GOING SOUTH: Twitter security team flips Musk the online bird with mass resignations
Social media platform Twitter continues to hemorrhage valuable employees responsible for online safety, security, and accountability, with the latest resignations being from Chief Information Security Officer (CISO), Lea Kissner, and the company’s chief privacy and chief compliance officers.
I've made the hard decision to leave Twitter. I've had the opportunity to work with amazing people and I'm so proud of the privacy, security, and IT teams and the work we've done.
I'm looking forward to figuring out what's next, starting with my reviews for @USENIXSecurity 😁
— Lea Kissner (@LeaKissner) November 10, 2022
According to messages on Twitter’s internal message board Slack, employees cited compliance with the Federal Trade Commission – or lack thereof – for the exodus.
“All of this is extremely dangerous for our users, ” the message says,”Given that the FTC can (and will) fine Twitter BILLIONS of dollars pursuant to the FTC Consent Order, extremely detrimental to Twitter’s longevity as a platform. Our users deserve so much better than this. ”
“All of this is extremely dangerous for our users,” the message says. “Given that the FTC can (and will!) fine Twitter BILLIONS of dollars pursuant to the FTC Consent Order, extremely detrimental to Twitter’s longevity as a platform. Our users deserve so much better than this.”
— Casey Newton (@CaseyNewton) November 10, 2022
Kissner was head of privacy engineering and promoted to CISO after the firing of former security head Peiter “Mudge” Zatko and then-CISO, Rinki Sethi, two of the most sought-after security leaders in the cybersecurity industry.
I get that this is a meme (and a damn good one at that), but losing "a strong security team" significantly downplays the years of damage Twitter has done to its security program. https://t.co/IJpJEPYUap
— Jake Williams (@MalwareJake) January 22, 2022
In 2011, Twitter and the Federal Trade Commission entered into an agreement related to cybersecurity failings on the platform. Tech Crunch reported:
Twitter is currently under a 2011 agreement with the Federal Trade Commission, which accused Twitter of cybersecurity failings that allowed cybercriminals to access internal systems and user data.
The decree mandates that Twitter “establish and maintain a comprehensive information security program” to be audited every decade. It’s not clear how Twitter maintains that compliance with the FTC without a company security lead in place. One employee said in a company Slack that it was for Twitter engineers to “self-certify” compliance with the FTC.
The concern is warranted, considering the social media app was recently fined $150 million for violating the mandate and misusing users’ email addresses and phone numbers in a data-selling scheme.
Famed “hacker” Zatko joined Twitter as head of security in 2020. The cyber activist gained notoriety in the ’90s as part of the ethical hacking collective, Cult of the Deadcow. Zatko, better known as “Mudge,” testified before congress earlier in the year, accusing Twitter of “Covering up security failures, duping regulators and misleading lawmakers.” Zatko testified that there were several foreign agents working for the platform.
Mudge told the panel that the spy was an agent of China’s Ministry of State Security, or MSS, the country’s main intelligence agency. He added that because Twitter engineers — about 4,000 employees — have broad access to company data, a foreign agent hired as an engineer would have access to personal user information and potentially other sensitive company information, such as Twitter’s plans to censor information in a certain region or concede to demands of a government request. But because Twitter did not closely monitor or log employees’ access, according to his complaint, Mudge said it was “very difficult” to identify what specific data was taken by Twitter employees as foreign agents.
The resignations were accompanied by a link to the website “Whistleblower Aid,” a place to safely and anonymously report acts of corporate corruption and unethical behavior.
It’s already been reported that the Twitter team asked employees laid off in a mass rooting of the application’s workforce and losing the most valuable members of its cyber team won’t be the assurance advertisers were looking for on the platform’s stability and marketability.
As the FTC and SEC crackdown on Musk’s moves, former occupants of Elon Musk’s Twitter clown car are jumping out.
According to Zatko, Twitter combats thousands of attempted data breaches daily. As cyber hacks and attacks increase, the resignation of Twitter’s cyber security team will only exacerbate the issue.
Original reporting by Zach Whitaker at Tech Crunch.
Follow Ty Ross on Twitter @cooltxchick
that supports ONLY good Democratic candidates
Please consider supporting the fund. Thank you!