Search This Blog

Saturday, March 27, 2010

Suspected Twitter infiltrator: 'I'm a nice hacker'

He's unemployed and isn't much of a computer expert. The Frenchman accused of infiltrating Twitter and peeping at the accounts of President Barack Obama and singers Britney Spears and Lily Allen says he wanted to reveal just how vulnerable online data systems are to break-ins — and he says he didn't mean any harm.

"I'm a nice hacker," suspect Francois Cousteix told France 3 television Thursday, a day after he was released from police questioning, adding that his goal was to warn Internet users about data security.

"Hacker Croll," as he was known online, is accused of breaking into Twitter administrators' accounts and copying confidential data — as well as peeping at Obama's and the singers' accounts, though he didn't have access to sensitive information about them, a French prosecutor said.

FBI agents sat in on the sessions while French police questioned the young man for two days, said Jean-Yves Coquillat, prosecutor in Clermont-Ferrand, where the suspect will be tried in June for hacking.

If convicted on the charge of breaking into a data system, he risks up to two years in prison and a euro30,000 ($40,068) fine. The suspect lives near Clermont-Ferrand in central France.

"He says it's the challenge, the game, that made him do it," Coquillat said. Officials say preliminary investigations suggest Hacker Croll did not tweet in other peoples' names or try to make money out of his information.

"He had access to elements that were so confidential that he could very well have profited from them" through blackmail, for example, said Adeline Champagnat of the French police office on information technology crimes.

She compared the hacker's actions to "a burglar breaking into the headquarters of a big company, able to look at the files of the all employees and clients, with their passwords and confidential information."

"In a way, he succeeded in taking control of Twitter," Champagnat said.

Twitter, based in San Francisco, declined to comment on the case Thursday.

At one point, Champagnat said, the hacker attempted to find a password for Obama's account but didn't follow through with it. With administrator access, "he didn't even need" Obama's password, she said — but hacking into the president's account wasn't his goal.

Cousteix, who was identified as being 23 or 24, said he just wanted to prove a point about Internet security.

"It's a message I wanted to get out to Internet users, to show them that no system is invulnerable," he told France 3 television.

Hacker Croll confessed to the hacking under questioning, and analysis of his computer backs up his statements, police and the prosecutor said.

The suspect, who lives with his parents and has no college degree, didn't have any special computer training, the prosecutor said.

His technique was to get administrators' e-mail passwords' reset by correctly answering their security questions using information about his prey that he gathered from blogs and other public sites, officials said.

Twitter said in July that it was the victim of a security breach. Co-founder Biz Stone wrote at the time that the personal e-mail of an unnamed Twitter administrative employee was hacked, and through that the attacker got access to the employee's Google Apps account.

The French prosecutor said the suspect infiltrated the accounts of "several" Twitter administrative employees. He was able to access information such as contracts with partners and resumes from job applicants, Coquillat said.

Hacker Croll e-mailed some of the documents to TechCrunch, a widely read technology blog, and it subsequently published some of them, including financial projections. The material was also published on several French sites.

Some of the material was more embarrassing than damaging, like floor plans for new office space and a pitch for a Twitter TV show.

Using the administrator logins, Hacker Croll looked at Twitter details of Obama, Allen, Spears and other well-known personalities and was able to see information such as IP addresses, when they were last connected and when they signed up, French officials said.

No comments:

Post a Comment