Will Elon Musk’s Twitter Takeover Have Cybersecurity Implications?

Elon Musk’s $44bn confirmed takeover of social media giant Twitter has hit the headlines this week, rapidly prompting heated debate. Much of this has centered on how the new ownership will impact discourse on the popular platform following Musk’s well-publicized criticisms of its current approach to free expression.

The billionaire businessman, who is founder and CEO of SpaceX and early-stage investor and CEO at Tesla, has also made some interesting pronouncements relating to cybersecurity on the platform. One of these is his vow to crack down on bot accounts and authenticating all users as humans. On April 21, before the deal was finalized, Musk tweeted: “if our twitter bid succeeds, we will defeat the spam bots or die trying!”

Bots have increasingly been used for nefarious purposes on Twitter, including cyber-criminals to spread malicious content containing malware.

In addition, Musk has promised to make Twitter’s algorithm open source “to increase trust.” The businessman has voiced his suspicions that the firm’s current algorithms contain in-built biases, thereby stifling certain viewpoints.

While it is too early to know exactly how Musk will tackle these two issues, cybersecurity experts have already begun debating the challenges and potential implications of pursuing these aims.

Defeating Bots

Musk’s ambition to tackle surging bots on Twitter is a major positive from a cybersecurity standpoint and could lead to wider benefits in this field, according to Jamie Moles, senior technical manager at ExtraHop. “Musk has stated that he's on a mission to eliminate bots on the platform. While this seems like a Sisyphean task, if he's successful, the methods used by Twitter to eliminate bots from the platform may generate new techniques that improve the detection and identification of spam emails, spam posts and other malicious intrusion attempts. If Musk and his team can train artificial intelligence to be more effective in combating this, it may well be a boon to security practitioners everywhere," he said.

Speaking on the keynote stage at the Retail Technology Show today with Gener8 founder, Sam Jones, rapper and TV presenter Tinie Tempah offered his support for the move, arguing it will improve trust and ultimately the nature of discourse on the platform: “If someone like Elon can take this bold step – he said he wants to verify each human that’s on there – so in the same way that me and Sam have a blue tick, everyone will have one and therefore be held accountable for what they say and I think that’s the way it should be.”

However, Amir Nooriala, chief commercial officer at Callsign, argued this move would not be sufficient to prevent nefarious activity from occurring on the social media platform. “Elon Musk’s promise to “defeat spambots” and “authenticate all humans” is a step in the right direction but simplifies a much larger problem of trust online. Digital identity is largely broken, and simply authenticating whether an account is run by a human or a piece of software doesn’t solve the wider problem of a lack of consumer trust in social media platforms or that someone really is who they say they are.”

"Elon Musk’s promise to “defeat spambots” and “authenticate all humans” is a step in the right direction but simplifies a much larger problem of trust online"

Nooriala added that if Musk is genuine in his ambition to authenticate all humans, he should consider verifying users when they sign up; otherwise, it is extremely difficult to ensure a user is whom they say they are when they log back in. “Musk’s comments should spark a welcome debate on the importance and complexity of online identities at a policy level. Privacy campaigners and consumers are often nervous about having to give up their personal details and risk their anonymity, but this is often a misunderstanding. Authentication should always be built around privacy and security, not surveillance and data collection. If a major social network were to push for better digital identity policies, this would have huge ramifications globally and help to protect internet users across all online services,” he said.

Open Source Algorithm

Musk’s promise to make Twitter’s algorithm open source has unsurprisingly generated significant interest within the tech industry. For those passionate about freedom of speech and share Musk’s view of the platform as a “digital town square,” this approach will provide vital democratic benefits. Matthew Hodgson, CEO and co-founder of Element, outlined: “The way forward is to decentralize Twitter and decentralize moderation: no one person should control the town square. By building on an open protocol – like Matrix – users could subscribe to reputation feeds for the content they desire, rather than be at the mercy of any algorithm (transparent or otherwise). Musk’s takeover bid has now been approved by Twitter’s board, which could be the first step towards a decentralized Twitter – giving power back to its users.”

In the view of ExtraHop’s Moles, making the site’s software architecture open source will create new marketing opportunities and therefore is likely to be replicated on other online platforms. “The decision to open-source this code likely means that it will be adopted by other social platforms, advertisers, and others who are looking to hone their user targeting,” he commented.

Sadly, Moles also believes such a move will make Twitter more vulnerable to cyber-attacks, with cyber-criminals finding it easier to discover and exploit security weaknesses on the platform. “As with any widely adopted open-source code, there are significant security implications. As we’ve seen with Log4Shell and Spring4Shell, vulnerabilities in widely used open-source applications are exponentially more valuable. Making its code open source may increase transparency for Twitter users, but it may also make Twitter a much bigger target for attackers,” he noted.

Nick Ross, a cybersecurity consultant at Trend Micro, echoed these fears, stating: “With over 300 million users including world leaders, Twitter is already a massive threat vector. If Twitter were to become an open-source platform as Musk has said he plans to do, we can expect further exposure to risk. Regarding the open-source approach to Twitter on user privacy, we saw a similar issue in recent times with the Log4Shell (Log4J) zero-day vulnerability. Open-source libraries, which are often developed and maintained by volunteers and part-time contributors, raise questions around who is responsible when something goes wrong.”

Elon Musk’s acquisition of one of the world’s largest social media platforms, Twitter, has sparked a range of emotions, ranging from relief and excitement to fear and anger. His ambitions to stop bots on the site and make Twitter’s algorithm open source potentially have big implications for cybersecurity. These areas will undoubtedly be observed closely in the industry over the coming months and years.

What’s Hot on Infosecurity Magazine?