Twitter: Remediation or Yoga Babble?
July 20, 2020
I read “An Update on Our Security Incident.” The author is someone at Twitter. That’s reassuring to Mr. Obama, some bitcoin users, and maybe a friend from high school.
The “cause” was:
attackers targeted certain Twitter employees through a social engineering scheme.
Now remember this is an outfit which makes it possible to output information that can have an immediate and direct impact of individuals, organizations, and institutions. This is not a disgruntled student passing out mimeographed pages in the lunch room about the upcoming school dance in the aforementioned high school auditorium.
The cause was an organizational structure similar to a prom fund raising event at the Governor Dummer Academy. Hence:
The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections.
And not to worry. Only 130 Twitter accounts were “accessed.” No problem, mom, Mr. Obama’s account was not improperly used by “the attackers.” Really, Mom. Honest.
Let’s stop.
What was the cause?
The cause was a large and influential company failed to recruit, train, and monitor employees. That company did not have in place sufficient safeguards for its core administrative tools. That company does not have a full time chief executive officer. That company does not have a mechanism to know what is going on when the core administrative tools are used in an anomalous manner by an outsider.
That’s why the company was attacked and there are a few other reasons which seem highly probable to the DarkCyber research team:
- The alleged individual attacker or his shadow supporters wanted to demonstrate how one of the more influential social media companies could be successfully compromised
- The alleged individual attacker was testing systems and methods which could be used against or again to obtain access to an important channel of unmonitored real time data
- The alleged individual attacker was just one of those lone wolf hackers who sit up at night and decide which barn to set on fire.
Once again we have a good example of high school science club management.
The explanation is not going to reassure some people, maybe the former president of the United States? The explanation dances around the core issue: Mismanagement and a failure of governance.
High tech “cuteness” has become a pink Hello, Kitty line of polyester hipster T shirts.
Hey, Twitter. A “dog ate my homework” explanation misses what the breach reveals about management expertise.
Stephen E Arnold, July 20, 2020