Twitter whistleblower tells Congress and FTC that a major security problem hasn’t gone away under Elon Musk - SiliconANGLE

[siliconangle.com] 4 days ago

Twitter Inc. has a new whistleblower who, it was reported today, has told Congress and the Federal Trade Commission that engineers at the company still have the use of a controversial tool that gives them God-like powers over content.

According to The Washington Post, which first reported the story, the whistleblower is saying that a program called “GodMode” is still available to engineers at Twitter. This mode makes it possible to log into an account and write, restore or delete content – a powerful tool indeed. This program has been available to any engineer who has the program on his company laptop. What’s more, the whistleblower said in the new complaint that Twitter doesn’t even have the ability to log who’s used the program.

GodMode was the reason Twitter suffered one of its greatest humiliations in 2020 when for a short time, the accounts of some of its most high-profile users were hacked. Some of the hijacked accounts belonged to people such as Barack Obama, Joe Biden, Jeff Bezos, Elon Musk, and Bill Gates, which at the end of the day, wasn’t as disastrous as it could have been. It was later discovered that internal tools had been hacked, namely, GodMode.

Twitter later said that it had taken care of such glaring security issues, although during the drama that was Elon Musk’s effort to buy Twitter in 2022, the company’s former head of security Peiter Zatko turned whistleblower and again embarrassed Twitter when he outlined what he called “extreme, egregious deficiencies” in Twitter’s management of security threats. He told the FTC and DOJ that nothing had changed after the hack and Twitter was as vulnerable as ever. This wasn’t a good look at a time when Musk was slamming the company for various inadequacies.

The new whistleblower says that Twitter has told regulators that these matters of lax security have been cleaned up, and there is no longer any apparatus at Twitter affording Engineers God-given powers. “That’s a lie,” he told The Post. “They removed this from one interface, but it still existed in other ways. They just changed the lock on one of the many front doors.” He explained that GodMode was merely renamed “Privileged Mode,” and all any engineer needs to do to access it is some code from “FALSE” to “TRUE,” after which they’ll be warned, “THINK BEFORE YOU DO THIS.”

This hardly seems like airtight security, especially – if the whistleblower is correct – skullduggery could be performed with near-impunity. The Post said that it’s possible Twitter could be hit with a $1 billion fine if it is proved the company has continued to act recklessly where security is concerned.

Photo: Alexander Shatov/Unsplash