Outside America, Musk's X is a Foreign Influence Threat

Written by

Tom Uren

Policy & Intelligence

Your weekly dose of Seriously Risky Business news is written by Tom Uren and edited by Patrick Gray . It's supported by Lawfare with help from the William and Flora Hewlett Foundation. This week's edition is sponsored by GreyNoise .

You can hear a podcast discussion of this newsletter by searching for "Risky Business News" in your podcatcher or subscribing via this RSS feed .

We have consistently argued for TikTok to be banned in the US as it could be a powerful tool for the Chinese government to interfere with American political discourse. For US allies, a similar argument now applies to X. 

Commentators in Canada and the UK have already floated the idea of banning X. Meanwhile, in France, prosecutors have announced they've opened an investigation into X over alleged algorithmic bias. The investigation was launched after the prosecutor's office received complaints about X's interference in French democratic debate. 

X isn't TikTok, but in many ways it's actually worse . X actively promotes CEO Elon Musk's hard-right, fascist ideology, while interference on TikTok is mostly a theoretical risk. TikTok might be up to something and might improperly use its influence one day. Musk's interference on X, on the other hand, is as subtle as a brick to the head. 

X has devolved into a cesspool of misinformation that vomits rivers of fascist propaganda onto the Internet.

Evidence of Musk's interference in other countries' politics is not hard to find . See, for example, this Guardian article from January this year:

…Musk has now used X as a platform to make aggressive interventions in not only US politics but those of other countries. He has endorsed the far-right AfD party in Germany and repeatedly hammered at the British Labour party. During anti-migrant riots in the UK last year he disparaged the prime minister as a "two-tier Keir" who protects the interests of immigrants in Britain over those of native-born citizens. Musk is also friendly with the far-right Italian prime minister Giorgia Meloni.

Even before Musk bought Twitter in 2022, the company's own research found its algorithm had a right-wing skew. Here's the difference, though. At the time, the finding was viewed as a potential problem within the company. When Twitter reported the results of its research, it stated that "further root cause analysis is required in order to determine what, if any, changes are required to reduce adverse impacts by our Home timeline algorithm".

Since Musk took charge the company has abandoned any pretence that the platform is striving for balance. Instead, it's reshaped its algorithms to suit Musk's personal whims. When a 2023 Musk tweet hyping the Philadelphia Eagles in the Super Bowl received less views than a similar tweet from President Biden , Musk demanded that Twitter's algorithm be "fixed". Per The Verge :  

In recent weeks, Musk has been obsessed with the amount of engagement his posts are receiving. Last week, Platformer broke the news that he fired one of two remaining principal engineers at the company after the engineer told him that views on his tweets are declining in part because interest in Musk has declined in general.

His deputies told the rest of the engineering team this weekend that if the engagement issue wasn't "fixed," they would all lose their jobs as well.

…

By Monday afternoon, "the problem" had been "fixed." Twitter deployed code to automatically "greenlight" all of Musk's tweets, meaning his posts will bypass Twitter's filters designed to show people the best content possible. The algorithm now artificially boosted Musk's tweets by a factor of 1,000 – a constant score that ensured his tweets rank higher than anyone else's in the feed.

Many Americans are certainly unhappy with Musk, but he's not breaking any laws by running X as a personal megaphone. Free speech is a constitutional right in the USA. And from a Trump Administration point of view, all is fine and dandy as long as he supports the President's agenda. 

But for many governments elsewhere, X is seen as a hostile foreign social media platform engaging in direct political interference.

Last year, X was temporarily banned in Brazil by the country's Supreme Court because the company did not follow court orders to suspend accounts involved in inciting a 2023 attack on federal government buildings in the country's capital, Brasilia. These riots followed the defeat of President Jair Bolsonaro in the 2022 Brazilian general election.  

X tried to avoid responsibility by shutting its offices in the country and refusing to appoint a legal representative to answer to the government there. Brazilian Supreme Court judge Alexandre de Moraes responded by blocking X nationwide and freezing Starlink's finances in Brazil. 

Brazil, with a population of 200 million people, is a significant market for X. Musk complied within weeks, despite his "never back down" rhetoric. 

Brazilian President Luiz Inácio Lula da Silva, said he hoped the crisis might teach the world that "it isn’t obliged to put up with [Elon] Musk’s far-right free-for-all just because he is rich".

We'll be watching closely to see if other leaders take Lula's words to heart.

For liberal democracies, banning a US social media company was previously unthinkable. But given the Trump administration does the unthinkable every second day, banning X sits very much within 2025's Overton window . 

Arbitrary Firings at NSA Undermine US Security

Testifying to the House Select Committee on the Chinese Communist Party, former NSA cyber security director Rob Joyce said that the kind of mass firings that are occurring across the federal government would be "devastating" for national security. 

Joyce expanded on his comments to Patrick Gray and Adam Boileau on Wednesday’s Risky Business podcast , saying that from a cyber security perspective, good talent is needed in government to help build resilience. Referring to the firing of probationary staff, Joyce said "the current environment is just undercutting a lot of the talent base".

He described probation during his own career as "perfunctory, unless you are screwing up". 

Joyce argues the mass firings of probationary employees breaks the unspoken intelligence community compact: the pay is bad, but the work is interesting, the mission is worthwhile, and the job is secure. These firings make NSA a far less attractive employer.

"I spent 34 years at NSA. I could have added a zero to my salary multiple times during my career had I walked out the door," he says. "I stayed for the mission and felt safe and secure."

Joyce also pointed out that probationary employees are often veterans retiring from military service who have sought-after skills. 

