Security much? Twitter should have had a CISO to prevent Bitcoin hack, says US state financial body

Plus: Platform 'censors' US newspaper and triggers ordure tsunami

6 Reg comments Got Tips?

American financial regulators in New York have demanded Twitter be subject to harsher rules following the July hacks of prominent users' accounts – as CEO Jack Dorsey furiously backpedals after his website censored a news article from a US newspaper.

The New York State Department of Financial Services (DFS) demanded that Twitter be subject to more "cybersecurity protections", controlled and overseen, naturally, by itself.

“We need a comprehensive cybersecurity regulation and an appropriate regulator for large social media companies. The stakes are too high to leave to the private sector alone,” said the DFS, adding that its own “cybersecurity regulation for the financial services industry established an effective regulatory approach and is a good model here.”

Such calls are relatively routine in the hyper-charged world of American politics; yet another public sector body demanding more powers and more control over the private sector will not unduly worry anyone at Twitter, especially in light of regulatory threats from the UK’s “online harms” proposals.

The DFS’s report concentrated on the hack of Twitter in July by bad folk promoting a pump ‘n’ dump cryptocurrency scheme. Around 130 celebrities’ accounts, marked out by blue ticks on the social media platform, were hijacked and used to post links to a Bitcoin wallet along with false promises that “donations” to it would be doubled in return.

DFS blamed Twitter’s lack of a chief information security officer for the hack as well as the platform’s shift to homeworking. It identified the attack vector as "vishing" – voice-enabled phishing – where the hackers made phonecalls to Twitter posing as legitimate staffers and claiming to be struggling with corporate VPN access: “Armed with these personal details, the Hackers successfully convinced several Twitter employees that they were from Twitter’s IT department and stole their credentials,” said DFS.

Twitter censorship kerfuffle

Separately, Twitter CEO Jack Dorsey was forced into a very public reverse ferret after Twitter staffers blocked a problematic New York Post article from being shared on the platform because it had been labelled as “potentially harmful.”

It appears that most but not all Twitter users are unable to share the link either by posting it on the platform or sharing it through direct messages. A search for the article link shows some, mainly blue-ticked or political accounts, have managed to post it.

Predictably, the Republican Party was outraged that a news article embarrassing their opponent was out of circulation, with the political party’s Twitter operatives posting a rather menacing tweet:

Facebook, meanwhile, also limited distribution of the Post's story while "outside fact-checkers" reviewed the claims, spokesman Andy Stone told NPR.

Expect to read lots more about repeal of Section 230 of the American Communications Decency Act in the immediate future. ®

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Biting the hand that feeds IT © 1998–2020