Twitter Security Failure and the Need for Radical Evolution
With the recent twitter hoax, that originated from a “hacked” AP twitter handle causing the Dow Jones Ind. Avg. to drop 145 points instantly, and many other popular handles being hacked and used maliciously there is a growing concern regarding Twitters security and usage across top level institutions and corporations. What level of measures are being taken across these types of accounts, are they being followed and how can they be improved?
First, let’s not toss away the recent Twitter performance problems that had us scratching our heads for a few moments. Think it was just you, your network or operator error? Not necessarily. You can always check Twitters up-time and additional goodies at status.twitter.com and other outage reporting sites to see what is going on. Twitter is built on Open Source Software from the back end up to the front and maintain a team who work to “protect the security of your account” in addition to its volunteer crew.
Maintaining top notch security online is always a community effort, and we’re lucky to have a vibrant group of independent security researchers who volunteer their time to help us spot potential issues.
The company offers a form to complete if you feel your site has been hacked. But what about government handles? Celebrities? Press? There is a great deal published on Twitter’s Guidelines for Law Enforcement and Safety/Security. These are excellent to have and know, but would the general public be better served if the real time information network adhered to some level of guidelines, similar to that of the Health and Human Services guidelines?
A credible study on the government’s adoption and evolution of social media usage clearly identifies all of the standard protocols, “allow usage to only authorized users”, “prevent unnecessary functions such as IM” as well as others. But again, no real restrictions coordinated with Twitter itself. Nothing related to infrastructure and IT requirements. So, has the ability to communicate a message to millions as simple as a hack? An identified password?
On the other hand, in the event a subject matter is held and the intent of its capturer is to use Twitter (or any other media) is to publish it’s message there may be cause for a justified media pool (a unification of all mainstream media to publish a consistent message at the same time) for universal communication clarity. An answer to the Emergency Broadcast System.
Rest assured, the backbone of Twitter is hosted on a managed hosting environment with data centers across the country, 3% of which host Justin Beiber alone. So, the problem isn’t with the network or the hardware but rather, as usually is the case, with the simplicity of its intent – ease of use and connectivity.
Sad as it is, it’s as easy to hack a twitter account as it is to find serial numbers for your favorite software. Simply Google it. Rest in mind, I have never hacked a Twitter account or endorse even exploring the premise. The trouble is really the availability of this information. The problem are those who are seeking to do harm. The solution rests on Twitter’s hands to radically evolve its procedures across the top levels.