Twitter GodMode still available to all engineers, following huge hack
Twitter GodMode still available to all engineers, following hack of Apple and other accounts
Ben Lovejoy
- Jan. 24th 2023 5:27 am PT
@benlovejoy
Twitter GodMode | 'God rays over a lake'
9 Comments
FacebookTwitterPinterestLinkedInReddit
Twitter GodMode – an internal tool that hackers used to tweet from high-profile accounts, including Apple, back in 2020 – remains available to all of the company’s engineers, according to a new report today.
Twitter had previously said that the security hole had been fixed, but a whistleblower said that aside from changing the name of the tool from GodMode to PrivilegedMode, the company had made only one change – and that still allowed any Twitter engineer to trivially gain uncontrolled access to it …
Background
Apple’s official Twitter account @Apple was one of a number of high-profile accounts compromised back in 2020. Other accounts affected were:
Joe Biden
Jeff Bezos
Bill Gates
Mike Bloomberg
Kanye West
Uber
Floyd Mayweather
Cash App
Warren Buffett
Barack Obama
MrBeast
Oh, and one more: Elon Musk.
The hack was all the more notable because it was possible despite the fact that many of the accounts used two-factor authentication, meaning that access should have been impossible even with the account password.
As it happened, the hackers simply posted a Bitcoin scam, but the ability to tweet absolutely anything from such high-profile and trusted accounts could have led to far more serious consequences.
It later came to light that the hack was made with an internal tool, then known as GodMode. Those with access to GodMode could post tweets from literally any account, without the need for account-specific authentication. GodMode also allowed existing tweets to be deleted.
Twitter GodMode still available to all engineers
Twitter said afterwards that it had investigated, and taken steps to address the problem. However, according to a whistleblower, the only change was to withdraw default access to the tool. Any engineer who wanted access to it only had to change the flag in one line of code from FALSE to TRUE.
The Washington Post reports that a whistleblower reported this to Congress back in October, and it has now been shared with the paper by a congressional staffer.
A new Twitter whistleblower has emerged, supporting last year’s surprising testimony about the dismal state of the company’s privacy protections and saying the company continues to violate its legal obligations under new owner Elon Musk.
The former employee has told members of Congress and staff at the Federal Trade Commission that any Twitter engineer can activate an internal program until recently called “GodMode” and tweet from any account today, three months after Musk’s takeover […]
The new whistleblower said that following internal objections about the program, engineers changed its name to “privileged mode.” The whistleblower said the purpose of the program was to allow Twitter staff to tweet on behalf of advertisers unable to do it themselves […]
The new whistleblower complaint says the GodMode code remains on the laptop of any engineer who wants it. All they would have to do is change a line of the code from FALSE to TRUE and run it from a production machine that they could reach through an easily accessible communications protocol known as SSH.
The whistleblower said that not only can any engineer make this change themselves, but that Twitter security staff has no way to know who has done it.
The report backs claims by former Twitter security head Peiter Zatko that the company had “extreme, egregious deficiencies” in its protections against hackers.
Ben Lovejoy
- Jan. 24th 2023 5:27 am PT
@benlovejoy
Twitter GodMode | 'God rays over a lake'
9 Comments
FacebookTwitterPinterestLinkedInReddit
Twitter GodMode – an internal tool that hackers used to tweet from high-profile accounts, including Apple, back in 2020 – remains available to all of the company’s engineers, according to a new report today.
Twitter had previously said that the security hole had been fixed, but a whistleblower said that aside from changing the name of the tool from GodMode to PrivilegedMode, the company had made only one change – and that still allowed any Twitter engineer to trivially gain uncontrolled access to it …
Background
Apple’s official Twitter account @Apple was one of a number of high-profile accounts compromised back in 2020. Other accounts affected were:
Joe Biden
Jeff Bezos
Bill Gates
Mike Bloomberg
Kanye West
Uber
Floyd Mayweather
Cash App
Warren Buffett
Barack Obama
MrBeast
Oh, and one more: Elon Musk.
The hack was all the more notable because it was possible despite the fact that many of the accounts used two-factor authentication, meaning that access should have been impossible even with the account password.
As it happened, the hackers simply posted a Bitcoin scam, but the ability to tweet absolutely anything from such high-profile and trusted accounts could have led to far more serious consequences.
It later came to light that the hack was made with an internal tool, then known as GodMode. Those with access to GodMode could post tweets from literally any account, without the need for account-specific authentication. GodMode also allowed existing tweets to be deleted.
Twitter GodMode still available to all engineers
Twitter said afterwards that it had investigated, and taken steps to address the problem. However, according to a whistleblower, the only change was to withdraw default access to the tool. Any engineer who wanted access to it only had to change the flag in one line of code from FALSE to TRUE.
The Washington Post reports that a whistleblower reported this to Congress back in October, and it has now been shared with the paper by a congressional staffer.
A new Twitter whistleblower has emerged, supporting last year’s surprising testimony about the dismal state of the company’s privacy protections and saying the company continues to violate its legal obligations under new owner Elon Musk.
The former employee has told members of Congress and staff at the Federal Trade Commission that any Twitter engineer can activate an internal program until recently called “GodMode” and tweet from any account today, three months after Musk’s takeover […]
The new whistleblower said that following internal objections about the program, engineers changed its name to “privileged mode.” The whistleblower said the purpose of the program was to allow Twitter staff to tweet on behalf of advertisers unable to do it themselves […]
The new whistleblower complaint says the GodMode code remains on the laptop of any engineer who wants it. All they would have to do is change a line of the code from FALSE to TRUE and run it from a production machine that they could reach through an easily accessible communications protocol known as SSH.
The whistleblower said that not only can any engineer make this change themselves, but that Twitter security staff has no way to know who has done it.
The report backs claims by former Twitter security head Peiter Zatko that the company had “extreme, egregious deficiencies” in its protections against hackers.