SciTechBlog   « Back to Blog Main
March 26, 2010

Man suspected of cracking Twitter accounts: 'I'm a nice hacker'

Posted: 10:42 AM ET

The man accused of cracking a Twitter database and peeking at the Twitter accounts of Barack Obama and Britney Spears said this week that he didn't mean harm, according to a French TV station.

He aimed to prove Twitter is vulnerable to attack.

"I'm not a hacker, or rather, I'm a nice hacker," he said, according to the France 3 station. (via AP)

The man, who is known by the nickname "Hacker Croll," is accused of stealing confidential documents from Twitter employees, and of looking in on the Twitter accounts of the U.S. president and celebrities, according to news reports. He was arrested on Tuesday by French police in cooperation with the U.S. Federal Bureau of Investigation. If convicted of hacking into a database, he could face up to two years in jail, according to the Agence-France Presse news agency.

The ordeal caught the public's attention in July, when a man calling himself Hacker Croll sent confidential documents from Twitter employees to the technology blog TechCrunch, which decided to publish some of the stolen documents.

What do you think about Hacker Croll's statement? Is there anything laudable about breaking into a system to uncover its faults? Can a person actually be a "good hacker?" Let us know in the comments section.

Posted by:
Filed under: hacking • piracy • Security • technology • Twitter


Share this on:
J   March 26th, 2010 11:17 am ET

I'm not surprised that someone managed to hack into twitter... but I really don't see the point in doing that. Is it really worth 2 years in jail?


Anonymous Coward   March 26th, 2010 11:36 am ET

The Internet as a whole has seen it's fair share of so-called "white hat" hackers, those who do not carry any malicious intent, but break into systems to prove that they are in fact vulnerable. This hacker could have easily deleted these accounts, or posted rogue tweets to the millions of followers both accounts have; however, he did not. He merely made a point. A point that goes under the radar because of our opinions and views on "hacking" as something people only do for personal gain or with malicious intent. Penetration testing as it is called is used widely, and while this was not condoned by Twitter, it has allowed them to patch an otherwise unknown intrusion point.


elia   March 26th, 2010 12:25 pm ET

Although I don't aprove invading someone's privacy I, sometimes, am grateful as I learn from their experience. Anyway, he could have contacted Twitter instead of making him famous over Mr. Obama or Britney's names.


Franko   March 26th, 2010 12:30 pm ET

Both Chinese News Network and Cable News Network censoring Blogs ?
Will this question be in Moderation Purgatory forever ?


Franko   March 26th, 2010 12:37 pm ET

Watch; Google CEO Eric Schmidt on privacy
“If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place”

Will CNN censor the above ??


Reputation Defender : Reputation Management, Internet Privacy, and Social Media Quick Hits   March 26th, 2010 12:39 pm ET

[...] including that of Britney Spears and the official Twitter feed for President Barack Obama. In a recent interview with French press, he said, "I'm not a hacker, or rather, I'm a nice [...]


Peter   March 26th, 2010 12:53 pm ET

This kind of person is frequently referred to as a Penentration Tester (or pen tester, for short). They are, in essence, ethical, licensed "hackers" who attempt to simulate malicious attacks to uncover vulnerabilities which need to be addressed.

http://www.google.com/search?q=pen+testers


Sue   March 26th, 2010 1:23 pm ET

High tech companies hire "nice" hackers all the time for internet security positions. If you want to know how to make something secure, hire a thief to tell you.


Jahn   March 26th, 2010 1:25 pm ET

"Is there anything laudable about breaking into a system to uncover its faults? Can a person actually be a "good hacker?""

Are you even serious about this question? You report on technology and you are not aware of "white hats"?


anon   March 26th, 2010 1:27 pm ET

Learn the correct definition of hacker


Carl   March 26th, 2010 1:28 pm ET

@ Peter, True, but Ethical Hackers also have permission first do do this. This isn't white hat/ethical hacking, it is more like grey hat hacking. Permission is what gets you out of jail.


