Yodaesque Insight from the Tweeter

November 26, 2020

I read “Twitter to Relaunch Account Verifications in Early 2021, Asks for Feedback on Policy.” Ommmmm. Ommmmm. Account verification. The Tweeter thing, the destroyer of coherence, the maker of faux wizards, has a thought. Tie a Tweeter thing account to a verifiable entity. This is revolutionary or, as Yoda might say, “Revolutionary this is.” Ommmmm. Ommmmm.

I learned:

Twitter will initially verify six types of accounts, including those belonging to government officials; companies, brands and nonprofit organizations; news; entertainment; sports; and activists, organizers and other influential individuals. The number of categories could expand in time. Twitter’s verification system, which provides a blue checkmark to designate accounts belonging to public figures, was paused in 2017 as the company tried to address confusion over what it meant to be verified.

What a startling concept is this? How loud must be the voices from the Victoria Falls must be.

Hey, China likes the idea. Even geezers sitting around the old fashioned truth burning stove in Harrod’s Creek, Kentucky, thinks this is a Yodaesque insight. More accurately, Yoda has a moment of semi-clear thinking. I hear the fail whale thrashing.

Ommmmm. Ommmmm.

Stephen E Arnold, November 26, 2020

Fleeter Tweeter: Zen and the Art of Fail Whaling

November 20, 2020

I am not a big tweeter. I am not too keen on the Twitter thing although one of my team fixed up a script to notify people about a new Beyond Search story or a DarkCyber video. That’s about it. I do enjoy seeing a senior manager with a scruffy beard explain the inner workings of the fine short message broadcasting service. The idea of running two companies from Africa strikes me as particularly interesting, a bit like the old TV show in which a Kung Fu expert handled crude and clumsy bad actors with a finger flick.

Now we have a fleeter tweeter.

I read “Twitter Ends Fleets Rollout after Just One Day As New Feature Crashes App.” The write up states:

Twitter is delaying its rollout of ‘Fleets’, its Stories-like function, while it fixes “performance and stability problems”.

For a company with a new and interesting chief security officer and a summer security challenge, the Tweeter thing seems to have some technical enhancements to add; namely, beaching the digital fail whale.

Fleets of fails?

Be calm. Be very chill. Africa may be the optimal place to retire. Senator Ted Cruz might want to visit in person, not just virtually.

Stephen E Arnold, November 20, 2020

Twitter for Verification: The Crypto Approach

October 21, 2020

New York State’s Twitter Investigation Report explores the cybersecurity “incident” at Twitter and its implications for election security. If you don’t have a copy, you can view the document at this url. The main point of the document struck me as this statement from the document:

Given that Twitter is a publicly traded, $37 billion technology company, it was surprising how easily the Hackers were able to penetrate Twitter’s network and gain access to internal tools allowing them to take over any Twitter user’s account.

With the Department of Financial Services’ report in mind, I found the information in “.Crypto Domain Owners Can Now Be Verified With Twitter Accounts for Safer Payments” interesting. Twitter and “safer” are not words I would associate. The write up reports:

Blockchain startup Unstoppable Domains and oracle network Chainlink have launched a new feature allowing individuals or entities with blockchain domains to authenticate themselves using their Twitter accounts. The feature is powered by Chainlink oracles, which connect each .crypto address from Unstoppable Domains to a public Twitter username. The firms said the Twitter authentication could help stem crimes in cryptocurrency payments such as phishing hacks.

In one of our Twitter tests, we created an account in the name of a now deceased pet. Tweets were happily disseminated automatically by the dog. Who knew that the dead dog’s Twitter account can reduce phishing attacks?

Twitter: Secure enough to deliver authentication? The company’s approach to business does not give me confidence in the firm’s systems and methods.

Stephen E Arnold, October 21, 2020

The Future of Twitter Revealed

September 30, 2020

Twitter is an interesting outfit. Forbes (the capitalist tool, I believe) published “Bitcoin and Blockchain Are the Future of Twitter, CEO Jack Dorsey Reveals”. Twitter is an interesting outfit; for example, it has a new chief information security officer. That’s a good idea, maybe too late for some stakeholders, but it is a step forward.

Forbes reports:

Dorsey, who… said bitcoin is “probably the best” native currency of the internet, has previously gone as far as saying bitcoin has the potential to be the world’s sole currency by 2030…. Now, speaking at the virtual Oslo Freedom Forum 2020, Dorsey has said bitcoin and its underlying decentralized blockchain technology are the future of Twitter.

Forbes quotes Twitter’s top management Zen person as saying:

“The whole spirit of bitcoin, for instance, is to provide a trusted system in a distrusted environment, which is the internet,” Dorsey said…. Earlier this month, Dorsey told Reuters bitcoin is “probably the best” native currency of the internet due to bitcoin being “consensus-driven” and “built by everyone.”

Yep, trust.

A couple of observations:

  • Twitter owns a payment system. Perhaps Mr. Dorsey’s confident assertion about the future is influenced by the method of communications and the beneficiary of the digital currency cheerleading?
  • Twitter licenses its data selectively to commercial enterprises developing products and services to assist law enforcement and intelligence agencies. With Bitcoin generally perceived as a lubricant for illegal transactions, what’s Twitter’s goal? (Check out the Geospark Analytics – Twitter deal for some color. Geofeedia has not been as fortunate as the virtual intelware vendor.)
  • How will enhanced Bitcoin capabilities assist bad actors in money laundering and other possibly questionable activities?

DarkCyber finds Twitter fascinating. A half-time CEO, a messaging system which can spark interesting social consequences, and a peculiar way of supporting law enforcement and other groups simultaneously.

Worth monitoring the dualism.

Stephen E Arnold, September 30, 2020

Twitter: Another Almost Adult Moment

August 7, 2020

Indexing is useful. Twitter seems to be recognizing this fact. “Twitter to Label State-Controlled News Accounts” reports:

The company will also label the accounts of government-linked media, as well as “key government officials” from China, France, Russia, the UK and US. Russia’s RT and China’s Xinhua News will both be affected by the change. Twitter said it was acting to provide people with more context about what they see on the social network.

Long overdue, the idea of an explicit index term may allow some tweeters to get some help when trying to figure out where certain stories originate.

Twitter, a particularly corrosive social media system, has avoided adult actions. The firm’s security was characterized in a recent DarkCyber video as a clown car operation. No words were needed. The video showed a clown car.

Several questions from the DarkCyber team:

  1. When will Twitter verify user identities, thus eliminating sock puppet accounts? Developers of freeware manage this type of registration and verification process, not perfectly but certainly better than some other organizations’.
  2. When will Twitter recognize that a tiny percentage of its tweeters account for the majority of the messages and implement a Twitch-like system to generate revenue from these individuals? Pay-per-use can be implemented in many ways, so can begging for dollars. Either way, Twitter gets an identification point which may have other functions.
  3. When will Twitter innovate? The service is valuable because a user or sock puppet can automate content regardless of its accuracy. Twitter has been the same for a number of Internet years. Dogs do age.

Is Twitter, for whatever reason, stuck in the management mentality of a high school science club which attracts good students, just not the whiz kids who are starting companies and working for Google type outfits from their parents’ living room?

Stephen E Arnold, August 7, 2020

Spearphishing: The Pursuit of an Elusive Dorsey?

August 5, 2020

I read “Twitter Says Hack Targeted Employees Using Spearphishing.” Yep, spearphishing. That’s jargon for sending a person email and using words to obtain access. Here’s what a digital spear gun looks like:

image

Click away.

The write up states:

Twitter said in a security update late Thursday that the July 15 incident by bitcoin scammers stemmed from a “spear phishing” attack which deceived employees about the origin of the messages.

A bad actor, allegedly a teen, jumped in the digital ocean, carrying a mobile phone and a digital spear fishing device:

image

Once the target was in sight, the teen released the pointy digital stream.

The result?

The remarkable Dorsey fish appears to have been targeted by the teen.

image

High-tech? The write up reports:

John Dickson of the security firm Denim Group said the latest disclosure does not necessarily suggest a sophisticated attack from a nation-state. “They conned people over the phone,” Dickson said, saying it may have been possible to find targets through research on LinkedIn or Google. “This is like the original hackers from the 1980s and 1990s; they were very good at conning people and getting them to give their credentials.”

Has the Dorsey fish been beached? Did the Dorsey fish swim away? Did the Dorsey fish notice the digital attack?

No answers which satisfy DarkCyber have been forthcoming. There’s no visual evidence of the succulent Dorsey fish being steamed and served to the Twitter Board of Directors:

image

Looks tasty. Speared phish steamed for two minutes and then sautéed with cyber veggies.

Stephen E Arnold, August 5, 2020

Twitter Adulting: Copyright and the President of the United States

July 21, 2020

Imagine. Twitter has procedures which automate a portion of its copyright vigilance. (DarkCyber is not so sure about Twitter’s hiring practices and the internal security of its system, but the copyright function may be working.)

Twitter Disables Trump Tweet over Copyright Complaint” presents as accurate and “real” news this statement:

Twitter removed the video, which Trump had retweeted from White House social media director Dan Scavino, after it received a Digital Millennium Copyright Act notice from Machine Shop Entertainment, according to a notice posted on the Lumen Database which collects requests for removal of online materials. Machine Shop is a management company owned by the rock band Linkin Park, according to its LinkedIn page.

DarkCyber hopes that Twitter will bring similar diligence to its security, management, and governance of a firm which occupies an interesting, if not secure, place in the pantheon of social media luminaries.

As Linkin Park sang:

Go, stop the show
Choppy words…

Indeed, but the DarkCyber team would substitute the word “tweety” for choppy. But we are not song writers or exceptional tweeters.

Stephen E Arnold, July 21, 2020

Twitter: Remediation or Yoga Babble?

July 20, 2020

I read “An Update on Our Security Incident.” The author is someone at Twitter. That’s reassuring to Mr. Obama, some bitcoin users, and maybe a friend from high school.

The “cause” was:

attackers targeted certain Twitter employees through a social engineering scheme.

Now remember this is an outfit which makes it possible to output information that can have an immediate and direct impact of individuals, organizations, and institutions. This is not a disgruntled student passing out mimeographed pages in the lunch room about the upcoming school dance in the aforementioned high school auditorium.

The cause was an organizational structure similar to a prom fund raising event at the Governor Dummer Academy.  Hence:

The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections.

And not to worry. Only 130 Twitter accounts were “accessed.” No problem, mom, Mr. Obama’s account was not improperly used by “the attackers.” Really, Mom. Honest.

Let’s stop.

What was the cause?

The cause was a large and influential company failed to recruit, train, and monitor employees. That company did not have in place sufficient safeguards for its core administrative tools. That company does not have a full time chief executive officer. That company does not have a mechanism to know what is going on when the core administrative tools are used in an anomalous manner by an outsider.

That’s why the company was attacked and there are a few other reasons which seem highly probable to the DarkCyber research team:

  1. The alleged individual attacker or his shadow supporters wanted to demonstrate how one of the more influential social media companies could be successfully compromised
  2. The alleged individual attacker was testing systems and methods which could be used against or again to obtain access to an important channel of unmonitored real time data
  3. The alleged individual attacker was just one of those lone wolf hackers who sit up at night and decide which barn to set on fire.

Once again we have a good example of high school science club management.

The explanation is not going to reassure some people, maybe the former president of the United States? The explanation dances around the core issue: Mismanagement and a failure of governance.

High tech “cuteness” has become a pink Hello, Kitty line of polyester hipster T shirts.

Hey, Twitter. A “dog ate my homework” explanation misses what the breach reveals about management expertise.

Stephen E Arnold, July 20, 2020

Arnold and Steele: Twitter Incident

July 17, 2020

Robert Steele, a former CIA professional, and I discuss the Twitter breach. Mr. Steele takes a broader view; I focus on specific operational actions by regulatory and enforcement entities. We disagreed on some points, but at the end of the 20 minute conversation, we agreed on a broad principle. Action is needed.

https://tinyurl.com/darkcybertwitter

You can view the program which has been viewed more than 7,000 times since July 16, 2020.

Stephen E Arnold, July 17, 2020

Digital Fire hoses: Destructive and Must Be Controlled by Gatekeepers

July 16, 2020

Let’s see how many individualistic thinkers I have offended with my headline. I apologize, but I am thinking about the blast of stories about the most recent Twitter “glitch”: “Apple, Biden, Musk and Other High-Profile Twitter Accounts Hacked in Crypto Scam.”

Are you among the individuals whom I am offending in this essay?

First, we have the individuals who did not believe my observations made in my ASIS Eagleton Lecture 40 years ago. Flows of digital information are destructive. The flows erode structures like societal norms, logical constructs, and organizational systems. Yep, these are things. Unfettered flows of information cut them down, efficiently and steadily. In some cases, the datum can set up something like this:

image

Those nuclear reactions are energetic in some cases.

Second, individuals who want to do any darn thing they want. These individuals form a cohort—either real or virtual—and have at it. I have characterized this behavior in my metaphor of the high school science club. The idea is that anyone “smart” thinks that his or her approach to a problem is an intelligent one. Sufficiently intelligent individuals will recognize the wisdom of the idea and jump aboard. High school science clubs can be a useful metaphor for understanding the cute and orthogonal behavior of some high technology firms. It also describes the behavior of a group of high school students who use social media to poke fun or “frame” a target. Some nation states direct their energies at buttons which will ignite social unrest or create confusion. Thus, successful small science clubs can grow larger and be governed — if that’s the right word — by high school science club management methods. That’s why students at MIT put weird objects on buildings or perform cool pranks. Really cool, right?

Third, individuals who do not want gatekeepers. I use the phrase “adulting” to refer to individuals able to act in an informed, responsible, and ethical manner when deciding what content becomes widely available and what does not. I used to work for an outfit which published newspapers, ran TV stations, and built commercial databases. The company at that time had the “adulting” approach well in hand. Individuals who decry informed human controls. It is time to put thumbs in digital dikes.

Read more

Next Page »

  • Archives

  • Recent Posts

  • Meta