Twitter: Another Almost Adult Moment
August 7, 2020
Indexing is useful. Twitter seems to be recognizing this fact. “Twitter to Label State-Controlled News Accounts” reports:
The company will also label the accounts of government-linked media, as well as “key government officials” from China, France, Russia, the UK and US. Russia’s RT and China’s Xinhua News will both be affected by the change. Twitter said it was acting to provide people with more context about what they see on the social network.
Long overdue, the idea of an explicit index term may allow some tweeters to get some help when trying to figure out where certain stories originate.
Twitter, a particularly corrosive social media system, has avoided adult actions. The firm’s security was characterized in a recent DarkCyber video as a clown car operation. No words were needed. The video showed a clown car.
Several questions from the DarkCyber team:
- When will Twitter verify user identities, thus eliminating sock puppet accounts? Developers of freeware manage this type of registration and verification process, not perfectly but certainly better than some other organizations’.
- When will Twitter recognize that a tiny percentage of its tweeters account for the majority of the messages and implement a Twitch-like system to generate revenue from these individuals? Pay-per-use can be implemented in many ways, so can begging for dollars. Either way, Twitter gets an identification point which may have other functions.
- When will Twitter innovate? The service is valuable because a user or sock puppet can automate content regardless of its accuracy. Twitter has been the same for a number of Internet years. Dogs do age.
Is Twitter, for whatever reason, stuck in the management mentality of a high school science club which attracts good students, just not the whiz kids who are starting companies and working for Google type outfits from their parents’ living room?
Stephen E Arnold, August 7, 2020
Spearphishing: The Pursuit of an Elusive Dorsey?
August 5, 2020
I read “Twitter Says Hack Targeted Employees Using Spearphishing.” Yep, spearphishing. That’s jargon for sending a person email and using words to obtain access. Here’s what a digital spear gun looks like:
Click away.
The write up states:
Twitter said in a security update late Thursday that the July 15 incident by bitcoin scammers stemmed from a “spear phishing” attack which deceived employees about the origin of the messages.
A bad actor, allegedly a teen, jumped in the digital ocean, carrying a mobile phone and a digital spear fishing device:
Once the target was in sight, the teen released the pointy digital stream.
The result?
The remarkable Dorsey fish appears to have been targeted by the teen.
High-tech? The write up reports:
John Dickson of the security firm Denim Group said the latest disclosure does not necessarily suggest a sophisticated attack from a nation-state. “They conned people over the phone,” Dickson said, saying it may have been possible to find targets through research on LinkedIn or Google. “This is like the original hackers from the 1980s and 1990s; they were very good at conning people and getting them to give their credentials.”
Has the Dorsey fish been beached? Did the Dorsey fish swim away? Did the Dorsey fish notice the digital attack?
No answers which satisfy DarkCyber have been forthcoming. There’s no visual evidence of the succulent Dorsey fish being steamed and served to the Twitter Board of Directors:
Looks tasty. Speared phish steamed for two minutes and then sautéed with cyber veggies.
Stephen E Arnold, August 5, 2020
Twitter Adulting: Copyright and the President of the United States
July 21, 2020
Imagine. Twitter has procedures which automate a portion of its copyright vigilance. (DarkCyber is not so sure about Twitter’s hiring practices and the internal security of its system, but the copyright function may be working.)
“Twitter Disables Trump Tweet over Copyright Complaint” presents as accurate and “real” news this statement:
Twitter removed the video, which Trump had retweeted from White House social media director Dan Scavino, after it received a Digital Millennium Copyright Act notice from Machine Shop Entertainment, according to a notice posted on the Lumen Database which collects requests for removal of online materials. Machine Shop is a management company owned by the rock band Linkin Park, according to its LinkedIn page.
DarkCyber hopes that Twitter will bring similar diligence to its security, management, and governance of a firm which occupies an interesting, if not secure, place in the pantheon of social media luminaries.
As Linkin Park sang:
Go, stop the show
Choppy words…
Indeed, but the DarkCyber team would substitute the word “tweety” for choppy. But we are not song writers or exceptional tweeters.
Stephen E Arnold, July 21, 2020
Twitter: Remediation or Yoga Babble?
July 20, 2020
I read “An Update on Our Security Incident.” The author is someone at Twitter. That’s reassuring to Mr. Obama, some bitcoin users, and maybe a friend from high school.
The “cause” was:
attackers targeted certain Twitter employees through a social engineering scheme.
Now remember this is an outfit which makes it possible to output information that can have an immediate and direct impact of individuals, organizations, and institutions. This is not a disgruntled student passing out mimeographed pages in the lunch room about the upcoming school dance in the aforementioned high school auditorium.
The cause was an organizational structure similar to a prom fund raising event at the Governor Dummer Academy. Hence:
The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections.
And not to worry. Only 130 Twitter accounts were “accessed.” No problem, mom, Mr. Obama’s account was not improperly used by “the attackers.” Really, Mom. Honest.
Let’s stop.
What was the cause?
The cause was a large and influential company failed to recruit, train, and monitor employees. That company did not have in place sufficient safeguards for its core administrative tools. That company does not have a full time chief executive officer. That company does not have a mechanism to know what is going on when the core administrative tools are used in an anomalous manner by an outsider.
That’s why the company was attacked and there are a few other reasons which seem highly probable to the DarkCyber research team:
- The alleged individual attacker or his shadow supporters wanted to demonstrate how one of the more influential social media companies could be successfully compromised
- The alleged individual attacker was testing systems and methods which could be used against or again to obtain access to an important channel of unmonitored real time data
- The alleged individual attacker was just one of those lone wolf hackers who sit up at night and decide which barn to set on fire.
Once again we have a good example of high school science club management.
The explanation is not going to reassure some people, maybe the former president of the United States? The explanation dances around the core issue: Mismanagement and a failure of governance.
High tech “cuteness” has become a pink Hello, Kitty line of polyester hipster T shirts.
Hey, Twitter. A “dog ate my homework” explanation misses what the breach reveals about management expertise.
Stephen E Arnold, July 20, 2020
Arnold and Steele: Twitter Incident
July 17, 2020
Robert Steele, a former CIA professional, and I discuss the Twitter breach. Mr. Steele takes a broader view; I focus on specific operational actions by regulatory and enforcement entities. We disagreed on some points, but at the end of the 20 minute conversation, we agreed on a broad principle. Action is needed.
You can view the program which has been viewed more than 7,000 times since July 16, 2020.
Stephen E Arnold, July 17, 2020
Digital Fire hoses: Destructive and Must Be Controlled by Gatekeepers
July 16, 2020
Let’s see how many individualistic thinkers I have offended with my headline. I apologize, but I am thinking about the blast of stories about the most recent Twitter “glitch”: “Apple, Biden, Musk and Other High-Profile Twitter Accounts Hacked in Crypto Scam.”
Are you among the individuals whom I am offending in this essay?
First, we have the individuals who did not believe my observations made in my ASIS Eagleton Lecture 40 years ago. Flows of digital information are destructive. The flows erode structures like societal norms, logical constructs, and organizational systems. Yep, these are things. Unfettered flows of information cut them down, efficiently and steadily. In some cases, the datum can set up something like this:
Those nuclear reactions are energetic in some cases.
Second, individuals who want to do any darn thing they want. These individuals form a cohort—either real or virtual—and have at it. I have characterized this behavior in my metaphor of the high school science club. The idea is that anyone “smart” thinks that his or her approach to a problem is an intelligent one. Sufficiently intelligent individuals will recognize the wisdom of the idea and jump aboard. High school science clubs can be a useful metaphor for understanding the cute and orthogonal behavior of some high technology firms. It also describes the behavior of a group of high school students who use social media to poke fun or “frame” a target. Some nation states direct their energies at buttons which will ignite social unrest or create confusion. Thus, successful small science clubs can grow larger and be governed — if that’s the right word — by high school science club management methods. That’s why students at MIT put weird objects on buildings or perform cool pranks. Really cool, right?
Third, individuals who do not want gatekeepers. I use the phrase “adulting” to refer to individuals able to act in an informed, responsible, and ethical manner when deciding what content becomes widely available and what does not. I used to work for an outfit which published newspapers, ran TV stations, and built commercial databases. The company at that time had the “adulting” approach well in hand. Individuals who decry informed human controls. It is time to put thumbs in digital dikes.
Twitter Tools
June 10, 2019
One of our readers spotted “5 Twitter Tools to Discover the Best and Funniest Tweets.” The article is a round up of software utilities which will provide a selected stream of information from Twitter “content creators.” Keep in mind that threads have been rendered almost useless by Twitter’s editorial procedures. Nevertheless, if you don’t have access to a system which provides the “firehose” content or a repository of indexed and parsed Twitter content, you may find one of these useful:
- Funny Tweeter
- Ketchup (an easy way to provide Google with information about Tweets)
- Really Good Questions
- Thread Reader (what about those disappeared tweets and the not available tweets
- Twitter’s digest
- Twubbler (not exactly a Palantir Gotham timeline, however)
Consult the source article for explanations of each and the links.
