Security Gaffes and the Tweeter

February 2, 2021

The Next Web has some advice for those going online to discuss how a security breach has affected them—“Don’t Dox Yourself by Tweeting About Data Breaches.” Writer Ben Dickson noticed several NetGalley users doing just that following the breech of that site’s database backup file last month. He writes:

“The database in question included sensitive user information, including usernames and passwords, names, email addresses, mailing addresses, birthdays, company names, and Kindle email addresses. Unfortunately, many users took to social media and started discussing the incident without thinking about what they are putting up for everyone to see. And in their haste to be the first to tweet about the breach, many users made awful mistakes, which could further compromise their security.”

A couple examples include the person who announced they use the same password everywhere (!) and someone who revealed their full name by reproducing their NetGalley notification. (Her Twitter account uses a pseudonym.) To make matters worse, it appears the database stored user information unencrypted. Though NetGalley itself does not keep incredibly sensitive data like banking information, hackers have ways of twisting even the most benign information to their dastardly goals. The write-up continues:

“After the NetGalley hack, the attackers have access to a fresh list of emails and passwords. They can use this information in credential stuffing attacks, where they enter the login information obtained from a data breach on other services and possibly gain access to other, more sensitive accounts. Cross-service account hijacking is something that happens often and can even include high-profile tech executives. The attacks can also combine the data from the NetGalley breach with the billions of user account records leaked in other data breaches to create more complete profiles of their targets. So, alone, the NetGalley data breach might not look like a big deal. But … every piece of information that falls into the hands of malicious actors can become instrumental to a larger attack.”

Dickson hastens to add that people need not stop tweeting about data breeches altogether. Doing so can actually provide valuable discussion, as his closing examples illustrate. One should just be careful not to include personal details the hackers’ might add to their collection.

Cynthia Murrell, February 2, 2021

Twitter and the Fire Hose for Academics

January 29, 2021

I read “Enabling the Future of Academic Research with the Twitter API.” According to the official Twitter statement:

Our developer platform hasn’t always made it easy for researchers to access the data they need, and many have had to rely on their own resourcefulness to find the right information.

Understatement, of course.

The post continues:

We’ve also made improvements to help academic researchers use Twitter data to advance their disciplines, answer urgent questions during crises, and even help us improve Twitter.

Help is sometimes — well — helpful. But self help is often a positive step; for example, verifying the actual identity of a person who uses the tweeter thing. There are some software robots chugging along I believe.

Also, charging a subscription fee. The amount is probably less important than obtaining verifiable bank information. Sure, some software robots have accounts at outstanding institutions like Credit Suisse and HSBC, but whatever account data are available might be helpful under certain circumstances.

But academics? How many academics work for non governmental or governmental entities as experts, analysts, and advisors? Will the tweeter thing’s new initiative take such affiliations into account before and during usage of Twitter data?

I assume that a tweeter senior manager will offer an oracular comment like, “For sure.”

There are three hoops through which the agile academic must jump, and I quote:

  1. You are either a master’s student, doctoral candidate, post-doc, faculty, or research-focused employee at an academic institution or university.
  2. You have a clearly defined research objective, and you have specific plans for how you intend to use, analyze, and share Twitter data from your research…
  3. You will use this product track for non-commercial purposes….

Sounds like a plan which will make some nation states’ academics wriggle with anticipative joy.

My view is that this new initiative may unfold in interesting ways. But I am sure the high school science club managers have considered such possibilities. Why who would hire a graduate student to access tweeter outputs to obtain actionable information for use by a country’s intelligence professionals? The answer in the twitterverse is, “Who would risk losing the trust of Twitter by doing that?” Certainly not an academic funded by an intelligence or law enforcement entity.

Right, no one. Misuse the tweeter? Inconceivable.

Stephen E Arnold, January 29, 2021

The Twitter Leadership Thing: Is This Charlie Muffin Reverse Arrogance?

January 18, 2021

I read “Jack Dorsey Just Explained Why Twitter’s Ban of Trump Is an Extraordinary Failure of Leadership.” I like the subtitle as well because it contains an interesting word. Here’s the subtitle:

You are ultimately responsible for the platform you build

And the word snagging my jaded attention?

Responsibility

Charlie’s reverse snobbery has taken another step closer to becoming one of the management precepts of the high school science club management precepts.

The write up points out:

Social media platforms aren’t neutral. That’s by design. They are literally built to provide people with the ability to create and share content, which the platform then amplifies in various ways. That amplification is designed to feed people with an almost unending stream of content that reinforces their beliefs, desires, passions, or values.  As a result, platforms have enormous influence over the types of conversation that happen. Even more importantly, Twitter and other social media companies have massive power to move their users’ collective thoughts and belief systems, for good or bad. All of the things that keep people engaged, and make them want to keep using a platform, are the very things that run the risk of promoting unhealthy conversation.

Okay, that’s mostly correct. The context of online information is left out, but after decades of thumb typing, there are these glimmers of awareness. That’s a plus.

Even academics have discovered, when they rip themselves from their mobile phones and messaging about consulting engagements, that something has been going on. A good example is “How Social Media’s Obsession with Scale Supercharged Disinformation.” At least the corn hole bag is heading in the general direction of understanding online. The tweeter game has been going on for years, so the bag filled with inedible corn is arriving late.

I absolutely trilled when I read this opinion in the Jack Dorsey Explained article. Consider:

When the platform breaks, it’s easy to place fault with users. That would miss an important point. That’s what I find most powerful about Dorsey’s statement. Instead of placing the blame elsewhere, he owns the responsibility Twitter has to do what it can to promote healthy conversations. It would be easy for Twitter to simply wash its hands of users who have abused the platform, but that isn’t what Dorsey did. Instead, he took responsibility and indicated the company needed to look internally to figure out how to never be in this situation again. Considering how unique that message is, it’s not only a powerful lesson, it’s a refreshing example of taking responsibility.

Not exactly on time or on target. The beacon of management runs two companies and is apparently demonstrating his high school management method from an island in the Pacific.

And the tweeter? Yeah, a fine service, well managed, constructive, and just the thing to express important information.

And leadership? Examples include a verifiable identity for users, a subscription service, policies, and consequences for those who skirt them? What did that Sloan guy say about trying to do two things. Right, something like two objectives is no objective? Surf’s up, Charlie.

Stephen E Arnold, January 18, 2021

Tweet This! Real News Discovers the Concept of Hidden in Plain Sight

December 31, 2020

Remember the Purloined Letter? No, that’s okay. Thumbtypers don’t either. I read “Just How Bad Was This Year? These Professors Found Answers on Twitter.” I noted this passage:

Since 2008, the duo [professors at a school in Vermont] has taken a random 10 percent of everything tweeted each day, seeking truths hidden in plain sight. (Whileacknowledging, as Danforth put it, that “Twitter is a nonuniform subsample of utterances made by a nonuniform subsample of humans whoare on the Internet.”) They’ve used it, for example, to explore fame, finding that DonaldTrump and K-pop band BTS are mentioned as commonly as some regular words (think: “after,” “would.”). As Dodds put it, “The word‘Trump’ has been in the top 300 words all year this year, which he’s never done before. That’s more common than the word ‘God.’ ”

The sampling is done by the Hedonometer, possible a reference to either a town in England or a unit of pleasure used to theoretically weigh people’s happiness. I like the latter candidate, split infinitive, and the weird idea of “weighing” happiness. I often say to the grocery clerk in Harrod’s Creek, Kentucky, “I will take a pound of happiness and a half pound of ricotta, please.”

The big find seems to be:

Some trends have emerged through the years. All else being equal,Saturday is the week’s happiest day on Twitter, Tuesday the saddest.National holidays cause huge spikes in happiness, with Christmas beingthe most cheerful. Major sporting events and birthdays of pop stars,particularly K-pop stars, tend to make for gleeful days. On the flipside, natural disasters and mass shootings tend to spark more unhappydays.

What’s the analysis reveal?

“In the last five years, we’ve seen the usual weekly cycle justget busted,” Dodds added. “It’s sort of all over the place now.Events are happening any day of the week. It’s much more what Iwould call emotional turbulence.”

Remarkable in a way, a modest way.

Stephen E Arnold, December 31, 2020

Yodaesque Insight from the Tweeter

November 26, 2020

I read “Twitter to Relaunch Account Verifications in Early 2021, Asks for Feedback on Policy.” Ommmmm. Ommmmm. Account verification. The Tweeter thing, the destroyer of coherence, the maker of faux wizards, has a thought. Tie a Tweeter thing account to a verifiable entity. This is revolutionary or, as Yoda might say, “Revolutionary this is.” Ommmmm. Ommmmm.

I learned:

Twitter will initially verify six types of accounts, including those belonging to government officials; companies, brands and nonprofit organizations; news; entertainment; sports; and activists, organizers and other influential individuals. The number of categories could expand in time. Twitter’s verification system, which provides a blue checkmark to designate accounts belonging to public figures, was paused in 2017 as the company tried to address confusion over what it meant to be verified.

What a startling concept is this? How loud must be the voices from the Victoria Falls must be.

Hey, China likes the idea. Even geezers sitting around the old fashioned truth burning stove in Harrod’s Creek, Kentucky, thinks this is a Yodaesque insight. More accurately, Yoda has a moment of semi-clear thinking. I hear the fail whale thrashing.

Ommmmm. Ommmmm.

Stephen E Arnold, November 26, 2020

Fleeter Tweeter: Zen and the Art of Fail Whaling

November 20, 2020

I am not a big tweeter. I am not too keen on the Twitter thing although one of my team fixed up a script to notify people about a new Beyond Search story or a DarkCyber video. That’s about it. I do enjoy seeing a senior manager with a scruffy beard explain the inner workings of the fine short message broadcasting service. The idea of running two companies from Africa strikes me as particularly interesting, a bit like the old TV show in which a Kung Fu expert handled crude and clumsy bad actors with a finger flick.

Now we have a fleeter tweeter.

I read “Twitter Ends Fleets Rollout after Just One Day As New Feature Crashes App.” The write up states:

Twitter is delaying its rollout of ‘Fleets’, its Stories-like function, while it fixes “performance and stability problems”.

For a company with a new and interesting chief security officer and a summer security challenge, the Tweeter thing seems to have some technical enhancements to add; namely, beaching the digital fail whale.

Fleets of fails?

Be calm. Be very chill. Africa may be the optimal place to retire. Senator Ted Cruz might want to visit in person, not just virtually.

Stephen E Arnold, November 20, 2020

Twitter for Verification: The Crypto Approach

October 21, 2020

New York State’s Twitter Investigation Report explores the cybersecurity “incident” at Twitter and its implications for election security. If you don’t have a copy, you can view the document at this url. The main point of the document struck me as this statement from the document:

Given that Twitter is a publicly traded, $37 billion technology company, it was surprising how easily the Hackers were able to penetrate Twitter’s network and gain access to internal tools allowing them to take over any Twitter user’s account.

With the Department of Financial Services’ report in mind, I found the information in “.Crypto Domain Owners Can Now Be Verified With Twitter Accounts for Safer Payments” interesting. Twitter and “safer” are not words I would associate. The write up reports:

Blockchain startup Unstoppable Domains and oracle network Chainlink have launched a new feature allowing individuals or entities with blockchain domains to authenticate themselves using their Twitter accounts. The feature is powered by Chainlink oracles, which connect each .crypto address from Unstoppable Domains to a public Twitter username. The firms said the Twitter authentication could help stem crimes in cryptocurrency payments such as phishing hacks.

In one of our Twitter tests, we created an account in the name of a now deceased pet. Tweets were happily disseminated automatically by the dog. Who knew that the dead dog’s Twitter account can reduce phishing attacks?

Twitter: Secure enough to deliver authentication? The company’s approach to business does not give me confidence in the firm’s systems and methods.

Stephen E Arnold, October 21, 2020

The Future of Twitter Revealed

September 30, 2020

Twitter is an interesting outfit. Forbes (the capitalist tool, I believe) published “Bitcoin and Blockchain Are the Future of Twitter, CEO Jack Dorsey Reveals”. Twitter is an interesting outfit; for example, it has a new chief information security officer. That’s a good idea, maybe too late for some stakeholders, but it is a step forward.

Forbes reports:

Dorsey, who… said bitcoin is “probably the best” native currency of the internet, has previously gone as far as saying bitcoin has the potential to be the world’s sole currency by 2030…. Now, speaking at the virtual Oslo Freedom Forum 2020, Dorsey has said bitcoin and its underlying decentralized blockchain technology are the future of Twitter.

Forbes quotes Twitter’s top management Zen person as saying:

“The whole spirit of bitcoin, for instance, is to provide a trusted system in a distrusted environment, which is the internet,” Dorsey said…. Earlier this month, Dorsey told Reuters bitcoin is “probably the best” native currency of the internet due to bitcoin being “consensus-driven” and “built by everyone.”

Yep, trust.

A couple of observations:

  • Twitter owns a payment system. Perhaps Mr. Dorsey’s confident assertion about the future is influenced by the method of communications and the beneficiary of the digital currency cheerleading?
  • Twitter licenses its data selectively to commercial enterprises developing products and services to assist law enforcement and intelligence agencies. With Bitcoin generally perceived as a lubricant for illegal transactions, what’s Twitter’s goal? (Check out the Geospark Analytics – Twitter deal for some color. Geofeedia has not been as fortunate as the virtual intelware vendor.)
  • How will enhanced Bitcoin capabilities assist bad actors in money laundering and other possibly questionable activities?

DarkCyber finds Twitter fascinating. A half-time CEO, a messaging system which can spark interesting social consequences, and a peculiar way of supporting law enforcement and other groups simultaneously.

Worth monitoring the dualism.

Stephen E Arnold, September 30, 2020

Twitter: Another Almost Adult Moment

August 7, 2020

Indexing is useful. Twitter seems to be recognizing this fact. “Twitter to Label State-Controlled News Accounts” reports:

The company will also label the accounts of government-linked media, as well as “key government officials” from China, France, Russia, the UK and US. Russia’s RT and China’s Xinhua News will both be affected by the change. Twitter said it was acting to provide people with more context about what they see on the social network.

Long overdue, the idea of an explicit index term may allow some tweeters to get some help when trying to figure out where certain stories originate.

Twitter, a particularly corrosive social media system, has avoided adult actions. The firm’s security was characterized in a recent DarkCyber video as a clown car operation. No words were needed. The video showed a clown car.

Several questions from the DarkCyber team:

  1. When will Twitter verify user identities, thus eliminating sock puppet accounts? Developers of freeware manage this type of registration and verification process, not perfectly but certainly better than some other organizations’.
  2. When will Twitter recognize that a tiny percentage of its tweeters account for the majority of the messages and implement a Twitch-like system to generate revenue from these individuals? Pay-per-use can be implemented in many ways, so can begging for dollars. Either way, Twitter gets an identification point which may have other functions.
  3. When will Twitter innovate? The service is valuable because a user or sock puppet can automate content regardless of its accuracy. Twitter has been the same for a number of Internet years. Dogs do age.

Is Twitter, for whatever reason, stuck in the management mentality of a high school science club which attracts good students, just not the whiz kids who are starting companies and working for Google type outfits from their parents’ living room?

Stephen E Arnold, August 7, 2020

Spearphishing: The Pursuit of an Elusive Dorsey?

August 5, 2020

I read “Twitter Says Hack Targeted Employees Using Spearphishing.” Yep, spearphishing. That’s jargon for sending a person email and using words to obtain access. Here’s what a digital spear gun looks like:

image

Click away.

The write up states:

Twitter said in a security update late Thursday that the July 15 incident by bitcoin scammers stemmed from a “spear phishing” attack which deceived employees about the origin of the messages.

A bad actor, allegedly a teen, jumped in the digital ocean, carrying a mobile phone and a digital spear fishing device:

image

Once the target was in sight, the teen released the pointy digital stream.

The result?

The remarkable Dorsey fish appears to have been targeted by the teen.

image

High-tech? The write up reports:

John Dickson of the security firm Denim Group said the latest disclosure does not necessarily suggest a sophisticated attack from a nation-state. “They conned people over the phone,” Dickson said, saying it may have been possible to find targets through research on LinkedIn or Google. “This is like the original hackers from the 1980s and 1990s; they were very good at conning people and getting them to give their credentials.”

Has the Dorsey fish been beached? Did the Dorsey fish swim away? Did the Dorsey fish notice the digital attack?

No answers which satisfy DarkCyber have been forthcoming. There’s no visual evidence of the succulent Dorsey fish being steamed and served to the Twitter Board of Directors:

image

Looks tasty. Speared phish steamed for two minutes and then sautéed with cyber veggies.

Stephen E Arnold, August 5, 2020

Next Page »

  • Archives

  • Recent Posts

  • Meta