Sophos: Firm hires worm author Mikeyy Mooney
April 2009 by Sophos
Sophos has learnt that Michael ’Mikeyy’ Mooney, the 17-year old hacker who caused mayhem on Twitter with a series of worms on the micro-blogging website last weekend, has been rewarded with a job in web application development.
According to media reports, US web application development and hosting firm exqSoft Solutions approached and hired Mikeyy Mooney, the teenager behind the ’StalkDaily’ and ’Mikeyy’ worm attacks after he had publically claimed responsibility.
Sophos experts note that Mooney’s actions did not just waste the time of thousands of Twitter users – he also put them in considerable danger. For instance, if financially-motivated hackers had seen what Mikeyy was doing and used the XSS flaw to steal identities and install malware, just as Twitter scrabbled to get the problem fixed, the consequences could have been dire for thousands of users.
“Mikeyy proved two things by unleashing his computer worm – firstly, that there was an untapped problem with Twitter, and secondly that he had no problem with acting irresponsibly,” said Graham Cluley, senior security consultant at Sophos. “Mikeyy Mooney may be skilled in some areas of computing, but there are many other talented people out there who have never shown such a disregard for established and accepted ways of reporting security flaws, and haven’t shown such questionable judgement. If you find a flaw in a piece of software or website, you don’t write a worm to exploit it impacting thousands of innocent users. Instead, you should act responsibly and inform the affected company instead, and work with them to get the problem fixed."
Furthermore, Sophos experts note that Travis Rowland, CEO and founder of exqSoft Solutions, had previously posted public messages to Twitter founder Biz Stone, asking that legal action should not be taken against the young hacker:
’@biz hope u guys don’t file lawsuit against him, hope u understand Mikeyy did u favor and could have compromised personal information.’
"Judging by other messages posted by Rowland, his hiring of Mikeyy Mooney is being used as a publicity stunt at the moment and the company has got some cheap exposure in the press," continued Cluley. "Effectively, exqSoft Solutions is encouraging other youngsters to behave irresponsibly. The last thing the computer users need is a wave of other kids exploiting software and websites in the hope that they might be rewarded with a job offer."