people have been programmed to believe that money equals brains and that rich people are not to be questioned on their competency. Inherited wealth isn't an indicator of intelligence. I think his marital woes and family issues have actually hit him hard and his behavior that is clearly heading in the self destruct direction indicates he needs personal help. Throwing his money away isn't going to help his personal life at all.