I love Twitter, and post a lot of links to security related stories via my @happygeek account. But now I am getting a little worried that I might suffer the same fate as a well known, and highly respected security expert. Mikko Hypponen is a familiar face around the security conventions, and a familiar name to anyone who reads security news blogs. Mikko is the Chief Research Officer at F-Secure, and knows a thing or two about issuing security warnings.
Shame that Twitter cannot say the same.
It all started back on August 3rd when Mikko posted a tweet which simply read:
"I guess somebody will fall for it... a desperate MySpace phishing site at www. rnyspece. com (don't go there)."
The eagle-eyed amongst you will note that Mikko inserted spaces into the URL to prevent the hard of thinking from clicking on a link to a phishing site. You might even have spotted the words 'phishing site' and the phrase 'don't go there' which were part of the posting.
Twitter, it would seem, did not spot any of these things. Although it took the micro-blogging outfit a couple of months not to spot them and suspend the @mikkohypponen Twitter account. Yes, suspended the account of a well known Internet security expert for passing on a warning about an Internet security threat. Doh. Or, as Twitter called it, strange activity. The official Twitter response when Mikko tried to access his account was a warning which read "this account is currently suspended and is being investigated due to strange activity. If we have suspended your account mistakenly, please let us know."
Mikko did just that, and got the rather patronising response from Twitter customer services of "I've unsuspended you acct. You were suspended for using the malware URL rnyspeceDOTcom in DMs. Be careful! We scan evrythng for malware." Yes, those were the Twitter customer service spellings.
Nice to know that Twitter apparently considers itself to be the security expert here. You might recall that it has been at the centre of some slack security scares itself in the recent past, such as when an employee got hacked and confidential company documents became public record. Not that I am going to dwell on such things, the issue here is why Twitter suspended the mikkohypponen account, the manner in which it did it and the nature of that customer service response.
Maybe Twitter didn't realise that Mikko was a leading security expert, after all there are millions of users of the service. Well, he told ZDNet that he had "worked with Twitter previously regarding twitter worms and such" so you might think they would remember him.
OK, but Twitter restored the account once he complained loudly about it so no harm done. Well, apart from the fact that, initially at least, Twitter did not restore the thousands of followers that Mikko had nor the people he himself followed, not to mention his Tweet archive. That has now been rectified I am pleased to report.
The above shows something of an immature system for dealing with such issues, as indeed does the customer service response which was not only patronising but I think really rather rude as well. Is it that hard to say 'sorry, we got it wrong' apologies for the inconvenience' rather than 'you've been very naughty and you are lucky we are being so nice about it' or is it just me?
Look, I'm pleased to learn that Twitter takes security matters seriously. Especially the posting of malicious links which is a real problem for it, the bad guys can and do post links to bad places. Yet the nature of the suspension would suggest that this is some kind of automatic scanning system for content deemed inappropriate or links known to be malicious. In this case I would suggest it was looking for the word rnyspece as Mikko deliberately posted a malformed URL to prevent link clicking. Again, you might think that this is a good thing, but here are two reasons why it is not.
Firstly, how come it took two months to discover the link and suspend the account posting it? If that's the time-scale involved then Twitter might as well save some resources and pull the plug on that filtering. The phishing gangs do not hang around for months, they are generally fly-by-night types with sites up and down like a whore's drawers.
Secondly, what about the retweet situation? Twitter itself states, in a blog posting regarding Project Retweet which will bring official support to retweeting, that "The open exchange of information can have a positive global impact and the more efficient dissemination of information across the entire Twitter ecosystem is something we very much want to support." Well, it has a funny way of showing it. If you suspend someone for posting something inappropriate, what about anyone who retweets that posting? If the filtering system is, indeed, automated then rewteeters are surely also at risk of suspension.
I'm a hacker turned writer and consultant, specialising in IT security. I've been a freelance word punk for over 20 years and along the way I have seen 23 of my books published, produced and presented programmes for TV and radio, picked up a bunch of awards and continue being a contributing editor with PC Pro - the best selling IT magazine in the UK .
This reminds me of when a member of Ronald Reagan's cabinet cancelled a concert by the Beach Boys during the July Fourth celebrations in DC because he thought they were an offensive rock n roll band. Fortunately, President Reagan stepped in and not only apologized to the band but invited them to play at the White House. In the case of Twitter, the fact that they worked with Mikko in the past and obviously relied on an automated scan of the message and did not follow up with a human review is a huge black-eye for them. Hopefully someone in their PR group will come up with a creative way to turn this around.
I think the real problem is that Twitter is like a giant child, growing very quickly but still not mature. So when it runs around the playground knocking the small kids over it doesn't actually realise the damage that is being done.
The fact that there has been no official world from Twitter PR on this story, which was all over the Twitter security feeds as you might imagine, kind of just gives more weight to the whole notion of a business that has a lot of growing up, as opposed to simply growing, yet to do.
If your assessment is correct, then they forget my comparison to Reagans cabinet as they will look more like the current administration and their attacks on FoxNews for actually reporting news rather than the administration's version. Whether it is politics or business, if you want to play with the adults you better learn to act like one and roll with the punches.