Ride the Lightning

Twitter Under Musk: Worries About Cybersecurity – and Just About Everything Else

November 17, 2022

Elon Musk has certainly managed to stay in the news. On November 16, PC Magazine reported that Musk is demanding that Twitter employees pledge to work “long hours at high intensity” or face being terminated. He has asked employees to sign a form by November 17, committing themselves to being “extremely hardcore” or they must leave the company with three months’ severance pay.

That certainly raised my eyebrows after a very busy couple of weeks in the Twitterverse.

Musk has announced the possibility of the social media platform going bankrupt, ending a chaotic day that included a warning from a U.S. privacy regulator and the departure of the company’s trust and safety leader, a huge cybersecurity concern.

Yoel Roth, who has overseen Twitter’s response to combat hate speech, misinformation and spam on the service has resigned, certainly a worrying sign. In his Twitter profile, Roth described himself as “Former Head of Trust & Safety” at the company.

In Musk’s first mass call with employees, he said that he could not rule out bankruptcy two weeks after buying it for $44 billion – a deal that experts say has left Twitter’s finances in a precarious position. Quite an opening statement.

Earlier in same day, in his first company-wide email, Musk warned that Twitter would not be able to “survive the upcoming economic downturn” if it fails to boost subscription revenue to offset falling advertising income.

Cyber experts around the world have worried about recent events affecting security at Twitter, including the massive workforce cuts that are likely to reduce the company’s cybersecurity staff.

“For cybersecurity, for me, I think it’s a quite reasonable prediction that it will be a net negative,” Peter Singer, a strategist at the New America think tank who wrote about the cyber risks of Musk’s purchase, said.

It’s important to remember that Musk inherits a host of security problems at Twitter, including a history of hacks and allegations from whistleblower Peiter “Mudge” Zatko, a major figure in cybersecurity who filed a complaint and testified before Congress.

Zatko said Twitter didn’t protect user data, undercounted spam bots, employed foreign agents and misled the Federal Trade Commission. Twitter has denied the allegations and criticized Zatko’s performance at the company.

Even before Musk threatened to cut the company’s personnel, Twitter was already headed toward big personnel reductions. That is likely to impact control over both harmful content and data security.

Experts are concerned about a rise in disinformation, foreign influence campaigns, limits on online speech and more.

One area where cybersecurity experts have good things to say about Musk comes his stated belief that Twitter should encrypt direct messages. They’ve been calling for that change for a long time.

But it is worrisome that Musk is dependent on China for both sales and production. Also, U.S. officials are considering opening an investigation into Musk’s purchase of Twitter and whether foreign investors would have access to user data. The FBI also examined possible counterintelligence risks the deal posed.

Musk’s vow to open up Twitter’s algorithm to public scrutiny earned some praise for its transparency, but “exposing code to the world also exposes potential vulnerabilities that criminals and disinformation operators can use to sow havoc,” wrote CyberScoop’s Tonya Riley earlier this year.

So there you have it. Twitter is widely viewed as being in near total disarray – and a decreasing level of security is not going to help its future.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225, Fairfax, VA 22030
Email:   Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson