I love Twitter, and post a lot of links to security related stories via my @happygeek account. But now I am getting a little worried that I might suffer the same fate as a well known, and highly respected security expert. Mikko Hypponen is a familiar face around the security conventions, and a familiar name to anyone who reads security news blogs. Mikko is the Chief Research Officer at F-Secure, and knows a thing or two about issuing security warnings.
Shame that Twitter cannot say the same.
It all started back on August 3rd when Mikko posted a tweet which simply read:
"I guess somebody will fall for it... a desperate MySpace phishing site at www. rnyspece. com (don't go there)."
The eagle-eyed amongst you will note that Mikko inserted spaces into the URL to prevent the hard of thinking from clicking on a link to a phishing site. You might even have spotted the words 'phishing site' and the phrase 'don't go there' which were part of the posting.
Twitter, it would seem, did not spot any of these things. Although it took the micro-blogging outfit a couple of months not to spot them and suspend the @mikkohypponen Twitter account. Yes, suspended the account of a well known Internet security expert for passing on a warning about an Internet security threat. Doh. Or, as Twitter called it, strange activity. The official Twitter response when Mikko tried to access his account was a warning which read "this account is currently suspended and is being investigated due to strange activity. If we have suspended your account mistakenly, please let us know."
Mikko did just that, and got the rather patronising response from Twitter customer services of "I've unsuspended you acct. You were suspended for using the malware URL rnyspeceDOTcom in DMs. Be careful! We scan evrythng for malware." Yes, those were the Twitter customer service spellings.
Nice to know that Twitter apparently considers itself to be the security expert here. You might recall that it has been at the centre of some slack security scares itself in the recent past, such as when an employee got hacked and confidential company documents became public record. Not that I am going to dwell on such things, the issue here is why Twitter suspended the mikkohypponen account, the manner in which it did it and the nature of that customer service response.
Maybe Twitter didn't realise that Mikko was a leading security expert, after all there are millions of users of the service. Well, he told ZDNet that he had "worked with Twitter previously regarding twitter worms and such" so you might think they would remember him.
OK, but Twitter restored the account once he complained loudly about it so no harm done. Well, apart from the fact that, initially at least, Twitter did not restore the thousands of followers that Mikko had nor the people he himself followed, not to mention his Tweet archive. That has now been rectified I am pleased to report.
The above shows something of an immature system for dealing with such issues, as indeed does the customer service response which was not only patronising but I think really rather rude as well. Is it that hard to say 'sorry, we got it wrong' apologies for the inconvenience' rather than 'you've been very naughty and you are lucky we are being so nice about it' or is it just me?
Look, I'm pleased to learn that Twitter takes security matters seriously. Especially the posting of malicious links which is a real problem for it, the bad guys can and do post links to bad places. Yet the nature of the suspension would suggest that this is some kind of automatic scanning system for content deemed inappropriate or links known to be malicious. In this case I would suggest it was looking for the word rnyspece as Mikko deliberately posted a malformed URL to prevent link clicking. Again, you might think that this is a good thing, but here are two reasons why it is not.
Firstly, how come it took two months to discover the link and suspend the account posting it? If that's the time-scale involved then Twitter might as well save some resources and pull the plug on that filtering. The phishing gangs do not hang around for months, they are generally fly-by-night types with sites up and down like a whore's drawers.
Secondly, what about the retweet situation? Twitter itself states, in a blog posting regarding Project Retweet which will bring official support to retweeting, that "The open exchange of information can have a positive global impact and the more efficient dissemination of information across the entire Twitter ecosystem is something we very much want to support." Well, it has a funny way of showing it. If you suspend someone for posting something inappropriate, what about anyone who retweets that posting? If the filtering system is, indeed, automated then rewteeters are surely also at risk of suspension.
