A 17-year-old Australian schoolboy yesterday said he unwittingly caused a massive hacker attack on Twitter which sent users to Japanese porn sites and took out the White House press secretary’s feed.
Pearce Delphin, whose Twitter name is @zzap, admitted exposing a security flaw that was then pounced upon by hackers, affecting thousands of users and causing havoc on the microblogging site for about five hours.
Delphin, who lives with his parents in Melbourne, said he tweeted a piece of “mouseover” JavaScript code which brings up a pop-up window when the user hovers their cursor over the message.
However, the idea was soon taken up by hackers who tweaked the code to redirect users to pornographic sites and create “worm” tweets that replicated every time they were read.
“I did it merely to see if it could be done ... that JavaScript really could be executed within a tweet,” Delphin told reporters via e-mail. “At the time of posting the tweet, I had no idea it was going to take off how it did. I just hadn’t even considered it.”
Twitter apologized to its millions of users after the “mouseover bug” raged through the site, opening pop-up windows in Web browsers and automatically generating tweets from other accounts.
White House press secretary Robert Gibbs and Sarah Brown, wife of former British prime minister Gordon Brown, were among those hit by the bug before engineers patched it up.
The “Netcraft” security Web site traced the malicious code back to Delphin, who said he got the idea from another user who employed a similar code to make his profile and tweets rainbow-colored.
“After that, it seems like some of my followers realized the power of this vulnerability, and within a matter of minutes scripts had taken over my timeline,” Delphin said.
The glitch was mainly used for pranks, but Delphin said it could have been used to “maliciously steal user account details.”
“The problem was being able to write the code that can steal usernames and passwords while still remaining under Twitter’s 140 character tweet limit,” he said. “Luckily, no one, as far as Twitter admits, actually used this to extract passwords from users.”
Experts said the problem could have been exploited for more sinister purposes by hackers redirecting users to third-party Web sites containing malicious code, or for spam advertising.
Delphin was one of the first people in Australia to start using Twitter, back in 2006, and said the site had known about the problem for “months” but failed to patch it.
The teen is just a few weeks off graduating from high school and hopes to study law. He had not yet told his parents about the cyberstorm he’d created.
“I discovered a vulnerability, I didn’t create a self-replicating worm. As far as I know, that isn’t technically illegal,” he said.
“Hopefully I won’t get in trouble,” he added.
Twitter unveiled a major redesign of its Web site a week ago that is being slowly rolled out to users of the service across the globe. The company said the attack was not connected to Twitter’s revamp.
MINERAL DEPOSITS: The Pacific nation is looking for new foreign partners after its agreement with Canada’s Metals Co was terminated ‘mutually’ at the end of last year Pacific nation Kiribati says it is exploring a deep-sea mining partnership with China, dangling access to a vast patch of Pacific Ocean harboring coveted metals and minerals. Beijing has been ramping up efforts to court Pacific nations sitting on lucrative seafloor deposits of cobalt, nickel and copper — recently inking a cooperation deal with Cook Islands. Kiribati opened discussions with Chinese Ambassador Zhou Limin (周立民) after a longstanding agreement with leading deep-sea mining outfit The Metals Co fell through. “The talk provides an exciting opportunity to explore potential collaboration for the sustainable exploration of the deep-ocean resources in Kiribati,” the government said
The head of Shin Bet, Israel’s domestic intelligence agency, was sacked yesterday, days after Israeli Prime Minister Benjamin Netanyahu said he no longer trusts him, and fallout from a report on the Oct. 7, 2023, Hamas attack. “The Government unanimously approved Prime Minister Benjamin Netanyahu’s proposal to end ISA Director Ronen Bar’s term of office,” a statement said. He is to leave his post when his successor is appointed by April 10 at the latest, the statement said. Netanyahu on Sunday cited an “ongoing lack of trust” as the reason for moving to dismiss Bar, who joined the agency in 1993. Bar, meant to
Indonesia’s parliament yesterday amended a law to allow members of the military to hold more government roles, despite criticisms that it would expand the armed forces’ role in civilian affairs. The revision to the armed forces law, pushed mainly by Indonesian President Prabowo Subianto’s coalition, was aimed at expanding the military’s role beyond defense in a country long influenced by its armed forces. The amendment has sparked fears of a return to the era of former Indonesian president Suharto, who ex-general Prabowo once served and who used military figures to crack down on dissent. “Now it’s the time for us to ask the
The central Dutch city of Utrecht has installed a “fish doorbell” on a river lock that lets viewers of an online livestream alert authorities to fish being held up as they make their springtime migration to shallow spawning grounds. The idea is simple: An underwater camera at Utrecht’s Weerdsluis lock sends live footage to a Web site. When somebody watching the site sees a fish, they can click a button that sends a screenshot to organizers. When they see enough fish, they alert a water worker who opens the lock to let the fish swim through. Now in its fifth year, the
RSS