Twitter teen hacker hired by Web app developer

More

Twitter Watch

• Twitter rolling out new Lists feature this week
• As Google and Microsoft vie, Twitter could turn tweets into dollars
• Tweets rolling in as frozen Twitter thaws out
• Twitter tests Lists feature to group tweets
• Twit nits: 12 top Twitter annoyances
• What's your Twitter ROI? How to measure social media payoff
• The anti-Twitter: Woofer requires 1,400-character minimum
• Developers eager to see Twitter improve platform stability
• Twitter: latest application platform problems solved
• Twitter down on Saturday, external apps to be affected

More: Internet Center

Computerworld - An Web application developer today confirmed that he has hired the teenager who admitted attacking Twitter with several different worms last weekend.

Travis Rowland, of Hammond, Ore., said that he had offered a job to Michael "Mikeyy" Mooney, a 17-year-old who said last week that he had written at least two of the worms that struck Twitter starting on April 11.

In a telephone interview on Friday, Rowland, the CEO of exqSoft Solutions LLC, described his company as doing "custom Web application development, primarily geared toward businesses."

Mooney came to his attention because of the Twitter worms, Rowland acknowledged. "I contacted him and saw his Web site and thought it was interesting," said Rowland. "Then I talked to him and found out he did it all by hand, so I asked him if he wanted to work as a programmer."

Rowland said that Mooney would also be involved doing "security analysis for us, to make sure our applications are as secure as they can be."

The attacks on Twitter began early last Saturday and continued in several waves through Monday. Mooney, who goes by the nickname "Mikeyy," assumed responsibility for the first two worms, dubbed "StalkDaily" and "Mikeyy" in a message posted to his Web site and in later interviews.

StalkDaily and Mikeyy exploited one or more cross-site scripting or cross-site request forgery vulnerabilities in Twitter to infect user profiles. The first attack relied on tweets that referred to several malicious accounts allegedly created by Mooney. When users viewed those accounts' profiles, their own profiles became infected, and their accounts then sent more spam-style messages to entice friends to the just-infected profiles.

Twitter Inc. co-founder Biz Stone said Monday that Twitter had had to scrub about 200 infected accounts and delete 10,000 tweets carrying links to JavaScript attack code.

Rowland denied that hiring Mooney was a publicity stunt, but he noted that the buzz was a nice benefit. "Any publicity is good publicity, he said. "I can't argue with that, but it's just a perk. If I can get [Mooney] on the right track, it works out for everybody."