Dustin   March 26th, 2010 1:29 pm ET

Just so we get the facts straight here he didn't hack anything. He went into the lost password area of twitter and guessed the secret questions. Anyone could do this and most people have reset at least one password this way. If he would have done this to some no name people nothing would have happened but he choose the president who for some reason is thought to be better then everyone else. Now I'm not saying what he did was right but I do find it funny that they are making such a big deal out of it because of who's account he "hacked" into. Get over it the president is no better then you and I.


dev   March 26th, 2010 1:30 pm ET

Big anti virus companies actually have contests to see if their systems can be hacked. There are ethical hackers who try to expose the vulnerabilities of a system. I believe that "good" hackers exist.


Bill   March 26th, 2010 1:36 pm ET

A "white hat" hacker. No hardly, though I do think the punishment is ridiculous.

He took the stolen data and exposed it to the public. Proff enough of hte misdeed right there.

Even he had been trying to hack to prove it was vulnerable, then he should have done so, then contacted Twitter and discussed the methods he used so they could patch their systems. I've had friends do exactly that.

Information warfare is the next battlefield, and we'll need people with these skills, so don't label all hackers as evil just because of what they do. The guy's behavior with those skills, however, does not make him a "good guy".


dan   March 26th, 2010 1:36 pm ET

Yes a person CAN be a good hacker. I go to school for Network Security and we are taught to hack so that one is able to stop, prevent, or investigate such cases. There is a difference between a black hat hacker and a white hat hacker. Some "hackers" are out there to find security flaws and inform the public about them.


Brian   March 26th, 2010 1:36 pm ET

What a weird question.... Obviously yes there are good hackers... does the word "White Hat" hacker mean anything? How about the "Certified Ethical Hacker" certifications that security admins are going after these days?


Thor   March 26th, 2010 1:37 pm ET

I despise hackers, but I find it very interesting how a worldwide search is engaged when it happens to a public figure; however, if someone hacks my account I would be lucky to even get to talk to a human about it. This is nothing more than elitists’ abusing their power once again. Our government is supposed to be “public servants, which means they should apply the same rules for themselves as they would for us.


B Hayward   March 26th, 2010 1:37 pm ET

Why is this news? Nobody is niave enough to post something confidential on any social networking site. The sites should be focused on improving security, not prosecuting hackers.


CoderJones   March 26th, 2010 1:39 pm ET

If Twitter had hired him to hack their database, then Yes. But to hack in and then say I did it to show you – that's Breaking and Entering (B&E)
What if the government could just break into your privacy and then say – I thought you were doing something wrong.......Oh wait, they do that now


justme   March 26th, 2010 1:41 pm ET

What was the Intent, Motive and Benefit? That should determine the punishment. Should he be let go? I do not think so. Having said that however, I would say that 2 years is cruel punishment considering, and if proven true, that his intentions was to prove Twitter is vulnerable to attacks.


lee   March 26th, 2010 1:42 pm ET

He will probably end up working for the government if he is really good


Charles   March 26th, 2010 1:44 pm ET

Actually, he's a grey hat, not a white hat.


Chris   March 26th, 2010 1:45 pm ET

"Good hackers" made sence back when companies declared their systems were 100% safe. If you manage the hack them, then the company were proven wrong. Today its known than any system can be penetrated, but its also clearly illigal. Therefore "good hacking" is no longer longer possible.
Speeding or murder or other criminal offences are also possible, but anyone who engaged in such activities would surly not be considered "good criminals" either, even if they just did it to prove that its still possible.
Of course if some day all cars were installed with a system that made speeding impossible, and someone managed to drive too fast even with the system installed despite statements that it was 100% impossible, then maybe such a driver could be called a white driver too.
Point is. Hacking is possible but illigal so you are not proving anything by hacking other than you are able to break the law.


chris w   March 26th, 2010 1:45 pm ET

@carl, good point. You're right white hats need permission first. I am a white hat. However, I would never have been able to become a white hat if I had not broken into somethings first while I was new to "hacking" and learning. I never did anything malicious, if I had been caught should I be in jail?

The only thing this guy did that was malicious was blast Twitter's name.

His intentions need to be taken into account in court.


TJP   March 26th, 2010 1:46 pm ET

Yes there is such a thing as a good hacker or what's known as an ethical hacker. That's exactly what our firm does, is provide ethical hacking services to organizations. However, someone doing what he did would not be considered a good hacker in our circles.

I would say that as a user of twitter or any other site on the Internet that you should be able to do "due diligence" on a site to test basic security measures and decide on your own whether you want to trust them. An ethical hacker would only notice the faults, bring it to the attention of the site owners and then do nothing malicious.

But honestly there's no protection we receive by doing this, so technically a company could claim malicious intent. Thus, most of us say nothing when we find the vulnerabilities.


Jeff H   March 26th, 2010 1:51 pm ET

Why is this any different than breaking into someone's house to show that the locks aren't very good?
I don't think anyone would be defending that action, especially if it was their house that was broken into.


chris w   March 26th, 2010 1:52 pm ET

@TJP. I hate feeling as though I shouldn't report to a company about its flaws because I have to be worried about them coming after me legally. All you want to do is help, but you can get in trouble.


Stephen   March 26th, 2010 1:52 pm ET

He would be a "good" hacker if he let them know what he was doing ahead of time and got their permission. They never asked for his help in testing the security of their system...


Robert Kleiner   March 26th, 2010 1:52 pm ET

A hacker is a hacker is a hacker.

Meaning: Unless you are hired by the corporation to test their security, you are violating other property.

Period.


cor   March 26th, 2010 1:52 pm ET

@Dustin – That depends on your definition of "hacking". The original definition is to use something for a purpose it was not originally intended. For example, MacGuyver, it could be said, was a hacker. So if we are following that definition, the little exploit of guessing someones "secret question" could, in fact, be considered a hack. A lot of people say that something is not a hack because it wasn't overly complex when, in fact, the best hacks aren't even complex at all. It just took a long time for someone clever enough to come along and realize that the "hack" was simple to begin with. Just because it didn't exploit a buffer overflow or crack a password doesn't mean it not a hack.


Terry from West Texas   March 26th, 2010 1:53 pm ET

Let us imagine that you left your door unlocked and when you came home from work, a guy was sitting in your living room watching your TV. He says, "Hey, I'm a good guy. I want to prove that some people leave their doors unlocked. I'm only doing this as a community service."

I would say, put him in jail for a year or two.


Ken   March 26th, 2010 1:53 pm ET

hey nice hacker dude. Don't mess with crap that does not matter. You want to impress me, then take down the great Chinese firewall.


chris w   March 26th, 2010 1:54 pm ET

Jeff,
People don't try to break into your house everyday all day long like they do on websites. Major websites receive break in attacks around the clock.

It's more comparable to testing the security of a military base in the middle of an active conflict zone than a house in the USA.


Rob101   March 26th, 2010 1:54 pm ET

I say fine him then some of these companies should hire him on.
Seems like a logical way to fight malicious hackers, send in other hackers to defend the systems.


practical   March 26th, 2010 1:56 pm ET

Unless someone tries to infiltrate a system, how do we know its safe. Don't be fooled our government has people on its payroll attempting to do just this with our security systems.


Ken   March 26th, 2010 1:58 pm ET

Why mess with a mainline biz, why not hack people who need it. Defacing a terrorist's website comes to mind.


jay   March 26th, 2010 1:59 pm ET

Although Twitter is supposed to protect privacy (to an extent), anything that one posts on it is, in essence, public. So anything that Obama posted on his Twitter should have been well thought out beforehand (ie: not sensitive material) as the internet is NOT a secure place. People should know that they are posting on to a public domain; and that if information leaks out, it's partially your fault for putting it there in the first place.


Chris   March 26th, 2010 2:01 pm ET

lol rob a bank and see how far you get with the loot. Then when (if) caught you say "Hey, I just wanted to show you the flaw in your secuity procedures and systems. I actually managed to get this far with the money before you caught me. The good news is you can hire me a as special security consultant now"


Deep Throat   March 26th, 2010 2:03 pm ET

This is just freakin ridiculous what idiot would do that


Norse1990   March 26th, 2010 2:05 pm ET

Should it be illegal if I enter someone's home, look around, leave a message that I was there, and then leave without taking anything? To the dungeon with him!


zzmook   March 26th, 2010 2:05 pm ET

You can call yourself a white hat hacker til you're blue in the face, don't do the crime if you're not prepared to do the time. And Twitter would definitely be a company he could have approached and said "hey, I see a hole in security – pay me and I'll show you the exploit and how to fix it".


TJP   March 26th, 2010 2:10 pm ET

@zzmook – actually twitter isn't a company that you could approach like that. You would think you could, but it's not the case.


Henry Clark   March 26th, 2010 2:15 pm ET

True hacking is accepted and encouraged for the purpose of learning to defend. But Frenchie is just a brute force hacker using the Twitter hack app. Its free and anyone can download it. Maybe the authorities should give the programmer 2 years. He's the guy they should be after.


Erik in Iowa City   March 26th, 2010 2:15 pm ET

Twitter is for the illiterate. Who cares about this really?


Mat   March 26th, 2010 2:17 pm ET

The answer to the question " can a person actually be a "Good Hacker" ?"
is yes. There are typically three designation of hackers.
Black Hat – Typically the guys we all think about when someone says they were hacked. These individuals may or may not be out for a malicious purpose, but are usually at least out for them selves.

White Hat – These are the individuals that are either formally trained as hackers or have the experience to back themselves up, and are hired as security and exploitation subject matter experts by companies and the govt. in order to test the security of a network infrastructure or its internal security systems.

Grey Hat – Plays both sides. Can be malicious or benevolent, and isn't necessarily out to burn the world.

Hackers generally utilize allot of the same system utilities that systems and network administrators do. They just utilize the information gained in a different intention.

Typically though, White Hat and Grey Hat do their work with certain ethics. White Hats wouldn't simply crack a system to prove a point. Not without permission first. So while intentions may or may not have been the best. He still is not considered to be among what society is coming to know as "Ethical Hackers"


JLM   March 26th, 2010 2:19 pm ET

If you're a white hat hacker and employed by a company to test it's security that's one thing. If you call yourself and ethical hacker and you go around attempting to penetrate networks without permission, then that's flat out a crime. Would a person be let go by police if he walked around testing doors to see if someone left a building or a house unlocked? No. He would be arrested. Why should an activity on the Internet be any different? Especially one such as this where the person committed a malicious act after breaking into.


Mike   March 26th, 2010 2:29 pm ET

Yes, there is a such thing as an ethical hacker but this guy was totally un-ethical. He broke laws and is now giving legitimate ethical hackers a bad name.


PV   March 26th, 2010 2:31 pm ET

I agree with the people who said he should have contacted Twitter and made arrangements with them to test theirsecurity and point out loopholes. Going public to attract attention and say "i'm nice" just because he didnt do anything malicious THIS time doesnt cut it. As someone pointed out, you cant break into someone's house and say you were testing their house security


CJ   March 26th, 2010 2:37 pm ET

If he was so concerned, he should've told twitter that he was going to break in and then send the private information to their Head of IT security. Instead he sent it to a blog publisher. Sure, he should be praised for pointing out a flaw but there are limits to what you can do and still claim the mantle of Hero, otherwise your just a different kind of Villian.


JAM   March 26th, 2010 2:39 pm ET

For those of you who actually think there is such a thing as a "good hacker"...I'll be breaking into your houses later just to look around and show where you're vulnerable. Don't worry at all!


Doug   March 26th, 2010 2:42 pm ET

While he may not work for twitter, I will offer this byte to chew on.

When we drive our vehicles, we do so knowing that they have been intentionally demolished, crashed, wrecked, destroyed, and otherwise "tested" of their qualities.

If he caused no harm, merely pointed out an exploit, isn't he doing the same thing that auto manufacturers and underwriters labs do to verify the quality of product?

Think of it as a security side airbag crash test.

Fix the holes and move on.


USAPeasant   March 26th, 2010 2:42 pm ET

If the suspect in question did not cause any actual harm or attempt to defame any of the people he "hacked" I personally think he should not be thrown into jail for two years. Instead, I think it be more prudent for the FBI or some intelligence agency to let this guy off the hook and recruit him.

The Pentagon and other government databases are hacked millions of times a day. It be smarter, in my opinion, to give this fellow the option of abandoning his life of crime to help his country out. After all, we could throw this guy into prison, he would then get out, and then have a hard time finding a job, which means he will suck on the government money that we really can't spare at the moment. Instead we could turn him into a protector of our national security and give him a job that turns him into a tax generator. This would not only redeem a valuable human life, but also help our economy and our national security.


Christian   March 26th, 2010 2:43 pm ET

This guy obviously has skills, put him to work against China.


sunshine   March 26th, 2010 2:46 pm ET

I say hire him. We need people who can do that to test our security to make sure it isn't vulnerable.


Connecticutian   March 26th, 2010 2:47 pm ET

OK, we get it, penetration testing can be legit. But this was not.

Analog: imagine a certified, licensed security guard for some company decides that the mall seems vulnerable. He decides that for the good of the mall and public safety, he will break in. He doesn't steal anything, just brags about it.

Do you think the police will decline to file burglary charges because his intentions were (allegedly) pure?


Mike   March 26th, 2010 2:48 pm ET

he probably didn't think he was going to get arrested for it, but either way, that should be in the back of your mind at the bare minimum when you're hacking into the account of the President of the United States. Either way, still not worth the jail time, but the publicity will help him land a high-paying security consulting job I'm sure, so kudos.


SMBaier   March 26th, 2010 2:49 pm ET

There is no "nice hacker" in the world of the Internet. Every hacker in the world ought to be punished as if they were Terrorists. Not only sentenced to life in prison, but having their fingers glued shut completely and permanently so that they can't hack on a computer ever again! PUNISH ALL HACKERS IN PRISON!


AMR in NJ   March 26th, 2010 2:53 pm ET

He is a criminal. Stealing property, information- anything that does not belong to you is a crime. There is nothing admirable about having criminal skills. Period.


Mr. Bill   March 26th, 2010 2:56 pm ET

HEY – If there is a friendly hacker, why not break into your own bank and transfer all your money to my account. That would be a nice gesture.


Jenny   March 26th, 2010 2:56 pm ET

So called "Nice Hackers" are sometimes necessary in pointing out the flaws in a system. With this man coming forward to point out these vulnerabilities, it brings an important security flaw to the attention of these companies and they can address them before a "Not-So-Nice Hacker" exploits those vulnerabilities for their own personal gain. Knowing the laws, coming forward with this information and putting his neck on the line to do so has given the users a little more protection. This exposure has forced the companies to address those flaws immediately in order to protect our accounts. Just my 2 cents.


chewts   March 26th, 2010 3:01 pm ET

i think we need people like this, if he can do it then someone else with bad intentions can do it


Nobama   March 26th, 2010 3:03 pm ET

Reading Obama's twitter account must have been entertaining....


Ron (Denver)   March 26th, 2010 3:03 pm ET

Not all hackers are criminals. If you are hired to probe and expose weaknesses by an organization, then this type of activity is OK because it is almost always very specific and defined in the engagement contract.

It does not matter that this guy thinks he is "a nice hacker". Computer and tort law are pretty clear – he accessed data that he had no authority to access – end of story, see you in the hooscow.


DawnMitchell   March 26th, 2010 3:04 pm ET

Want would you think about someone trying to break into your house, just to see if they can do it? Wouldn't like it would you? You would want that person in Jall. That is exactly where Hacker Croll belongs and for more than 2 years.


armyguy   March 26th, 2010 3:04 pm ET

I think the US Govt will hire him, they have a big hacker security program where they are looking for people like him. He should get a automatic job instead.


robthomaseyes   March 26th, 2010 3:15 pm ET

Bull. Can you imagine someone breaking into your house and trying to tell you he's a good burglar; that he was just doing it to show you your house could be broken into, and that your security system was faulty? Imagine that same scenario with a bank. Give me a break. I'm sick and tired of people committing crimes and trying to justify them by pretending to be altruistic.


Scott Slack   March 26th, 2010 3:20 pm ET

Leaving my door unlocked does not make it OK to enter my home, even if you do not steal my TV. There is no value in "proving poor security". It isn't your job.


Rich   March 26th, 2010 3:20 pm ET

So find him guilty, sentence him to probation and give him a government job in cybersecurity. Case closed.


The Fury   March 26th, 2010 3:22 pm ET

I heard he's going to get a reduced sentence because his sentencing paperwork was longer than 140 characters.


monsterman   March 26th, 2010 3:29 pm ET

Yes, the guy deserves jail time! He was not paid to do what he did. He intruded on private info and must be heavily fined and locked up. "I'm a nice hacker!" Baloney! Sick of people that talk like that. Sick of people that support these so-called ethical hackers. He broke the law – tme go to jail. Throw away the key while you're at it.


Andrew   March 26th, 2010 3:29 pm ET

If someone broke into your home because they thought your front door lock was insufficient in their estimation and took pictures of your personal belongings to prove he was there and then sent them to you to "help" you determine a security issue do you think you'd thank him or get really creeped out and call the cops?

White hat hacking or pen testing is completely illegal and unethical unless it's commissioned or requested by the target.

/story


Chris   March 26th, 2010 3:31 pm ET

Yes there are good hackers. I'm a CEH (Certified Ethical Hacker), there are many of us CEH's working for corporations and governments around the world. We use our talents and skills to find security holes in systems. What this french twit did is was wrong and he will pay the price. What he could of done was contact Twitter and notify them that he beleives he has found a poosible security hole. Had he done that he would be free and maybe working for Twittwer as a security expert. Now he is just a twit in a french jail.


monsterman   March 26th, 2010 3:34 pm ET

For you ethical lovey-dovey types: Does this make sense??

1. I am a nice hacker and am now looking into your entire personal info and I promise that I'm just looking without looking.

2. I'm an ethical pervert and I broke into your house and opened up your spouse's underwear drawer and trust me, I never looked or even sniffed the contents.

Ethical?? Nice?? Bull!


Jim   March 26th, 2010 3:40 pm ET

Whether or not he had good intentions, he did not have permission. If he truly wanted to help Twitter, why not talk to them about it first? White hat or black hat, nobody's going to thank you for breaking into their house, then pointing out how insecure it is.


IT_Person   March 26th, 2010 11:47 pm ET

Anyone who above mentioned companies hiring hackers for info security is absolutely right. I work for a fortune 500 company and I can tell you we have between 30-40 individuals work for us that I would say have genuine "hacking" abilities in various domains.

Of course, just as mentioned above, these individuals are all considered "white hat" hackers. That means they do not use their extensive knowledge of networking, servers, databases, etc., for malicious purposes. Rather, they use their knowledge and abilities to protect their employer. This is very common practice.

However – it is a widely known aspect of hacking protocol that you never conduct penetration tests or vulnerability scans of anybody unannounced. You must notify the host that you will be performing such actions; otherwise, it is, by default, "black hat" (or malicious) in nature.


teetee8080   March 27th, 2010 5:31 am ET

Take this as a learning experience and hire the man to find further weak links. It was not really so bad due to the fact he did nothing malice to the accounts. However, what if it was some one else, with cruel intent. what if it was an account that contained personal banking info or S.S.I. numbers. We need to learn how to protect our selves a little better in the future. And the one thing that was said that I agree with was, Do not publish or put out any information that you do not want others to know. Always keep in mind some one is watching and listening at all times. Let alone some one is reading all they can on you. If you believe it is personal, keep it that way.......... Then there will be no worries on who may hack into something and get your personal information.


Franko   March 27th, 2010 6:38 am ET

"NSA access system is built into every version of the Windows operating system" - Trust the government, but not the neighborhood hacker ?


Luke   March 27th, 2010 1:00 pm ET

I don't really see how a major crime (such as a felony) can be committed without malicious action or intent to an individual/party. If it is proven that he intended any of these, then I feel a crime has been committed. Acquiring information is not a crime. Using it for personal gain is not a crime. Using it for extortion, now that might be.


THOMAS JOHNSTON   March 27th, 2010 1:47 pm ET

A twitter account should not be considered a secure data base, and should be treated as essentially open information. Anything put on the internet should be suspect. I use internet for all sorts of things, but I am always aware that someone may be watching. If Pres Obama or Britteney Spears want privacy, they should not use the internet! Or, at least should be very discreet in their communications. Hacking is an invasion, but public figures should be very careful nevertheless. Prosecute the hacker? Don't authorities have better things to do?


Bri   March 27th, 2010 8:13 pm ET

I really don't think there's such a thing as a "good" hacker, though someone can indeed hack with good intentions, like this guy did. I think it's great that he hacked President Obama, because he's one of the most powerful people in the world, and something really needs to be done about the fragility of the Internet. Nothing is safe on the Internet or on your computer, NOTHING. I've learned this the hard way. I've been using the Internet every day for probably 8 years, and I never got hacked until recently. It was horrible. The person was malicious and evil, threw some very serious and scary threats at me, and basically tried to ruin my life. They harassed me for days and deleted or took control of almost every account I used at that time. They had my address, and other very personal information. And I had no idea who they were! I wish so much that they would get some jail time for what they did to me, and what they've probably done to countless other innocent people. Instead of putting this guy in jail, they should be dealing with real hackers who actually try to cause harm to people. It would be really nice if Obama would pass some kind of law that protects people from getting hacked. It's sad that hackers only get in trouble when they hack a famous person. What about the average Internet user? I really believe it's about time we get some protection, too.


Franko   March 27th, 2010 9:11 pm ET

Your comment is awaiting moderation.
Food is Good


Guy   March 27th, 2010 9:12 pm ET

Really, Tech has to be safer. This guy has a point.


Tony D   March 27th, 2010 9:15 pm ET

Well I dont think he was a good smaritan to trying to help twitter with security but more likey he did it because he could he has the hacker mentality but aparenty he is one of the stupid hackers because he got caught lol now he deserves what he gets he new the law and broke it.


Franko   March 28th, 2010 11:31 am ET

The next TWEET night b from the CIA ? - Watch uTube;
NWO Mafia arm CIA invests in firm that monitors Internet Blogs Twitter Amazon Youtube etc


Nathan Sokalski   March 28th, 2010 2:28 pm ET

Hacking is a good thing if it is done under certain conditions:

1. The place you are hacking knows you are trying to do it
2. You do not abuse or damage the data if you succeed
3. You tell them how and that you hacked it if you succeed

This is actually a job position that some places hire people for. There is no better way to improve something than by finding what's wrong with it, and if you already knew what was wrong with it, you probably would have fixed it already. Have people try to figure out how to hack into a security system is no different than test driving a car (other than the fact that nobody can run you over while testing the security system).


Anonymous   March 28th, 2010 3:25 pm ET

Lets take an objective opinion here.

After reading every comment, I see flaws in both sides of these arguments.

Twitter provides a free service, similar to that of a neighborhood swimming pool. During pool hours, you can go swimming for free.

I'm surprised people are comparing public domain to private property.

People can and do make money off of this stuff ligitimately.

-A curious person would have tested without permission, but not told anyone.
-A good person would have obtained permission before testing.
-A good "hacker" may have tested without permission. But, a "truly good" hacker would have fixed the problem on his own, gone undetected, and left. Kind of like when your apartment complex changes your locks for free and gives you new keys because the old locks weren't very good.
-A naive kid surprised by what he thinks is a newfound talent might brag to one of his friends - ultimately what this clown did.

Ultimately, he did the wrong thing by not having permission. Again, he did the wrong thing by taking copies of and distributing the information. Typically, electronic crimes are punished with sentences exceeding two years.

But, because he's likely just a naive youngster, and not actually out to cause harm, because he did have the power for a moment to make much more of that data public, I agree with the give him probation and get him a job. Monitor his electronic activities.

All of you who say death and prison to all hackers in the world should think about the fact that without them there wouldn't be any computer security. McAffee's "Hacker Safe" is a service that scans a web site for security holes and reports them - much the same way a hacker would. You should be happy about that each time you submit your credit card information to one of those sites.


Franko   March 28th, 2010 7:22 pm ET

"Your comment is awaiting moderation."
CNN needs to publish why comments are rejected.

A preview function, for real time feedback,
detailing why a comment is rejected.


Security Briefing: March 29th : Liquidmatrix Security Digest   March 29th, 2010 7:31 am ET

[...] Man suspected of cracking Twitter accounts: 'I'm a nice hacker' | CNN [...]


