Ex-Twitter workers tells FTC engineers CAN access ‘GodMode’ program and post from any accountAuthor: Yuvi January 25, 2023
Twitter GodMode – an internal tool used by hackers to tweet from high-profile accounts during the site’s massive security breach in 2020 – is still available to all of the company’s engineers, a whistleblower has claimed.
The bombshell complaint was reportedly filed this month with the Federal Trade Commission (FTC), and coincides with previous claims made by the company’s fired head of security, Peiter ‘Mudge’ Zatko.
If activated, the program in question, tabbed ‘GodMode’ by staffers for its outsized power, gives any engineer at the company the ability to tweet from any account, at their own discretion.
The program’s existence came to light in July 2020 following a high-profile hack that saw a great number of high profile accounts compromised, masterminded by a then-17-year-old Graham Clark.
The bombshell complaint was reportedly filed with the Federal Trade Commission this week, and coincides with claims made by Peiter ‘Mudge’ Zatko, the company’s fired head of security
Accounts seized by Clark and his cronies included Barack Obama, Jeff Bezos, and Bill Gates, and a then campaigning Joe Biden. The breach was only made possible by Twitter’s secret backdoor tool, which at the time was unknown to the greater public.
After the hack, Twitter said that it had and taken steps to address any security concerns that may have led to its systems being breached.
Now, more than two years later, an insider familiar with the innerworkings of the San Francisco company contends that is not the case, according to a new report published Tuesday in The Wall Street Journal that laid bare the new complaint.
In it, the unnamed whistleblower alleged that aside from changing the name of the tool – from GodMode to ‘PrivilegedMode’ – the company has continue to allow any of its engineers to freely access the application at will.
Perhaps most troubling, though, is that the complaint alleges that ‘Twitter does not have the capability to log which, if any, engineers use or abuse’ the program, which still gives staffers the ability to take over pages of any of the site’s 450million users.
The program’s existence came to light in July 2020 following a high-profile hack that saw a great number of accounts compromised, only made possible by Twitter’s secret backdoor tool
The whistleblower spoke with The Post on the condition of anonymity due to other employees allegedly being ‘threatened and harassed’ after airing concerns over the company’s security – which the insider said has worsened under new boss Elon Musk.
The Post said that by the time they spoke with the source, the insider had already aired their concerns to both the Senate Judiciary Committee and the House Energy and Commerce.
Only a few months earlier, Zatko, a 51-year-old celebrity hacker hired by then-CEO Jack Dorsey in late 2020, told the committee in official testimony that the social network ‘was over a decade behind industry security standards,’ as well as ‘a ticking bomb of security vulnerabilities.’
Fired from the firm in January of that year, Zatko, claims that Twitter had ‘extreme, egregious deficiencies’ in its protections against hackers saw him reach $7million settlement with the search giant last September.
At the time, Zatko’s claims were shot down by Dorsey’s recently fired replacement Parag Agrawal, who was nixed by Musk after the latter’s $44million takeover of the company in October.
The hack was masterminded by then-17-year-old Graham Clark, who is currently serving a three-year sentence for hijacking accounts belonging to Joe Biden, Barack Obama, and others
Twitter previously said Zatko was fired ‘for ineffective leadership and poor performance’ and that his whistleblower complaint ‘is riddled with inconsistencies and inaccuracies and lacks important context.’
His settlement was also first reported by the Journal, which reported the former staffer agreed to a nondisclosure agreement that forbids him from speaking publicly about his time at Twitter or disparaging the company.
The settlement resolved a dispute about unpaid compensation, but did not prevent him from filing a whistleblower complaint, which he did shortly after reaching the agreement with Twitter, in which he aired similar concerns as the new complainant.
Notably, the new complaint was filed in October – immediately after billionaire Musk, 51, purchased the company.
The insider said the company’s questionable security practices have since worsened under new boss Elon Musk
Lawyers have also requester further information on any reports about privacy vulnerabilities that Zatko may have sent to Twitter CEO Parag Agrawal or other top employees and are asking the company to provide more information about the section of an annual report that discusses fake accounts. Agrawal was one of the first fired by Musk during his takeover last year
The complaint contends that even with Musk’s arrival, Twitter’s practices in regards to security have not been bolstered as previously claimed, and could see the company soon find itself in hot water much as it did in 2020 after the hack, which was carried out by a group of friends with no links to state or organized crime.
‘After the 2020 hack in which teenagers were able to tweet as any account, Twitter publicly stated that the problems were fixed,’ read the new complaint, which, like Zatko’s, was filed by nonprofit law firm Whistleblower Aid.
‘However,’ the filing continued, ‘the existence of GodMode is one more example that Twitter’s public statements to users and investors were false and/or misleading.’
The Twitter logo is seen outside their headquarters in downtown San Francisco, California
Attorneys for the insiders went on to assert that their client ‘has a reasonable belief that the evidence in this disclosure demonstrates legal violations by Twitter.’
When asked the House Energy and Commerce panel for the reason he believed staffers have yet to nix the program, the whistleblower said it was chiefly due to the fact that it allows engineers the ability to tweet on behalf of advertisers who may be ‘unable to do it themselves.’
According to the FTC filing, the complainant included screenshots of code that showed the program in question still being accessible.
The program line that allows a user of the to to delete tweets, the complaint said, contains the capitalized warning: ‘THINK BEFORE YOU DO THIS.’
The whistleblower said that the only means of prohibiting engineers from using GodMode is its removing a line of code from the program, which can be easily added back in at any point by any staffer.
‘They removed this from one interface, but it still existed in other ways. They just changed the lock on one of the many front doors,’ the whistleblower wrote.
The new complaint serves to intensify the FTC’s ongoing probe into security concerns over what is now Musk’s Twitter, launched last year following Zatko’s assertions. The fruits of that investigation are still confidential.