This article was published in Scientific American’s former blog network and reflects the views of the author, not necessarily those of Scientific American
On supporting science journalism
If you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.
When computer programmers find security flaws in the programs they use (particularly software running on the Web), they have a choice: report the glitch to the software maker (which may ignore the warning) or find some way of publicly (and often illegally) exploiting it to make clear to the company how vulnerable its software is. A 17-year-old hacker claiming to be from Brooklyn, N.Y., this past weekend chose the latter path, unleashing at least two worms after discovering a weak spot in the social network site Twitter; the worms wended their way into a reported 190 user accounts and infected about 10,000 tweets (messages sent via the Twitter network), the company said yesterday.
A teen identifying himself as Michael “Mikeyy” Mooney has claimed credit for the cyber attacks, Net News Daily reports. (The site even posted a transcript of an interview reportedly conducted via a chat with Mooney shortly after the strikes began.) The first worm sent tweets to Twitter users inviting them to join the StalkDaily.com Web site. When tweeters visit the site, their computers become infected and automatically send out tweets enticing others to visit the site. (Warning: Do not visit this website, because it may trigger an infection in your computer, according to American News World).
A second worm sent out the messages: "Twitter please fix this, regards Mikeyy" and "Mikeyy is done." Mooney told Net News Daily that he had identified a security loophole in Twitter's site about a week ago and decided to "fiddle" with it out of "boredom." Mooney acknowledged that he could go to jail for his actions, but insisted his only intent was to alert Twitter to a programming flaw. (He doesn't mention whether he ever tried to flag the problem simply by contacting Twitter.)
Twitter said on its blog that it's still investigating what happened and how but that "no passwords, phone numbers, or other sensitive information was compromised" during three separate attacks on Saturday and Sunday. During interviews with Brooklyn-based BNO NEWS and Net News Daily, Mooney said he had no intention to rip off Twitter users' personal info.
Online watchdog Watshit offers the following advice for tweeters eager to protect their accounts: Do not use the same password for your Twitter account and e-mail; that way, your e-mail will be protected if your Twitter account is compromised (and vice versa).
Image ©iStockphoto.com/ Sami Suni