Will Twitter Sue TechCrunch?
posted by AnkawaPost @ 10:23am, Thursday 16 July 2009.
Will Twitter take legal action against Web sites that publish the company's confidential documents, which were leaked by a hacker? Although the micro-blog isn't coming right out and saying it, Twitter co-founder Evan Williams published a blog post yesterday suggesting legal action was a possibility.
In a post entitled, "Twitter, Even More Open Than We Wanted," Williams said: "We are in touch with our legal counsel about what this theft means for Twitter...and anyone who accepts and subsequently shares or publishes these stolen documents. We're not sure yet exactly what the implications are for folks who choose to get involved at this point but when we learn more and are able to share more, we will."
Williams also pointed out that while the publication of these documents could be embarrassing for the company, they aren't particularly revelatory about Twitter's future plans. But Williams also wrote that publishing the purloined documents could "jeopardize relationships with Twitter's ongoing and potential partners."
The confidential documents Williams refers to were obtained by a French hacker named Hacker Croll. The hacker reportedly obtained the data by gaining unauthorized access to a Twitter employees' personal e-mail account, and then using information in the e-mail account to access company documents stored on the Google Apps service. Williams said Twitter does not fault Google's security for the break in, and will continue to use Google Apps.
Twitter frenzy
While many news outlets and blogs are publishing accounts of the ongoing document theft, TechCrunch is the only high-traffic blog that has, to my knowledge, received the confidential documents and made the decision to publish them. If Twitter does decide to take legal action for publishing the documents, it seems likely TechCrunch could be a target of those proceedings.
TechCrunch has come under criticism for its decision to publish some of these documents, which the blog considers to be of significant news value. TechCrunch co-founder Michael Arrington said the blog disagrees with the notion the information was "stolen" and therefore should not be published. He argued that his site posts confidential information "almost every day" that has been "leaked by an employee or someone else close to the company," so why should Twitter's confidential information be any different?
Lawyers, Lawyers , and more lawyers
It's not surprising that Twitter would want to vigorously protect its intellectual property and other confidential information by considering legal action. But what is strange is a statement by TechCrunch that the blog has been working with Twitter lawyers to negotiate publication of these documents. I have no idea what those discussions might entail, but it's hard to imagine Twitter's legal counsel giving the green light to the publication of any documents in light of Williams' blog post. However, the negotiations may be working, since TechCrunch has so far published just two pieces of information: pitch documents for a reality TV show called Final Tweet, and a redacted version of a document detailing Twitter's financial projections.
Where's the beef?
Instead of an avalanche of information, very little has been revealed from the supposedly 310 documents TechCrunch has in its possession. Blogger Robert Scoble on FriendFeed posted a discussion thread with the idea that TechCrunch could be taking a cautious approach to publication in order to avoid damaging its relationship with Twitter and sources close to the company.
The benefit Scoble discusses is the amount of Web traffic TechCrunch has received from being on Twitter's suggested user list--the SUL is a list of 100 follow-worthy accounts Twitter recommends to users new to the service. "TechCrunch is on Twitter's Suggested User List," Scoble wrote. "They have been gifted about 880,000 followers by being on that list, AKA "SUL". That's worth a lot of money."
The problem with Scoble's idea is that it flies in the face of the basic journalistic ethic not to let the influence of advertising--paid or otherwise--sway your news coverage. In addition to TechCrunch, Twitter's SUL includes personalities and news feeds from major media organizations including ABC, BBC, CBS, CNN, NPR, The New York Times and Time magazine. The TechCrunch Twitter feed has close to one million followers, and as of this writing is still on Twitter's SUL.
With the ongoing controversy over what has been unfortunately dubbed '#Twittergate' (was there ever any doubt this would happen?), Google has published a blog post about security measures it takes to secure your Google account.
Hacker Steals Twitter’s Confidential Documents
posted by AnkawaPost @ 7:02am, Thursday 16 July 2009.
Hackers are getting more creative in targeting certain companies and Twitter has recently discovered the consequences of such an attack. About a month ago, an administrative employee at Twitter was targeted and her personal e-mail was hacked, according to a blog post today by Twitter co-founder Biz Stone. The hacker used information in the e-mail account to access this employee’s Google Apps account, which contained a wide variety of Twitter documents from ideas to financial details. Today TechCrunch said it had received 310 confidential Twitter documents in a zip file from the hacker who calls himself Hacker Croll.
Twitter CEO Evan Williams
In the last few years, security experts have seen an increase in the amount of highly-targeted attacks. Unlike, say, massive spam campaigns designed to get employees to divulge personal information like bank accounts, these types of attacks involve hackers targeting anywhere from one to five employees within a company. The motive is to steal confidential information that the hacker will use to make a profit, says Patrik Runald, chief security advisor at F-Secure, a security firm. The types of organizations frequently targeted in these attacks are defense contractors, governments and non-profits with ties to Tibet, he says.
Many times, as in the Twitter incident, the target of the attack involves employees who are not in the executive suite because those employees often have access to information hackers can use, whether it’s blueprints or large databases of customer information. For example, at defense contractor Northrop Grumman, hackers often try to target the computers of employees in the contracts department because of their knowledge of the marketplace, said Tim McKnight, chief information security officer at the company in a recent interview with BusinessWeek.
After the Twitter incident first became public, some speculated about the quality of Google’s security but Biz Stone absolved Google Apps in his blog post. “This attack had nothing to do with any vulnerability in Google Apps which we continue to use,” he wrote. Instead, he wrote, the incident underscored the need for choosing strong passwords.
The best passwords have more than 8 or 9 characters and are comprised of alphanumeric characters, a combination of letters and numbers, says John Pirc, a former cybersecurity specialist for the CIA and current executive with IBM Internet Security Systems. But really, he says, this is a people issue in that employees often don’t practice good password safety and may use the same password for many different applications.
Yet, the incident does underscore some risks involved with cloud computing in the enterprise. Some have called for better security mechanisms. “With the Twitter data, hackers were able to take a password and log on anonymously from anywhere,” says Rich Marcello, president of the systems and technology business at Unisys. Now Unisys is working on a higher level of security that would essentially cloak the data that comes into its cloud and only users within certain communities logging in from certain locations would be able to see the information. It’s akin to how only certain characters who are members of a specific group in Harry Potter are able to physically see the headquarters of the Order of the Phoenix. “If you can do that, even if there’s a password issue, there’s no way hackers can make any sense of the data,” says Marcello.
Companies also need to think about the kinds of information they’re putting in the cloud. While e-mail collaboration may be available over the Internet from reputable service providers with good track records in security, some applications are better left behind the firewall, says Dennis Quan, director of autonomic computing at IBM, who suggests private clouds for applications dealing with classified or confidential information.
“Part of the beauty of cloud computing is that users don’t need to understand the ins and outs of the technology they are using,” says Quan, adding, “This simplicity is great for consumers but can be dangerous for enterprises and governments.”
