Cyber security experts worry that users and the general public may soon suffer as a result of Elon Musk’s stormy acquisition of Twitter, which is weakening the platform’s defences and posing new security concerns.
According to leading cyber experts and those who have oversaw cybersecurity at other companies, Twitter is rapidly exposing itself to new security risks that could soon ramify into the public sphere as a result of the now-cancelled rollout of its contentious new check-mark policy and the exodus of top security staff.
The issue? According to Rachel Tobac, CEO of SocialProof Security, a cybersecurity company that focuses on social engineering, Twitter’s ability to fend off threats is leaving with its security brass at the same same time that the new “verification” scheme is multiplying dangers on the platform.
“It’s frightening to think the level of risk that this platform has opened itself up to,” said Tobac. Examples include individuals posing as emergency service providers to spread panic and extortionists obtaining and exposing private communications held on Twitter.
She stated that Twitter was quickly turning into the “Wild West.”
Down the shield
The chief privacy officer, chief compliance officer, and head of trust and safety at Twitter all tendered their resignations on Thursday, citing the dangers of implementing some of Musk’s new money-grabbing measures (like the new check-mark policy) while under investigation by the Federal Trade Commission.
With so much turnover, the company’s capacity to ward off hackers is seriously questioned. This is a challenging task for any prominent social media platform, and one that Twitter was already struggling with, according to a whistleblower complaint made by the former head of security Peiter Zatko earlier this year.
The Stanford Internet Observatory’s director and former CISO of Yahoo, Alex Stamos, tweeted on Thursday that there was a substantial risk of a breach given the organization’s drastically decreased staff. Given the potential for “real-life harm,” he continued, the scenario was particularly “awful.”
In light of the internal strife, Michael Hamilton, a former CISO for the city of Seattle, also expressed concerns about Twitter’s capacity to protect its network.
Hamilton, who is currently CISO of Critical Insight, a cybersecurity firm he created Threats up, said: “Hard to trust Twitter with data at this time.”
Musk’s move to sell the company’s infamous blue check marks, which were formerly used to authenticate a select group of public personalities, resulted in a large number of phoney user accounts on Wednesday and Thursday.
So far, those have primarily consisted of childish antics involving characters like a (believable) irate LeBron James and a (unbelievable) generous Eli Lilly. But Tobac of SocialProof Security said that it is only a matter of time until nation-states and cybercriminals see an opening.
My main worry is that dishonest people will soon discover how to pose as emergency personnel and election authorities using the check mark, said Tobac.
The CISO of Critical Insight, Hamilton, also discovered hackers allegedly trying to spread malware on the site by creating a false McDonald’s account. The thread, which has received more than 400,000 likes as of Friday morning, is still up.
Twitter’s “Blue” membership service, which had only gone online earlier this week, appeared to be suspended on Friday morning. Meanwhile, Twitter revived the programme that Musk had abruptly killed just two days prior, bringing back “official” grey check marks for some well-known businesses and publishers.
The platform’s house fire on Thursday prompted the FTC to issue a rare and severe warning.