Comments on: Teen Twitter worm writer gets job, spreads new worm

The Brooklyn, N.Y., teenager who takes credit for a series of worms on Twitter gets hired by Web app development firm, and then distributes another worm.

[jayhawk73]

"The teen not only wasted the time of thousands of Twitter users "

isn't twitter just one big waste of time?

[monkeyfun14]

+1

What time could you possibly have if your on twitter.

[Dalkorian]

"Time vampire" is the appropriate term you're looking for.

[spork27]

This was exactly my thought too when I read that line.

[joevai52]

Yes, twitter is a waste of time, just another way to dumb down people, reduce their attention spans even further, and to continue the decline of interpersonal communications/relations. Now, if only someone would create a worm that will completely eliminate twitter, or maybe it's possible to create an iphone OS or windows mobile worm that makes the phone's owner soil themselves whenever they bring up "twitter" in conversation. If people want to use Twitter, that's fine, but please just stop talking about it already.

[ccmike72]

+1

[vdubya_1]

This moron didn't "write" anything. But script kiddies need to be tossed in jail just like the real hackers. Byye Byye Mikeyy

[timber2005]

+1
It's like not repremanding a kid when they are young. You give them the wrong idea.

Time to put him where he should be for a day or week.

[SergeM256]

That's bizarre. He admitted releasing virus and he is not in jail.

[ddhboy]

maybe if twitter had profits to eat out of because of such disruptions people would be more concerned.

[SergeM256]

OK, Tweeter decided not to prosecute him. What about affected users? I guess any user may file criminal complain and get him prosecuted. Users are victims in this case.

[monkeyfun14]

Twitter has no money to prosecute anyone.

[shootfirst]

Computer security is a big money maker and a scam. Why do these security researchers hire known computer deviants that do deeds that they should get prosecuted for and don't. Instead our courts waste time going after people pirating music files, which is totally stupid. However with Twitter I think he should be given a life sentence for not taking it down all the way.

I don't think the kid wrote his site by hand. You can easily pull off information from a site using standard tools that have been around for forever to clone a website. I'd be impressed if he was able to copy all the databases from Twitter. How does this guy know if his website is a direct copy if he doesn't have the Twitter source... Sounds like he was just looking for a kid playtoy.

[mnl1121]

Security researchers hire known hackers because of the obvious benefit. The best hackers out there (of which i doubt this 17 year old is one of them) really know what they are doing so why not hire them? You pay them, they give you all the info you want. Pretty simple and straight forward, especailly when most hackers are just bored computer gurus.

[chrisx1]

He is a minor who did a prank out of boredom, so he isn't in jail.
Many teens get bored and can't find enough that holds their attention these days.
Typical bored kid.

[Marcos989]

let him be bored in jail

[crue24]

Did you guys read the article? The kid alerted twitter to the vulnerabilities and they ignored him. He didn't steal info or anything else to compromise my the users other than annoyment, why should he be prosecuted? Basically he just let all the twitter users know that the vulnerability was there hopefully creating an issue for the company to force them to fix the problem BEFORE a true villain exploited the issue for profit.

Consider it; who's the real bad guy, this kid or Twitter? Kid notifies twitter, "you have an issue". They ignore him. Everyone is at risk. Kid writes a program exploiting the issue in a non menacing way, making it publicity and now they have to respond and fix the issue securing everyone's info. kid deserves a job and better. Twitter should pay him personally. Why should users go after him. Ultimately he probably helped them because now Twitter will have to fix the issue.

If the kid hadn't contacted twitter first, his behavior would be questionable. But if he notified them first and did something non-malicious after they ignored him, then I would consider that more public service than criminal. Security holes are always going to be around in software, unfortunately, but if companies knowingly ignore them, shouldn't the company be at fault? If he had used the vulnerability in a way to rip off users than sure, go after him, regardless of whether or not he notified them of it, but he didn't.

To put it in another context; consider this. Your bank doesn't lock the doors at night. I tell the bank, "hey, lock the door, its open" and they ignore me. So I walk in take all the money and now everyone knows, but the money isn't really gone, I just hid it to prove a point to the bank.

[_makio_]

hmm... don't know about the last point, but overall. yes. He didn't really "hide the money" per se. He only pointed out that it would be possible to steal the money.

Like you said, if he didn't contact twitter then did something malicious then he should certainly be punished. He didn't do that and therefore has done the online community a favour. The way i see it is the same as the sponsered hacking tournements, if they point out flaws in software without doing anything malicious, they haven't really done anything wrong. there is a right and a wrong way to do everything...

[SergeM256]

Obviously, if you rob a bank you would go to jail, even if you only wanted to expose weakness of bank's security.

[ZetaZeta_]

But in this case nothing of value was lost.

[ikramerica--2008]

It's more like what investigative reporters do than it is robbing a bank. But at least in this kid's case, he told Twitter beforehand and offered to save them embarrassment, but they ignored him. Most IRs simply infiltrate, continue the illegal practices, then publish an expose after the fact. Which is more criminal? I'd say the latter, but we routinely reward those people with Pulitzer prizes...

