Twitter Security Fail: Security Researcher Banned

Twitter's new initiative at strengthening its platform's security went awfully wrong on Tuesday, when the account of a renowned security researcher was suspended for posting an alleged malicious link two months ago. As it turns out, the offending message was actually a warning regarding a MySpace phishing site.

Mikko Hypponen, chief research officer at Finnish antivirus vendor F-Secure, was taken totally by surprise by a message reading, "This account is currently suspended and is being investigated due to strange activity," when he tried to log into Twitter on Tuesday. As he was later to discover, not only had his account been suspended, but all of his tweets and followers had been also removed.

Mr. Hypponen attempted to contact the micro-blogging company, with whom he had collaborated regarding security issues before, in order to find out what the problem was. He did get a response to his multiple queries, but only last night, after making the whole story public via the F-Secure blog.

The explanation he got was not only strange and suggested incompetence, but it was also quite rude and totally unprofessional. "I've unsuspended your acct. You were suspended for using the malware URL rnyspeceDOTcom in DMs. Be careful! We scan evrythng [sic] for malware," it said.

Twitter prouds itself on its new Google Safe Browsing-based URL filter. But this wasn't a URL, or even a hyperlink for that matter, and there wasn't any malware involved. The message Hypponen got banned for read, "I guess somebody will fall for it...a desperate Myspace phishing site at www. rnyspece. com. (don't go there)." Notice the empty spaces between "www." and "rnyspece" and again between "rnyspece." and "com," making it just a string of unclickable plain text.

And there are more eyebrow-raising aspects to this incident. The allegedly offending message was posted on August 3. "Really? Banning me for that? Two months afterwards? This sure makes no sense to me," the security researcher said. In addition, he pointed out that, "Apparently they still think I'm dangerous, as they have now removed all my followers. As well as everybody I was following."

If this process was automated, then Twitter clearly has to do some serious refining to its filter. However, if the suspension was vetted by a person, then someone needs a reprimand. And, judging by the official response received by Hypponen, it is also clear that the Twitter customer service leaves a lot to be desired.