Stephen E Arnold, June 10, 2019
Excitement for Twitter Slurpers
February 6, 2019
TechTimes reported that Facebook now makes publicly available what the Zuck has had for some time. One can delete Facebook messages. The options are delete for everyone or just for the sender. The speed with which the messages disappear from the Facebook servers is murky. If you are a Twitter slurper, you may have to make certain that the slurps are taking place with alacrity. DarkCyber does not have a full count of the number of entities engaged in chugging down tweets, but there are more than some people may think. Tweets, like Facebook, provide a quite useful stream of data. Zippy analytics can make tweets turn cartwheels. Losing tweets from certain handles of interest is not good news.
Stephen E Arnold, February 6, 2019
Twitter Bans Accounts
August 22, 2018
i read “Facebook and Twitter Ban over 900 Accounts in Bid to Tackle Fake News.” Twitter was founded about 12 years ago. The company found itself in the midst of the 2016 election messaging flap. The article reports:
Facebook said it had identified and banned 652 accounts, groups and pages which were linked to Iran and to Russia for “co-ordinated inauthentic behavior”, including the sharing of political material.
One of the interesting items of information which surfaced when my team was doing the research for CyberOSINT and the Dark Web Notebook, both monographs designed for law enforcement and intelligence professionals, was the ease with which Twitter accounts can be obtained.
For a program we developed for a conference organizer in Washington, DC, in 2015, we illustrated Twitter messages with links to information designed to attract young men and women to movements which advocated some activities which broke US laws.
The challenge had in 2015 several dimensions. Let me run down the ones the other speakers and I mentioned; for example:
- The ease with which an account could be created
- The ease with which multiple accounts could be created
- The ease with which messages could be generated with suitable index terms
- The ease with which messages could be disseminated across multiple accounts via scripts
- The lack of filtering to block weaponized content.
Back to the present.
Banning an account addresses one of these challenges.
The notion of low friction content dissemination, unrestricted indexing, and the ability to create accounts is one to ponder.
Killing an account or a group of accounts may not have the desired effect.
Compared to other social networks, Twitter has a strong following in certain socio economic sectors. That in itself adds a bit of spice to the sauce.
Stephen E Arnold, August 22, 2018
Challenges to High School Science Club Management Methods
August 17, 2018
High school science club management methods involve individuals who often perceive other students as less capable. The result is an “I know better” mindset. When applied on a canvas somewhat larger than a public high school, the consequences are often fascinating.
I am confident that high school science club management methods are indeed effective. But it is useful to look at two recent examples which suggest that the confidence of the deciders may be greater than the benefit to the non-deciders.
The first example concerns Google. The company has had some employee pushback about its work on US government projects. I learned when I read “Google Employees Protest Secret Work on Censored Search Engine for China.” The newspaper of record at least around 42nd Street and Park Avenue said:
Hundreds of Google employees, upset at the company’s decision to secretly build a censored version of its search engine for China, have signed a letter demanding more transparency to understand the ethical consequences of their work. In the letter, which was obtained by The New York Times, employees wrote that the project and Google’s apparent willingness to abide by China’s censorship requirements “raise urgent moral and ethical issues.” They added, “Currently we do not have the information required to make ethically-informed decisions about our work, our projects, and our employment.”
High school management methods have created an interesting workplace problem: Employees want to pick and choose what the company does to generate revenue. Publicly traded companies have to generate revenue and a profit.
How will Google’s management deal with the apparent desire of senior management to make revenue headway in China as its employees appear to want to tell management what’s okay and what’s not okay. I assume that high school science club management methods will rise to this challenge.
The second example is provided by the article “Twitter Company Email Addresses Why It’s #BreakingMyTwitter.” Twitter management is making decisions which seem to illustrate the power of “I know better than you” what’s an appropriate course of action. Twitter has made unilateral changes which appear to have put developers and users in a sticky patch of asphalt. Plus, management has taken an oddly parental approach to the Alex Jones content problem.
I learned from the article:
It’s hard to be a fan of Twitter right now. The company is sticking up for conspiracy theorist Alex Jones, when nearly all other platforms have given him the boot, it’s overrun with bots, and now it’s breaking users’ favorite third-party Twitter clients like Tweetbot and Twitterific by shutting off APIs these apps relied on. Worse still, is that Twitter isn’t taking full responsibility for its decisions.
My takeaway is that high school management methods are more interesting than the dry and dusty notions of Peter Drucker or the old school consultants at the once untarnished blue chip consulting firms like McKinsey & Company and Booz, Allen type operations.
Business school curricula may need an update.
Stephen E Arnold, August 17, 2018