Twitter employee deleting POTUS account is a lesson for all companies

A trusted insider turned the lights out on Twitter account of President Donald Trump, reminding us all how superuser access can be abused.

Twitter employee deleting POTUS account is a lesson for all of us
Michael Kan

Who likes to start their day with an aw-shucks moment? No one I know, yet that is exactly what happened over at Twitter when a departing customer support employee hit the kill switch for the Twitter account of the President of the United States (POTUS) Donald Trump.

With seemingly a mere click of the mouse and a few keyboard commands, the unidentified employee shut off the monolithic Twitter stream of POTUS, and, we assume, walked out the door.

For 11 minutes, those looking for "realDonaldTrump" received a Twitter equivalent of a 404 page, "Sorry, that page doesn't exist!

trump twitter account gone Twitter

Twitter, was on the case, and as noted, the account was "off" for only 11 minutes. TwitterGov tweeted:  

The tweet asks us to trust they are doing the right thing, investigating, and though we won't be able to see their security measures, they will be appropriate and designed to not allow such an event from happening again. 

Insider threat amplified to those in InfoSec

While many cheered the silencing of the POTUS Twitter account, those looking at the event through the prism of information security and insider threats weren’t smiling.

Indeed, their minds raced to the multitude of actions that this insider on his/her way out the door could have taken that may have caused a cascade of events to occur. The “what ifs” are innumerable — tweet a declaration of war, order a covert action, post inappropriate images, etc., etc., etc. 

They were looking at the mirror and asking themselves, can this happen at my company? 

Can you trust Twitter?

There is indeed an implied trust within the social network engagement by all users. This episode at Twitter demonstrates how customer support employees — be it at Twitter, Facebook, LinkedIn or the like — have in their hands superuser access that can be misused/abused to disrupt any account: yours, mine, your grandmothers, your favorite band, and, yes, even that of POTUS.

The New York Times tells us “how Twitter employees gathered in private Slack channels and used Twitter to send direct messages to one another to remark how insecure Mr. Trump’s account had been.” The NYT also wrote, “Hundreds of employees can access the accounts of so-called Very Important Tweeters and can take actions like disabling accounts.” 

Some Twitter accounts are more important than others? Apparently so. 

Perhaps in response to the NYT, Jack over at Twitter joined in with assurances and took the opportunity to post “Clarifying the Twitter Rules” — the timing of which seemed out of step. What he should have published for Twitter user's edification is the internal admonishment to the Twitter customer support team on their role as a trusted insider at the point of engagement with the user. 

The power of trusted insiders

Some of the most trusted roles within any enterprise are those who are involved with customer support. If an employee could turn off the stream of POTUS, whose stream is immune? Mine, yours?

Think of the ramifications should competitors wish to disrupt the business cycles of each other? Let your imagination run through the possible scenarios. Competitor A suborns a Twitter customer service rep to turn off the Twitter stream of Competitor B right as the quarterly financial livestream is to begin,  or he asks them to insert a brand-damaging tweet into the stream — BOOM, Competitor B is in crisis management, not customer engagement.

Or a nation state asks for the login credentials for the accounts of various heads of state and then uses those in one blitz, creating the appearance of a public dialog and causing innumerable cycles to be expended by those affected nations to unwind the damage.

No, this Twitter employee's action wasn’t about user behavior. This event demonstrated the need to have checks and balances in place to provide assurances that those in positions of trust can be trusted.

Think about your own company. What can your insider do to damage your brand or trust with your users? Take this event, and internalize it before it happens to you.

NEW! Download the Fall 2018 issue of Security Smart