Twitter whistleblower tells Congress and FTC that a major security problem hasn’t gone away under Elon Musk

POLICY

Twitter Inc. has a new whistleblower who has told Congress and the Federal Trade Commission that engineers at the company still have the use of a controversial tool that gives them godlike powers over content.

According to The Washington Post, which first reported the story today, the whistleblower is saying that a program called “GodMode” is still available to engineers at Twitter. This mode makes it possible to log into an account and write, restore or delete content – a powerful tool indeed.

The program has been available to any engineers who have it on their company laptop. What’s more, the whistleblower said in the new complaint that Twitter doesn’t even have the ability to log who’s used the program.

GodMode was the reason Twitter suffered one of its greatest humiliations in 2020 when, for a short time, the accounts of some of its most high-profile users were hacked. Some of the hijacked accounts belonged to people such as Barack Obama, Joe Biden, Jeff Bezos, Elon Musk and Bill Gates, which at the end of the day wasn’t as disastrous as it could have been. It was later discovered that internal tools had been hacked — namely GodMode.

Twitter later said that it had taken care of such glaring security issues, although during the drama that was Elon Musk’s effort to buy Twitter in 2022, the company’s former head of security Peiter Zatko turned whistleblower. He again embarrassed Twitter when he outlined what he called “extreme, egregious deficiencies” in Twitter’s management of security threats.

Zatko told the FTC and DOJ that nothing had changed after the hack and Twitter was as vulnerable as ever. That wasn’t a good look at a time when Musk himself was slamming the company for various inadequacies.

The new whistleblower says Twitter has told regulators that these matters of lax security have been cleaned up, and there is no longer any apparatus at Twitter affording Engineers God-given powers. “That’s a lie,” he told The Post. “They removed this from one interface, but it still existed in other ways. They just changed the lock on one of the many front doors.”

He explained that GodMode was merely renamed “Privileged Mode,” and all any engineer needs to do to access it is to change some code from “FALSE” to “TRUE,” after which they’ll be warned, “THINK BEFORE YOU DO THIS.”

This hardly seems like airtight security, especially – if the whistleblower is correct – skullduggery could be performed with near-impunity. The Post said it’s possible Twitter could be hit with a $1 billion fine if it’s proved the company has continued to act recklessly where security is concerned.

Photo: Alexander Shatov/Unsplash