The firings are also counterproductive because they encourage the best people to leave due to the uncertainty. "The best of the best are the people who are going to have options [and] feel secure to be able to pull the ripcord,"Joyce said.  

The firing of probationary workers could similarly affect the pipeline of new recruits into the CIA. Per The Washington Post : 

After years of covid-19-induced delays, the CIA has executed a hiring surge, including of trainee case officers preparing to work undercover overseas to recruit and run foreign agents, said a second former senior intelligence official. The result, this official said, is that the number of probationary employees is currently far larger than usual.

There aren't university courses that churn out fully-fledged case officers. They have to be developed internally. 

Of course, NSA and CIA are massive organisations. If the Trump Administration had wanted to find a way to cut staff without damaging national security they could have. It just would have required more work and a cautious approach. This ain't it.

Watch Patrick Gray and Tom Uren discuss this edition of the newsletter:

Three Reasons to Be Cheerful This Week:

1. Fixing $12 million of bugs: Google's Vulnerability Reward Program paid a total of about USD$12 million to more than 600 researchers last year, according to the company's 2024 review of the program . The highest single reward was over USD$110,000. Since the program started in 2010, it has paid out a total of USD$65 million to researchers. 
2. Cryptocurrency money laundering arrest: Indian authorities have arrested the Lithuanian co-founder of the Moscow-based Garantex cryptocurrency exchange. Aleksej Besciokov was detained while vacationing on India's southern coast. Along with Russian national Aleksandr Mira Serda, Besciokov was indicted by the US Department of Justice last week on money laundering charges. Three Garantex domains were also seized. 
3. Media blitz outs Scam Empire: A collaborative investigation by 32 media outlets has released reports on a cybercrime cartel known as the Scam Empire. The group uses fraudulent advertisements to lure victims into cryptocurrency investment scams. One of the scam networks Scam Empire runs has generated USD$247 million in deposits from 27,000 victims across 30 countries over the last four years. The reports stem from a 1.9TB data leak from the group and it is great to see journalists collaborating on something like this. 

Sponsor Section

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Andrew Morris, founder of security firm GreyNoise. Andrew talks about the major trends in mass internet scanning and exploitation, as per GreyNoise's yearly threat report.

Attackers are automating exploitation at scale, targeting both new and old vulnerabilities — some before appearing in KEV. Our latest report breaks down which CVEs were exploited most in 2024, how ransomware groups are leveraging mass exploitation, and why real-time intelligence is critical.

GreyNoise 2025 Mass Internet Exploitation Report

The GreyNoise 2025 Mass Internet Exploitation Report breaks down real-world exploitation trends so security professionals can assess strategic changes to their cybersecurity program and prioritize what matters.

X (formerly Twitter) logo

Shorts

DDoS Downs X

Elon Musk blamed X outages this week on a "massive cyberattack" staged from "IP addresses originating in the Ukraine area". 

Wired dug deeper and its pithy summary is "security experts say that's not how it works". 

It looks like it was a run of the mill DDoS attack and a pro-Palestinian hacktivist group calling itself the Dark Storm Team claimed responsibility. Sources told Risky Business the attack was geographically distributed and a researcher told Wired that Ukraine was not even in the top 20 source countries.   

Risky Biz Talks

You can find the audio edition of this newsletter and other fine podcasts and interviews in the Risky Biz News feed ( RSS , iTunes or Spotify ).  

In our last "Between Two Nerds" discussion Tom Uren and The Grugq talk about what Europe should do given that US security guarantees are evaporating. Should Europe grow its cyber capabilities, what it would get out of it and how should it go about doing it? 

Between Two Nerds: Mind control powers - Risky Business

In this edition of Between Two Nerds Tom Uren and The Grugq talk about what Europe should do given that US security guarantees are evapora [Read More]

Risky Business Tom Uren

Or watch it on YouTube!

From Risky Biz News :

US indicts i-Soon and APT27 hackers: The US Department of Justice has unsealed charges against twelve Chinese nationals linked to two cyber-espionage groups.

The DOJ DC office indicted Yin Kecheng and Zhou Shuai , two members of the APT27 group, also known as Emissary Panda, Lucky Mouse, and Silk Typhoon.

Officials say the two worked as contractors and conducted hacking operations on behalf of China's Ministry of Public Security (MPS) and Ministry of State Security (MSS) since at least 2011.

Zhou allegedly contracted his work via a front company named Shanghai Heiying Information Technology.

[ more on Risky Business News]

Passkeys are phishable (but quite difficult through): Security researcher Tobia Righi has pulled off what appears to be the first successful passkey phishing attack.

The phishing vector existed solely in mobile browsers and has since been patched. Security updates have rolled out for all major browsers, such as Chrome / Edge (October 2024), Firefox (February 2025), and Safari (January 2025)—see CVE-2024-9956.

Righi's attack revealed that passkeys are not perfect, but his research also showed that passkeys are far superior to the old credential pair and classic multi-factor authentication solutions.

The attack was far more difficult to pull off and had a much more narrow scope than current web-delivered phishing kits, which you can host on any website together with a proxy server and even intercept MFA challenges.

[ more on Risky Business News including how the phishing attack requires hardware within Bluetooth LE range]

Large-scale study aims to assess Rowhammer's real world impact: A team of academics is conducting a large-scale public study to assess the real-world impact of the Rowhammer vulnerability.

First described in a 2014 research paper, Rowhammer is an attack that revolves around the concept of "hammering" a row of RAM memory cells with constant read or write operations. The constant process of turning memory cells on and off causes electrical interference on nearby memory cells, which academics say can be exploited to alter or leak memory data.

[ more on Risky Business News ]