‘GodMode’ access is still a problem at Twitter, another whistleblower alleges

More allegations bubble up about Twitter’s ‘GodMode’ cyber problems

Any Twitter engineer today can still activate a program that would allow them to tweet from any account, according to a new whistleblower who has emerged and filed a complaint with the Federal Trade Commission.

It backs up claims in an earlier whistleblower complaint by Peiter “Mudge” Zatko, who made more extensive allegations about Twitter security problems, my colleague Joseph Menn reports. The program in question in the latest complaint was once known as “GodMode” at the company.

Furthermore, “Twitter does not have the capability to log which, if any, engineers use or abuse GodMode,” the new complaint says. 

One very notable element of the complaint is that it was filed in October — after billionaire Elon Musk purchased the company — and the problem allegedly continues.

• Musk inherited his share of security woes from the prior leadership of the social media platform, from a 2011 FTC consent decree to the subjects of Zatko’s headline-catching congressional testimony and complaint. 
• Much (albeit not all) regulatory scrutiny of Twitter security thus far has been for things that didn’t happen under his ownership. Twitter recently rebuffed claims about an alleged data breach that surfaced online last month.
• Recently departed security staffers told The Washington Post matters have gotten worse, rather than better, under Musk.

As with Zatko’s complaint, which contended Twitter was in violation of the 2011 FTC consent decree that followed breaches at the company, the latest whistleblower complaint contends that Twitter’s activity could put it in legal jeopardy.

“After the 2020 hack in which teenagers were able to tweet as any account, Twitter publicly stated that the problems were fixed,” the new complaint says. “However, the existence of GodMode is one more example that Twitter’s public statements to users and investors were false and/or misleading.”

“Our client has a reasonable belief that the evidence in this disclosure demonstrates legal violations by Twitter,” it says.

The company’s current head of trust and safety, Ella Irwin, didn’t respond to an email seeking comment on the latest claims in the story by Joe. Former CEO Parag Agrawal, the chief executive for a year before Musk fired him in October, did not respond to a Twitter message seeking comment.

The whistleblower, who spoke with the Senate Judiciary Committee last week and the House Energy and Commerce panel before that, “also spoke with The Post on the condition of anonymity because other former employees have been threatened and harassed,” per Joe’s story.

• “In that interview, the new whistleblower said that following internal objections about the program, engineers had changed its name to ‘privileged mode.’ The whistleblower said the purpose of the program was to allow Twitter staff to tweet on behalf of advertisers unable to do it themselves.”
• “[T]he new whistleblower complaint says the GodMode code remains on the laptop of any engineer who wants it. All they would have to do is change a line of the code from FALSE to TRUE and run it from a production machine that they could reach through an easily accessible communications protocol known as SSH.”
• “The complaint includes screenshots of the code in question. The program line that allows a GodMode user to delete tweets contains the capitalized comment: ‘THINK BEFORE YOU DO THIS.’”
• Said the whistleblower: “They removed this from one interface, but it still existed in other ways. They just changed the lock on one of the many front doors.”

A worrisome element of this access, the whistleblower said in the interview, is that Twitter engineers have been hacked in the past.

The nonprofit law firm Whistleblower Aid filed both complaints — Zatko’s and the latest.

Ticketmaster blames cyberattack for chaotic Taylor Swift ticket sale

A wave of malicious bots launched an “attack” on Ticketmaster servers as Taylor Swift fans tried to land presale tickets last fall, a Live Nation executive is set to tell the Senate Judiciary Committee this morning.

“We were … hit with three times the amount of bot traffic than we had ever experienced, and for the first time in 400 Verified Fan onsales they came after our Verified Fan access code servers,” reads the prepared testimony from Joe Berchtold, president and chief financial officer of Live Nation Entertainment, which was formed in 2010 by the merger of Live Nation and Ticketmaster. “While the bots failed to penetrate our systems or acquire any tickets, the attack required us to slow down and even pause our sales.”

Berchtold is also set to argue to the Judiciary Committee that “industrial scalpers” are “breaking the law using bots and cyberattacks to try to unfairly gain tickets,” which “contributes to an awful consumer experience.”

Ticketmaster said at the time that high demands on the ticketing system forced them to suspend ticket sales for the pop megastar’s tour. Berchtold’s accounting of what happened adds further explanations, such as a volume of bot traffic — which have a history of bedeviling the broker — that was three times what it had ever experienced. But it also adds questions about the specifics of the “cyberattacks” that Ticketmaster is alleging.

South Dakota governor says phone was hacked

South Dakota Gov. Kristi L. Noem (R) linked the apparent hack to the disclosure of her Social Security number by the House committee investigating the Jan. 6, 2021, attack on the U.S. Capitol, but she hasn’t offered evidence for how she knows they were related, the Associated Press reports. Noem has asked the Justice Department and Congress to investigate the publication of her Social Security number, which was first reported by The Post.

“Callous mishandling of personal information has real world consequences,” Noem said in a statement. “If you get such a phone call from my number, know that I had no involvement.” 

The South Dakota Fusion Center has been notified of the incident, Noem said in the statement.

European law enforcement officials say they’ve seized millions in wake of Bitzlato shutdown

Law enforcement officials have seized around 18 million euros ($19.5 million) worth of cryptocurrency and have frozen 50 million euros ($54 million) in at least 100 accounts at cryptocurrency exchanges, Europol said in a statement. The announcement comes days after the U.S. Justice Department announced that it had charged cryptocurrency exchange Bitzlato’s Russian owner, Anatoly Legkodymov. 

“While the conversions of crypto-assets into fiat currencies is not illegal, investigations into the cybercriminal operators indicated that large volumes of criminal assets were going through the platform,” Europol wrote in its statement. It said that investigators found that around 46 percent of assets exchanged with Bitzlato — worth around 1 billion euros ($1.08 billion) — was linked to criminal activity.

Apple fixes actively exploited iOS zero-day on older iPhones, iPads (Bleeping Computer)

Fox News' defense in defamation suit invokes debunked election-fraud claims (NPR)

International Counter Ransomware Task Force kicks off (The Record)

What’s in a word? FCC’s proposed data breach rule redefines key terms (NextGov)

Fourth time around for vulnerability disclosure bill (FCW)

iOS 16.3 is now available with a big focus on security (The Verge)

• CIA deputy director for analysis Linda Weissgold speaks at an event hosted by the Intelligence and National Security Alliance today at 9 a.m.
• The Senate Foreign Relations Committee holds a hearing on countering Russia on Thursday at 10:30 a.m.
• The R Street Institute hosts an event on privacy and security legislation on Thursday at 4 p.m.

Thanks for reading. See you tomorrow.