Musk’s Twitter takeover and its security implications

Image by Freepik

Earlier this week, Elon Musk acquired Twitter for $54.20 per share in cash, or approximately $44 billion. Upon completion of the transaction, Twitter will become a privately held company.

Hours after Twitter announced it was accepting his offer, Musk outlined several sweeping changes, two of which may have bigger implications for cybersecurity: making the Twitter algorithm open source to increase trust, and defeating spambots and authenticating all humans.

However, experts say Musk’s changes are unlikely to have the effect he desires. His plan to open-source the Twitter algorithm could instead introduce new security risks while doing little to boost transparency, according to MIT Technology Review.

Extrahop's Jamie Moles agrees, noting there are significant security implications, as with any widely adopted open-source code. “As we’ve observed with Log4Shell and Spring4shell, vulnerabilities in widely used open-source applications are exponentially more valuable. Making its code open source may increase transparency for Twitter users, but it may also make Twitter a much bigger target for attackers,” says Moles.

The other reform Musk proposed was to eliminate bots on the platform. Designed to mimic human users, social media bots can be used in dishonest and nefarious ways. In recent years, malicious actors have used bots to not only spread conspiracy theories and misinformation, but also as a method of pushing their spam and scams and deploying cyberattacks.

While this seems like a Sisyphean task, “if he’s successful, the methods used by Twitter to eliminate bots from the platform may generate new techniques that improve the detection and identification of spam emails, spam posts, and other malicious intrusion attempts,” Moles explains. Additionally, if Musk and his team can train artificial intelligence to be more effective in fighting bots, it may be highly beneficial to security practitioners everywhere, Moles adds.

Only time will tell on how this is all executed. Casey Ellis, Founder and CTO at Bugcrowd, tells Security he is a big fan of pulling back the curtains on how social media platforms and machine learning shape popular thought, how and where these systems can be weaponized to cause harm, the implications of this on today’s society are, and what improvements could be made to improve the integrity of information and news in the future.

“An increase in transparency around the mechanics of “how we all perceive what is true” is fundamentally a good thing if Musk follows through on these aspects of what he has committed around the purchase,” Ellis explains. “The one thing I’m absolutely sure of is that it’ll be an interesting ride, regardless of how it plays out.”

Maria Henriquez is a former Associate Editor of Security. She covered topics including cybersecurity and physical security, risk management and more.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.