“Twitter has seemed to ignore security for a long time, and with every change, there’s a risk,” says David Kennedy, CEO of incident response company TrustedSec, who previously worked for the NSA and the United States Marine Corps. intelligence unit symbol. “There is a lot of work to be done to stabilize and protect the platform, and there is a growing risk from bad insiders because of all the changes that are happening. Over time, the chances of incidents decrease, but the security risks and technical liabilities are still there.”
A Twitter breach can expose the company or its users in many ways. Of particular concern would be an incident that endangers users who are activists, dissidents, or journalists under a repressive regime. With more than 230 million users, a breach on Twitter can also have significant consequences for identity theft, harassment, and other harm. And from a law enforcement perspective, the information has been necessary for years to encourage government spies to infiltrate the company, a threat Zatko said Twitter is not prepared to counter.
The company has already been investigated by the US Federal Trade Commission for its past actions, and on Thursday, seven Democratic senators asked the FTC to investigate whether “changes made in internal audits and data protection practices” at Twitter violated the 2011 law. between Twitter and the FTC for data misuse.
If a breach had occurred, the details would have shown the consequences for users, Twitter, and Musk. But the outspoken billionaire may want to know that, in late October, the FTC issued an injunction against online ordering service Drizly and personal penalties against its CEO, James Cory Rellas, after the company leaked information about about 2.5 million users. . The law requires the company to have strict rules on data deletion and limiting data collection and retention, and requires the same from Cory Rellas for any future companies it works for.
Speaking clearly about the digital security threat at the Aspen Cyber Conference in New York City on Wednesday, Rob Silvers, undersecretary for policy at the Department of Homeland Security, urged vigilance from companies and other organizations. “I couldn’t be more impressed. We see enough intrusions and successful intrusions every day that we don’t stop looking at it at all,” he said. “Security is important, resilience is important in this environment.”
Dan Tentler, the founder of the Phobos Group, a malware testing and repair company that worked on Twitter’s security from 2011 to 2012, says that while the current chaos and shortage of staff at the company creates potential risks, it can also create challenges for potential attackers. having difficulties at this time creating an organizational map to look for employees who have access to or control within the company. He adds, however, that the risks are high because of Twitter’s growth and global reach.
“If there are people left inside Twitter or someone hacks Twitter, there’s probably not much to stop them from doing whatever they want – you have an environment where there aren’t many defenders,” he says.