Insider Threats: Ghostwriter Gone Rogue

Thursday, September 29, 2011

Javvad Malik

99edc1997453f90eb5ac1430fd9a7c61

I was scanning the twitters recently and @infosanity and others had pointed out that something was a bit wrong with the twitter stream of Mark Davidson.

Personally I don’t know who Mark Davidson is, but apparently he’s an internet marketer of sorts. But with over 54,000 twitter followers, I assume he’s pretty popular.

Anyway, it transpires that Mark has been using 3 ghost writers to tweet on his behalf over the last 4 years. Well, appears as if he fired one of them, but didn’t change his password. So like any fired employee in a drunken state, the ghost writer took to venting his frustration publicly in Marks twitter feed.

(Click images to enlarge)

image

image

I don’t want to debate whether or not people should be using ghost writers on twitter, or how much they should be paid or what the best way to fire somebody is.

What it does highlight, is that information security isn’t just something big companies need to think about. Even very small businesses or sole traders need to manage their risks.

So what could Mark Davidson have done to prevent this from occurring, and what can he do now that the incident has happened? *cue information security soundtrack (if there is one)*

Joiners Process

First off, you need to have a process by which employees join and leave the organisation. When you hire someone new, do a background check on them and even obtain character references.

Especially if that person is going to be your voice to the public. The last thing you want is a person with a history of being an alcoholic turning up to speak on your behalf in a drunken state at a school.

Sure it’s a limited check because you’ll only catch people with a ‘history’. But it may save you some.

Contract

I’m not suggesting a fully drawn out contract going into war and peace. But you need to have some legally binding document that lays out expectations of the employee such as confidentiality and non-disclosure agreements.

If such a thing is in place in this case, it would be far easier to pursue a legal course of action against the ghost writer if one chooses to do so.

Leavers Process

Letting an employee go is never an easy task. Even if the employee willingly leaves. You have to factor in the human element which ranges from people generally becoming lazy in their last few days through to malicious intent.

Very rarely will you see someone working hard till 5pm on their very last day to make sure they complete that last task.

Consider what assets the employee has had access to during their time. Do you need to get a laptop back from them? A mobile phone perhaps, revoke their access maybe? What you don’t want is someone who is no longer employed by you to still have access to your systems or information.

Understanding Restrictions

Twitter isn’t designed for multiple users sharing the same account.So there’s no easy way in which you can simply say, revoke access for ghost writer 3. You only have one ID and password, so you should make sure that as part of your leavers process you change the password.

It is also prudent to change the password on a regular basis just in case it has been compromised in the meantime. After all, you don’t have any control over what security measures (if any) your employees are taking to protect your password.

Incident Management

Now the incident has occurred what should Mark Davidson do? I’m not a PR expert, and there are many ways in which this can be handled. But the sensible options would be:

1. Change your password

2  Don’t share your passwords with your other ghost writers until you have established they aren’t sympathetic towards the rogue ghost writer and are still on your side.

3. Don’t cover it up. Be open about what happened. I’m sure most of your 50k plus followers will understand that there aren’t enough hours in a busy persons day to be tweeting everything themselves.

4. If you are considering suing the ghost writer, seek legal advice before saying anything.

5. Remind people how information security is so important in this day and age. How a seemingly small lapse can cause significant reputational harm.

Finally; if this was a PR stunt – bravo and thanks.

Cross-posted from J4vv4d

Possibly Related Articles:
5518
Policy
Information Security
Enterprise Security Risk Management Access Control internet Employees Policies and Procedures
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.