Security Briefing: March 29th | Portable Digital Video Recorder   March 29th, 2010 10:13 am ET

[...] Man suspected of cracking Twitter accounts: 'I'm a nice hacker' | CNN [...]


jeff   March 29th, 2010 1:13 pm ET

you can if you dont steal or mess with anything but showing them whats wrong with the system is good so they can fix it


Karlo Ebron   March 29th, 2010 3:44 pm ET

Personally speaking, right or wrong, hacking is hacking. There are those who would do it for business, pleasure, thrills or nefarious reasons. There are those who are genuinely curious of their own set of skills or curious as to the amount of metal there is surrounding a certain infrastructure. Hacking is a skill, a learned trait and like other skills in life, they can be used by the will of the person using those skills for whatever reason. Yes, I believe there are "good hackers" or "white hats" as they've been referred to in the past. There are those who intrude, traipse and then egress from a system without ever being detected and don't tell a soul. This man got caught. He "broke" certain "laws" that were set by "governments" and "agencies". Thus, he will face a judgment and repercussions. That's the long and short of it.


Jeff   March 29th, 2010 9:43 pm ET

A nice hacker doesn't steal the data and post on websites. A nice hacker, gets permissions from the owner of the information system and then after permission is given, he/she does the security penetration tests. After the tests are complete, the nice hacker, gives what he/she found to the owner of the information system only. This is the code of ethics for hacking.

By the way, hacker is not a negative term. White hat, grey hat and black hat hackers is just like saying ethical politican, politician and then corrupt official in the same order. Certified Ethical Hacker is a certification course from EC Council that many security professionals take so they can start to learn to hack ethically to protect companies and private citizans from the black hat hackers. Of course that course is just the beginning but it's a start on a skill tract to ethically do you job.


Travis   March 29th, 2010 9:44 pm ET

There are "good" hackers out there but this guy was not one of them. You don't hack a system then divulge the information of passwords and names of employee candidates to a popular tech blogging sight. That was invasion and theft of data.


Mauro   March 30th, 2010 12:00 pm ET

I love hackers, make keep lazy people somewhat awake. If it weren't for these hackers, people wouldn't improve the system and the likelihood of a complete cyberspace meltdown much more real


Bill   March 30th, 2010 8:47 pm ET

You shouldn't be trusting the internet security it was never meant to be used for emailing, banking,or any personal information it was meant for information that evryone could see and use and that man should not be locked up she should be left alone and maybe even hired but should keep personal infomation to your self thats the risk everyone takes whether it be celebrtiy, president or just a regular person.


Dave F   March 31st, 2010 8:01 am ET

I think you can be a 'Good Hacker'. It would be very helpful to have someone like that to be able to hack websites, like Twitter, to show some flaws


Russ   March 31st, 2010 1:29 pm ET

white hat hacker...

well renown. He didn't do anything malicious, but he could have handled it privately.


Franko   March 31st, 2010 11:52 pm ET

"Your comment is awaiting moderation."

With CNN calling censorship moderation
The network is being trivialized to serve corporate interests


Justice   April 1st, 2010 11:27 am ET

There is no such thing as a "nice" hacker. Yes, he did do something wrong. It's like saying G__ Damn in the same sentence, the two words don't go together. Thousands of Americans are being illegally surveilled and electronically assaulted by mentally disturbed hackers who been allowed to operate like domestic terrorist thugs. Law enforcement at all levels knows of these situations but continues to ignore. Most Americans are living in a "dream state" and are not aware of the havoc caused by these people that start out as so-called "nice" hackers. Go to the website of Freedom from Covert Harrassment and Surveillance. Believe me this is real and continues to affect thousands of individuals worldwide, every minute of every day. I'm one of the targeted individuals.


Fluxx   April 1st, 2010 1:47 pm ET

Yes. There are what you can call "nice hackers". This guy is not one of them. He stole personal information and gave it to someone else. Those of us that are out to find vulnerabilities in security would only bring our findings to a proper authority as the idea is to "fix" said security holes, not exploit them and once caught try and say you are the good guy.


Leave Your Comment


 

CNN welcomes a lively and courteous discussion as long as you follow the Rules of Conduct set forth in our Terms of Service. Comments are not pre-screened before they post. You agree that anything you post may be used, along with your name and profile picture, in accordance with our Privacy Policy and the license you have granted pursuant to our Terms of Service.


subscribe RSS Icon
About this blog

Are you a gadgethead? Do you spend hours a day online? Or are you just curious about how technology impacts your life? In this digital age, it's increasingly important to be fluent, or at least familiar, with the big tech trends. From gadgets to Google, smartphones to social media, this blog will help keep you informed.

subscribe RSS Icon
twitter
Powered by WordPress.com VIP