A trusted insider turned the lights out on Twitter account of President Donald Trump, reminding us all how superuser access can be abused. Credit: Michael Kan Who likes to start their day with an aw-shucks moment? No one I know, yet that is exactly what happened over at Twitter when a departing customer support employee hit the kill switch for the Twitter account of the President of the United States (POTUS) Donald Trump.With seemingly a mere click of the mouse and a few keyboard commands, the unidentified employee shut off the monolithic Twitter stream of POTUS, and, we assume, walked out the door.For 11 minutes, those looking for “realDonaldTrump” received a Twitter equivalent of a 404 page, “Sorry, that page doesn’t exist! TwitterTwitter, was on the case, and as noted, the account was “off” for only 11 minutes. TwitterGov tweeted: Update: We have implemented safeguards to prevent this from happening again. We won’t be able to share all details about our internal investigation or updates to our security measures, but we take this seriously and our teams are on it. https://t.co/8EfEzHvB7p— Twitter Government (@TwitterGov) November 3, 2017The tweet asks us to trust they are doing the right thing, investigating, and though we won’t be able to see their security measures, they will be appropriate and designed to not allow such an event from happening again. Insider threat amplified to those in InfoSecWhile many cheered the silencing of the POTUS Twitter account, those looking at the event through the prism of information security and insider threats weren’t smiling. Indeed, their minds raced to the multitude of actions that this insider on his/her way out the door could have taken that may have caused a cascade of events to occur. The “what ifs” are innumerable — tweet a declaration of war, order a covert action, post inappropriate images, etc., etc., etc. They were looking at the mirror and asking themselves, can this happen at my company? Can you trust Twitter?There is indeed an implied trust within the social network engagement by all users. This episode at Twitter demonstrates how customer support employees — be it at Twitter, Facebook, LinkedIn or the like — have in their hands superuser access that can be misused/abused to disrupt any account: yours, mine, your grandmothers, your favorite band, and, yes, even that of POTUS.The New York Times tells us “how Twitter employees gathered in private Slack channels and used Twitter to send direct messages to one another to remark how insecure Mr. Trump’s account had been.” The NYT also wrote, “Hundreds of employees can access the accounts of so-called Very Important Tweeters and can take actions like disabling accounts.” Some Twitter accounts are more important than others? Apparently so. Perhaps in response to the NYT, Jack over at Twitter joined in with assurances and took the opportunity to post “Clarifying the Twitter Rules” — the timing of which seemed out of step. What he should have published for Twitter user’s edification is the internal admonishment to the Twitter customer support team on their role as a trusted insider at the point of engagement with the user. The power of trusted insidersSome of the most trusted roles within any enterprise are those who are involved with customer support. If an employee could turn off the stream of POTUS, whose stream is immune? Mine, yours?Think of the ramifications should competitors wish to disrupt the business cycles of each other? Let your imagination run through the possible scenarios. Competitor A suborns a Twitter customer service rep to turn off the Twitter stream of Competitor B right as the quarterly financial livestream is to begin, or he asks them to insert a brand-damaging tweet into the stream — BOOM, Competitor B is in crisis management, not customer engagement.Or a nation state asks for the login credentials for the accounts of various heads of state and then uses those in one blitz, creating the appearance of a public dialog and causing innumerable cycles to be expended by those affected nations to unwind the damage.No, this Twitter employee’s action wasn’t about user behavior. This event demonstrated the need to have checks and balances in place to provide assurances that those in positions of trust can be trusted. Think about your own company. What can your insider do to damage your brand or trust with your users? Take this event, and internalize it before it happens to you. Related content news analysis China’s MSS using LinkedIn against the U.S. The head of the U.S. National Counterintelligence and Security Center says China's MSS is using social networks, specifically LinkedIn, to target, access, and recruit U.S. sources. By Christopher Burgess Aug 31, 2018 4 mins Social Engineering Cybercrime Security news analysis Tesla insider with expired NDA spills the tech beans A former Tesla engineer with an expired non-disclosure agreement (NDA) shared inside technical information on an obscure forum, which was quickly shared across multiple social media platforms. By Christopher Burgess Aug 30, 2018 3 mins Risk Management Security news analysis Horizon Air tragedy highlights airline insider threat vulnerability The ease at which a Horizon Air employee was able to steal and crash a Bombardier Q400 turboprop will likely prompt airlines to develop an insider threat mitigation strategy to close this vulnerability. By Christopher Burgess Aug 13, 2018 4 mins Security news analysis How did the TimeHop data breach happen? Compromise of an employee's credentials, lack of multi-factor authentication, and weak insider threat analysis all played a factor in the recent TimeHop data breach in which 21 million user accounts were compromised. By Christopher Burgess Aug 10, 2018 4 mins DLP Software Analytics Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe