Australian 17-year-old blamed for Twitter chaos
Wednesday 22 September 2010
A 17-year-old Australian schoolboy Wednesday said he unwittingly caused a massive hacker attack on Twitter which sent users to Japanese porn sites and took out the White House press secretary's feed.
Pearce Delphin, whose Twitter name is @zzap, admitted exposing a security flaw which was then pounced upon by hackers, affecting thousands of users and causing havoc on the microblogging site for about five hours.
But the idea was soon taken up by hackers who tweaked the code to redirect users to pornographic sites and create "worm" tweets that replicated every time they were read.
"At the time of posting the tweet, I had no idea it was going to take off how it did. I just hadn't even considered it."
Twitter apologised to its millions of users after the "mouseover bug" raged through the site, opening pop-up windows in Web browsers and automatically generating tweets from other accounts.
White House press secretary Robert Gibbs and Sarah Brown, wife of Britain's former prime minister Gordon Brown, were among those hit by the bug before engineers patched it up.
The "Netcraft" security website traced the malicious code back to Delphin, who said he got the idea from another user who employed a similar code to make his profile and tweets rainbow-coloured.
"After that, it seems like some of my followers realised the power of this vulnerability, and within a matter of minutes scripts had taken over my timeline," Delphin said.
The glitch was mainly used for pranks, but Delphin said it could have been used to "maliciously steal user account details".
"The problem was being able to write the code that can steal usernames and passwords while still remaining under Twitter's 140 character tweet limit," he said.
"Luckily, no one, as far as Twitter admits, actually used this to extract passwords from users."
Experts said the problem could have been exploited for more sinister purposes by hackers redirecting users to third-party websites containing malicious code, or for spam advertising.
Delphin was one of the first people in Australia to start using Twitter, back in 2006, and said the site had known about the problem for "months" but failed to patch it.
The teen is just a few weeks off graduating from high school and hopes to study law. He had not yet told his parents about the cyberstorm he'd created.
"I discovered a vulnerability, I didn't create a self-replicating worm. As far as I know, that isn't technically illegal," he said.
"Hopefully I won't get in trouble!" he added.
Twitter, which allows users to post messages of 140 characters or fewer, says it has over 145 million registered users firing off more than 90 million tweets a day.
It unveiled a major redesign of its website a week ago that is being slowly rolled out to users of the service across the globe. The company said the attack was not connected to Twitter's revamp.
Life & Style blogs
Who is Teresa Fidalgo? Debunking the fake ghost story that's got Instagram spooked
'I am a paedophile': Is our approach to sex offenders helping to create more victims?
Dame Vivienne Westwood: The former Queen of Punk may now be an establishment pillar, but her work is still controversial – and much copied
Revealed: Lidl’s £4 perfume smells identical to Chanel’s £70 scent - but the difference is in the bottle
Regin: US and UK intelligence services could be responsible for snooping spyware
Rochester by-election: Ukip gains second MP as Tory defector Mark Reckless holds seat
'Beast of Bolsover' Dennis Skinner takes Ukip MP Mark Reckless to task moments after he is sworn in
Rochester by-election: Labour MP Emily Thornberry resigns after posting white van and England flags tweet
The young are the new poor: Sharp increase in number of under-25s living in poverty, while over-65s are better off than ever
Revealed: How the world gets rich – from privatising British public services
Exclusive: UK approved £7m Israeli arms sales in six months before Gaza conflict
- 1 Tamir Rice: 12-year-old boy playing with fake gun dies after being shot by Ohio police
- 2 To help fuel their propaganda machine against the poor, our government has now decided to redefine the word 'welfare'
- 3 Black Friday 2014: Opening hours for John Lewis, Asda, PC World, GAME and Argos
- 4 Bill Cosby: Isn’t it obvious why his accusers have stayed silent up until now?
- 5 Jeremy Hunt: 'I took my children to A&E because I didn't want to wait for GP appointment'
iJobs Gadgets & Tech
£26000 - £33000 per annum + benefits and bonus: Ashdown Group: PHP Developer (...
£18000 - £24000 per annum: Recruitment Genius: A Junior Software Developer is ...
£28000 per annum: Ashdown Group: PHP Web Developer - PHP MySQL JQuery HTML CSS...
£250 per day: Langley James : Network Engineer, NHS, CCNA, CCNP, West London £...