Feeds

Twitter worm author gets security job

Teen causes chaos, employed, hacked

The Essential Guide to IT Transformation

The self-confessed author of the recent Twitter worm has scored a potentially lucrative job doing security analysis and web development work.

Michael "Mikeyy" Mooney, a 17 year-old student from Brooklyn, New York, created a worm that exploited cross-site scripting vulnerabilities in a ham-fisted attempt to promote a site he ran, called StalkDaily. The worm created thousands of automated tweets and spawned a number of copy-cat attacks.

Two software development firms have offered Mikeyy-boy jobs since his worm created chaos on the social networking site last weekend. The miscreant has reportedly already accepted one of these jobs.

Travis Rowland, 24, founder and chief exec of Web applications development firm exqSoft Solutions, told ABC that Mooney has accepted the job he offered, which will involve security analysis and Web development. Rowland admits that hiring Mooney will help publicise his firm, adding that he's sympathetic to Mooney's situation because he once worked in military intelligence and "landed that position in a similar fashion".

There's no independent confirmation of this claim from the previously obscure Rowland.

Mooney describes creating computer worms as a hobby, telling ABC he's made five other worms over recent years. He's aware that he crossed the line with the Twitter attack but claims that he could have done much worse and suggests he was only attempting to publicise flaws. Nonetheless, his parents have still retained the services of a lawyer.

History repeating

The teenager is far from the first malicious hacker to be offered a job after a high-profile hack. For example, convicted Kiwi botherder Owen Thor Walker was offered a job as as a security consultant for TelstraClear, the NZ subsidiary of the Australian telco, last month.

In both cases the individuals involved were young and therefore capable of rehabilitation. Security watchers however criticised the indecent haste in which they were brought back into the world of work and questioned their security credentials.

"Mikeyy didn't just waste the time of thousands of Twitter users - he also put them at considerable risk," said Graham Cluley, senior technology consultant at Sophos. "Imagine if financially-motivated hackers had seen what Mikeyy was doing and used the XSS flaw to steal identities and install malware, as Twitter scrabbled to get the problem fixed."

"So, Mikeyy proved two things with his worms. One was that there was a problem with Twitter. The other was that Mikeyy Mooney had no problem with acting irresponsibly. He may very well be skilled in some aspects of computing, but there are plenty of other people out there with those skills who have not shown themselves to have such questionable judgment," he added.

Cluley dismissed exqSoft's job offer as a cheap publicity stunt.

"The company that has offered Mikeyy a job has got itself some cheap exposure in the press. It's a publicity stunt. But they are in effect encouraging other youngsters to behave like complete twits. Hackers who act like Mikeyy Mooney are not geniuses, and we don't need a stream of other kids who want a job hunting for flaws to exploit in software and websites, rather than reporting them responsibly."

Chris Boyd, director of research at FaceTime Security Labs, also argued Mooney would have done better to report the problem to Twitter, rather than offering lame excuses after creating malware.

"Anytime someone causes intentional disruption to a service with the rather lame excuse that 'they weren't listening to me' as justification, is a very clear and public signal that they probably can't be trusted. I've seen 'they weren't listening to me' used for everything from defacing an entire school's set of websites to wiping out hundreds of gaming forums with SQL exploits. If we all gave up at the first point of contact with a company having security issues, I tend to think the net would be a smoldering pile of dead wood before long."

Mikeyy is far from the elite hacker some reports have painted him as, Boyd adds.

"As far as "Mikeyy" goes, his rather overt display has gained attention from numerous groups in the hacking realm, one of which has already claimed his scalp in rather spectacular fashion (see here)."

"All he has to show for his exploit is a lot of bad rep and a pile of hacked accounts. I doubt he still thinks it was worth it," Boyd concludes. ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.