The other day a friend of mine was telling me to get off of Twitter and talk to him elsewhere, because “Twitter is a database for the Feds” and they were worried about what might happen to them if anyone found out their real life identity. While I thought he was just being paranoid at the time, I guess I should have known better because last night I stumbled onto 100% verifiable proof that Twitter is secretly logging the private conversations/messages of at least some of their users -myself included.
The incident occurred the night of January 13th 2019 during a conversation I was having with “Nama Tikure” via Twitter messenger. We were discussing various topics at the time, including spear phishing techniques and styles. He asked me the question, if I were going to launch an offensive to take down a Government agency, how would I go about doing so? To which I explained to him that I would probably just attempt to target the secretary of a politician via spear phishing attack, because it’s their job to process a lot of email in a short period of time and unlike the politicians themselves, are less likely to have strict security measures implemented on their computers/devices.
I explained to him that if I were going to conduct a spear phishing attack against the Greek parliament, for example, I would spear phish the secretaries of various offices affiliated with it. I told him that over the years I have also developed a means to create an un-traceable trap link that could be used to log anyone’s IP Addresses – that will also pass every single security scan you could put the link through. So, as a demonstration, I thought about showing him an example of what it would look like – but decided against doing so at the last second.
However, the interesting thing about all of this was that, despite never pressing “enter” on the chat or sending/sharing the message, and deleting the URL almost as fast as I typed it in, turns out the trap link was magically clicked on approximately 21 times in a 17 second time period – all by four different IP ranges. As a demonstration, below you can literally see the bots clicking on the link I was creating in live time as I was creating it.
IP Ranges Logged: 18.104.22.168 – 22.214.171.124
Entering all of these IP ranges onto a simple WHOIS reverse DNS search reveals that these particular IP ranges all belong to Twitter themselves – presumably hidden web bots working behind the scenes to gather data. Putting this into context though, this means that there are Twitter bots working behind the scenes in the middle of private conversation, secretly logging every last little detail about it – whilst also clandestinely interacting with any/all links contained within it. For reasons that should be obvious to see, this represents a serious violation of user privacy and data collection.
It also makes me wonder if this was happening to me, how prevalent of a feature is this? How much information is Twitter secretly logging from its users, and to what end? For whom is Twitter even collecting this information for? What are they doing with the data they collect? Are they selling it to interested third parties? Who inside the company has access to the logs of private conversations? Are there any safeguards in place to prevent abuses of user data/privacy? Rogue Security Labs has reached out to Twitter support and developers asking these very questions, but as of the afternoon January 15th 2019 has yet to receive a response.
Keep checking back for more information should they ever respond.