20 April 2009

Kids these days

Have you heard about the worm that hurt Twitter recently? Evidently a 17 year old kid is taking credit for the attack. He claimed that he hoped to get some job offers from it, but why would a young person risk serious prosecution for something like this? Should he even get in trouble, when he was just exposing a serious flaw in Twitter that could have caused much more damage than it did?

This reminds me of some local guys who attended the same university I did. One of them decided to download this program that would show openings in a network. Well, when he ran it and discovered some pretty significant amounts of personal data that were open for anyone with the know-how to find. This information included names, addresses, phone number, and other highly sensitive data. Of course, he was caught and he and his roommates had their computers confiscated by the FBI for a full year while the FBI tried to decide what the intent was behind his 'hack'. What is laughable is that he was not mining for information, and, in my opinion, he should have been rewarded for exposing this very serious problem to the university. Instead of someone malicious using the information, the problem was quickly fixed. And he was investigated. I am not sure if he was ever charged with anything, because apparently the only illegal thing he did was the illegally download the program. Everything else was within his rights, and he didn't save any of the information he found. But, of course it was pretty big news locally, and even on the national level.

So, should Michael Mooney be charged with anything? While I do not condone the manner in which he proceeded, he did demonstrate to Twitter how lax their security is. Although his methods were unscrupulous, were his intentions much more altruistic? Who knows. In any case, it is one of the most interesting cases of media literacy in the extreme.


  1. I don't think his intentions were entirely altruistic. He said in the article he did it out of "frustration with Twitter's lack of security and popularity." Personally, I interpreted that as saying that Twitter didn't deserve its popularity because it had security flaws, and he wanted to make those flaws visible to warn people and drive them away.

    The problem with these kinds of stunts is that people know they're going to draw attention, both from the authorities and the media. Maybe they're driven by technological curiosity, a desire to gain attention from developers, or other altruistic intents. But it's also easy to use those kind of intentions as excuses, which is why the authorities treat them the same as any other attack. Even though the Twitter worm didn't do any damage, it was still labeled an attack because it's the most applicable term - it attacked the site's security and therefore had the potential to cause harm.

    There are other, legal, ways of showing off one's programming skill, especially in today's world of iPhone apps and do-it-yourself websites. Facebook, YouTube, and many other sites were started up by programmers who had an idea and ran with it, through legal means. It's just much less likely that those kind of endeavors will attract media attention, unless they first attract a cult following. Because of this, I really have to believe that the media attention is what drives these hackers more than any kind of positive advancement for the websites or society.

    While it's true that some reformed hackers have found work testing the security of networks and websites, it's much more likely to go down as a negative strike on a programmer's record. The time spent on these worms would be much better spent developing some small programs to build a sort of portfolio that could be shown to future employers.

  2. If you want a crash course in hackers, check out the "Afterwords" and "Bibliography" of "Little Brother," by Cory Doctorow. The book itself is worth a read, too.