Twitter engineers would have a tool to access and tweet from any account.
It would in fact be the famous “GodMode”, at the center in 2020 of the hack of accounts of great personalities like Barack Obama, Jeff Bezos, Bill Gates or even Elon Musk. Twitter had at the time announced that it had taken steps to resolve the problem. Which wouldn’t be so true.
The GodMode switches to “privileged mode”
Security problems at Twitter will never seem to end. Today, we learn that an old functionality that we thought was abolished still exists within the network. This is the “GodMode” which allowed employees of the company to be able to post from any account and which had been used by teenagers to carry out a Bitcoin scam.
According to a whistleblower who testified before the Federal Trade Commission (FTC) and the US Senate, this function would never have been abolished and would persist under the name of “privileged mode”. The measures taken by Twitter at the time of the scandal would be summarized according to the same source to remove default access to engineers. The latter must now change a line of code, passing it from “false” to “true” to open the service…
Engineers can do it all incognito
This testimony supports the revelations made last August by Peiter Zatko, former security chief of Twitter, on the many problems encountered by the network. He had at the time denied the shutdown of GodMode.
The problem is deep, because if any engineer is able to access any account on the planet (including, for example, those of heads of state) to post there, he could also delete messages or, conversely, re-upload deleted tweets. What’s worse is that it’s impossible for Twitter to know if an employee has used this privileged access.
According to the same source, the management would have preserved the functionality in order to allow employees to publish on behalf of advertisers unable to do so themselves. This move could come at a high price at a time when Twitter is looking for revenue. Several people familiar with the file at the FTC with whom the washington post were able to discuss indeed believe that the regulator could impose a fine of almost $ 1 billion if the charges materialize.
Sources: Engagement, washington post
5