Twitter teen hacker hired by Web app developer

'Any publicity is good publicity,' says exqSoft's CEO about hiring 'Mikeyy'

An Oregon-based Web application developer Friday confirmed he has hired the teenager who admitted attacking Twitter with several different worms last weekend.

Slideshow: 10 of the Worst Moments in Network Security History

Travis Rowland, of Hammond Ore. said that he had offered a job to Michael "Mikeyy" Mooney, a 17-year-old who said last week he had written at least two of the worms that struck Twitter starting on April 11.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

An Oregon-based Web application developer Friday confirmed he has hired the teenager who admitted attacking Twitter with several different worms last weekend.

Slideshow: 10 of the Worst Moments in Network Security History

Travis Rowland, of Hammond Ore. said that he had offered a job to Michael "Mikeyy" Mooney, a 17-year-old who said last week he had written at least two of the worms that struck Twitter starting on April 11.

In a telephone interview on Friday, Rowland, the CEO of exqSoft Solutions, described his company as doing "custom Web application development, primarily geared toward businesses."

Mooney came to his attention because of the Twitter worms, Rowland acknowledged. "I contacted him and saw his Web site, and thought it was interesting," said Rowland. "Then I talked to him and found out he did it all by hand, so I asked him if he wanted to work as a programmer."

Rowland said that Mooney would also be involved doing "security analysis for us, to make sure our applications are as secure as they can be."

The attacks against Twitter began early last Saturday and continued in several waves through parts of Monday. Mooney, who goes by the nickname "Mikeyy," assumed responsibility for the first two worms, dubbed "StalkDaily" and "Mikeyy" in a message posted to his Web site and in later interviews.

StalkDaily and Mikeyy exploited one or more cross-site scripting or cross-site request forgery vulnerabilities in Twitter to infect user profiles. The first attack relied on tweets that referred to several malicious accounts allegedly created by Mooney; when users viewed those accounts' profiles, their own profiles became infected, and their accounts then sent more spam-style messages to entice friends to the just-infected profiles.

Twitter co-founder Biz Stone said Monday that Twitter had had to scrub about 200 infected accounts and delete 10,000 tweets carrying links to JavaScript attack code.

Rowland denied that hiring Mooney was a publicity stunt, but admitted the buzz was a nice benefit. "Any publicity is good publicity, he said. "I can't argue with that, but it's just a perk. If I can get [Mooney] on the right track, it works out for everybody." Mooney, who reportedly lives in Brooklyn, N.Y., is currently work for exqSoft. "He's already started, he's working from his computer, more as an apprentice," said Rowland. "I outsource to developers all around the world."

Rowland said that he has about 20 people on the payroll.

Earlier this week, Rowland had asked Stone not to take legal action against Mooney. "@biz hope u guys don't file lawsuit against him, hope u understand Mikeyy did u favor and could have compromised personal information," Rowland wrote in a tweet sent last Sunday.

At least one security researcher had a problem with Mooney's hiring. "It appears largely to get publicity for this company [exqSoft]," said Graham Cluley, a senior technology consultant with U.K.-based security vendor Sophos. "This is a real dangerous message, that if you're a young lad, the way to get noticed and get a job is to do something incredibly irresponsible."

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.