[n3td3v]

"The teenager who takes credit for the worms that hit Twitter earlier this week has been hired by a Web application development firm and on Friday released a fifth worm on the microblogging site, he said."

I hope the FBI nip him in the bud, this cannot continue, this needs to be made an example of.

I want Law enforcement / Intelligence agency's to take control of the situation, now.

[michael_mikeyy_mooney]

From what I understand he isnt from NY, thats just a VOIP# he uses to hide
Research here: http://sqworl.com/?i=a11951

I'm sure if he continues his games, it will catch up to him soon enough.

[Thought Nozzle]

Elinor -- It's "TelstraClear", not "TelestraClear". Parent company: the Australian communications giant Telstra. Just thought I'd point that out. No comment on the script kiddie.

[elinormills]

Fixed. thanks!

[AlexanderNY]

Connecting talented and gifted people with proper job opportunity is a tough task. There are literally millions of unemployed people now: just check the latest unemployment statistics on Jobrica
(http://www.jobrica.com/_RESOURCES/UnemploymentStat.aspx)

Finding the right job for right people is the key for our economic revival. There must be more opportunity for our teenager to find a job, which would allow them to apply their talent in a positive way.

[ZetaZeta_]

What did I say. Of course he'd get hired.

[ANTSCNET]

Anyone else thinks this smacks heavily of a cross between the Biopic 'Catch me if you Can' and the plot of 'Live Free or Die Hard' ?

[erade]

Sounds like if you rob a bank and get away with it you will be rewarded with a good job at the same bank you just robbed. A cigar is a cigar.

[jaycustom]

Bottom line...software developers need people like this kid. Twitter is big ( I personally think it's a joke) and is getting bigger every day. This needed to be pointed out before something really bad happened. And believe me...if I was this kid and I was offered a high paying job doing what I loved to do, I would definetely use my powers only for good! If only this happened in other parts of life. Catch a kid spray painting a building, send him to jail for a few days, but when he gets out, offer him an enrollment in an art class to put his skill to good use. Teens just need a push in the right direction..everyone knows that.

[Marcos989]

Yes, I should thank this young man but first I will thank the thief that robbed me for exposing my home security is lacking as soon as I thank the mugger for only shooting me in the leg after I thank my employer for terminating me exposing my lack of sufficient funds saved.
Great logic.

[ccmike72]

As a twitter user i thank him for pointing out a security flaw that could effect me. He did no real damage and took nothing of value. Attention should be on twitter for poor security practices. Its not like a thief, or mugger , or an employer who might lay you off Marcos. Unlike your scenarios he caused no damage. Without damages he in a civil sense did no harm. Prison is for those who endanger society and need reform. This kids is a danger to no one and due to the fact that he tried to tell twitter about their security flaw his ethics seem clean. Prison is not for vengeance wished upon someone by someone else who is feeling self-righteous

[psmithp2]

Excuse me, but isn't this a bit like hiring John Dillinger as a security consultant for banks? Sure he knows his stuff about bank robbery, because he DID it!

Maybe Homeland Security could use the talents of Osama bin Laden! Somewhere, there must be a grip to be had!

[gofalcons]

lock this punk up, this is such bull that this kid can "hack" a site and say " i did it to show them the vulnerabilities in the sites security"....lock this kid up just to show him the vulnerabilities of breaking the law.

[DevSensible]

From the view of one who owns and runs a web application design firm for enterprise level systems:

This year's "Most Stupid Business Move of the Year" award needs to go to good ol' Travis. Just because a kid (spell script kiddie) can pop worms into Twitter does not a security expert make. You did not hire a security expert. On the other hand, what you have done is:

1. Associate your firm with a hacker who, after being given a legitimate job, released another worm into the same system and then admitted to it. (This one I would watch Travis my boy. If I were Twitter I'd be coming after you. I mean, you do employ the kid and he did release the worm under your watch.)

2. Hire a kid who has no security background. Sure, he knows how to write a worm, but can he stand up against the criminal functions out there who are hell-bent on busting your web app?

3. Given yourself a huge problem if the kid doesn't pan out. Hey Travis, he infested Twitter 5 times now, what do you think he's going to do with your code if you decide things aren't going the way you want them to? Things that make you go hmmmm....

For all those saying this kid is right in doing what he did because he "notified" Twitter and got no response, note that there was no indication of how much time expired between said "notification" and the attack. I do believe his original statement was "I was bored," not "I was trying to point out flaws to Twitter and they never responded." I can understand if the notification was done 6-months prior, but then isn't it customary to release a proof of concept to a site like SecurityFocus? That is professional, that is the right thing to do. If the notification was 2 weeks ago, then, well...you do the math.

This kid needs to be prosecuted as any other hacker who attempts to spread a worm of such magnititude. And ol' Travis needs to be locked up for sheer stupidity. Hmmm, wait, maybe not. Maybe he should just keep on working so its just one less competitor I have to worry about when a prime customer who pisses ol Mikeyy off finds his site spreading worms and suffering DoS cause Mikeyy was bored.