December 5, 2022

INSECURITY: Twitter hemorrhages safety staffers as Musk destroys platform

INSECURITY: Twitter hemorrhages safety staffers as Musk destroys platform

- Advertisement Above -

Social media platform Twitter continues to hemorrhage valuable employees responsible for online safety, security, and accountability, with the latest resignations being from Chief Information Security Officer (CISO), Lea Kissner, and the company’s chief privacy and chief compliance officers.

OW-Advertisement

According to messages on Twitter’s internal message board Slack, employees cited compliance with the Federal Trade Commission – or lack thereof – for the exodus.

“All of this is extremely dangerous for our users, ” the message says,”Given that the FTC can (and will) fine Twitter BILLIONS of dollars pursuant to the FTC Consent Order, extremely detrimental to Twitter’s longevity as a platform. Our users deserve so much better than this. ”

Kissner was head of privacy engineering and promoted to CISO after the firing of former security head Peiter “Mudge” Zatko and then-CISO, Rinki Sethi, two of the most sought-after security leaders in the cybersecurity industry.

Sponsored Links

In 2011, Twitter and the Federal Trade Commission entered into an agreement related to cybersecurity failings on the platform. Tech Crunch reported:

Sponsored Links

Twitter is currently under a 2011 agreement with the Federal Trade Commission, which accused Twitter of cybersecurity failings that allowed cybercriminals to access internal systems and user data.

The decree mandates that Twitter “establish and maintain a comprehensive information security program” to be audited every decade. It’s not clear how Twitter maintains that compliance with the FTC without a company security lead in place. One employee said in a company Slack that it was for Twitter engineers to “self-certify” compliance with the FTC.

The concern is warranted, considering the social media app was recently fined $150 million for violating the mandate and misusing users’ email addresses and phone numbers in a data-selling scheme.

Famed “hacker” Zatko joined Twitter as head of security in 2020. The cyber activist gained notoriety in the ’90s as part of the ethical hacking collective, Cult of the Deadcow. Zatko, better known as “Mudge,” testified before congress earlier in the year, accusing Twitter of “Covering up security failures, duping regulators and misleading lawmakers.” Zatko testified that there were several foreign agents working for the platform.

Mudge told the panel that the spy was an agent of China’s Ministry of State Security, or MSS, the country’s main intelligence agency. He added that because Twitter engineers — about 4,000 employees — have broad access to company data, a foreign agent hired as an engineer would have access to personal user information and potentially other sensitive company information, such as Twitter’s plans to censor information in a certain region or concede to demands of a government request. But because Twitter did not closely monitor or log employees’ access, according to his complaint, Mudge said it was “very difficult” to identify what specific data was taken by Twitter employees as foreign agents.

But they weren’t the only ones. A common theme in Mudge’s complaint is that Twitter did not have the visibility to know what data engineers had access to, or what user data or company information they were accessing. But one system that tracked logins for Twitter engineers found that it was registering “thousands” of failed attempts to log in to Twitter’s systems each week, Mudge told members of Congress.

The resignations were accompanied by a link to the website “Whistleblower Aid,” a place to safely and anonymously report acts of corporate corruption and unethical behavior.

It’s already been reported that the Twitter team asked employees laid off in a mass rooting of the application’s workforce and losing the most valuable members of its cyber team won’t be the assurance advertisers were looking for on the platform’s stability and marketability.

Sponsored Links

As the FTC and SEC crackdown on Musk’s moves, former occupants of Elon Musk’s Twitter clown car are jumping out.

According to Zatko, Twitter combats thousands of attempted data breaches daily. As cyber hacks and attacks increase, the resignation of Twitter’s cyber security team will only exacerbate the issue.

Original reporting by Zach Whitaker at Tech Crunch. 

Follow Ty Ross on Twitter @cooltxchick

 

Ty Ross

News journalist for Washington Press and Occupy Democrats.

Sponsored Links