I'm a nice hacker peeping at the accounts of President Barack Obama

Suspected Twitter infiltrator: 'I'm a nice hacker'

By ANGELA DOLAND (AP) – 23 hours ago

PARIS — He's unemployed and isn't much of a computer expert. The Frenchman accused of infiltrating Twitter and peeping at the accounts of President Barack Obama and singers Britney Spears and Lily Allen says he wanted to reveal just how vulnerable online data systems are to break-ins — and he says he didn't mean any harm.

"I'm a nice hacker," suspect Francois Cousteix told France 3 television Thursday, a day after he was released from police questioning, adding that his goal was to warn Internet users about data security.

"Hacker Croll," as he was known online, is accused of breaking into Twitter administrators' accounts and copying confidential data — as well as peeping at Obama's and the singers' accounts, though he didn't have access to sensitive information about them, a French prosecutor said.

FBI agents sat in on the sessions while French police questioned the young man for two days, said Jean-Yves Coquillat, prosecutor in Clermont-Ferrand, where the suspect will be tried in June for hacking.

If convicted on the charge of breaking into a data system, he risks up to two years in prison and a euro30,000 ($40,068) fine. The suspect lives near Clermont-Ferrand in central France.

"He says it's the challenge, the game, that made him do it," Coquillat said. Officials say preliminary investigations suggest Hacker Croll did not tweet in other peoples' names or try to make money out of his information.

"He had access to elements that were so confidential that he could very well have profited from them" through blackmail, for example, said Adeline Champagnat of the French police office on information technology crimes.

She compared the hacker's actions to "a burglar breaking into the headquarters of a big company, able to look at the files of the all employees and clients, with their passwords and confidential information."

"In a way, he succeeded in taking control of Twitter," Champagnat said.

Twitter, based in San Francisco, declined to comment on the case Thursday.

At one point, Champagnat said, the hacker attempted to find a password for Obama's account but didn't follow through with it. With administrator access, "he didn't even need" Obama's password, she said — but hacking into the president's account wasn't his goal.

Cousteix, who was identified as being 23 or 24, said he just wanted to prove a point about Internet security.

"It's a message I wanted to get out to Internet users, to show them that no system is invulnerable," he told France 3 television.

Hacker Croll confessed to the hacking under questioning, and analysis of his computer backs up his statements, police and the prosecutor said.

The suspect, who lives with his parents and has no college degree, didn't have any special computer training, the prosecutor said.

His technique was to get administrators' e-mail passwords' reset by correctly answering their security questions using information about his prey that he gathered from blogs and other public sites, officials said.

Twitter said in July that it was the victim of a security breach. Co-founder Biz Stone wrote at the time that the personal e-mail of an unnamed Twitter administrative employee was hacked, and through that the attacker got access to the employee's Google Apps account.

The French prosecutor said the suspect infiltrated the accounts of "several" Twitter administrative employees. He was able to access information such as contracts with partners and resumes from job applicants, Coquillat said.

Hacker Croll e-mailed some of the documents to TechCrunch, a widely read technology blog, and it subsequently published some of them, including financial projections. The material was also published on several French sites.

Some of the material was more embarrassing than damaging, like floor plans for new office space and a pitch for a Twitter TV show.

Using the administrator logins, Hacker Croll looked at Twitter details of Obama, Allen, Spears and other well-known personalities and was able to see information such as IP addresses, when they were last connected and when they signed up, French officials said.

Twitter's equivalent of an elusive masked bandit was caught in France this week, according to an Agence France-Presse story citing police sources, after the FBI began working with authorities there. A 25-year-old who goes by the name "Hacker Croll," believed to be responsible for two high-profile Twitter hacking incidents in which both celebrity accounts and internal servers were breached, was reportedly in police custody in the French city of Clermont-Ferrand before being released later on Wednesday.

The hacker was allegedly behind an attack about a year ago in which the Twitter accounts of celebrities ranging from Britney Spears to President Obama were breached; he gained access to a Twitter administrator's password by hacking that administrator's Yahoo Mail account first. (Another, similar incident involving celebrity Twitter accounts had taken place several months prior, also after a sabotage on a weak password; an 18-year-old hacker named "GMZ" claimed responsibility.)

It's also likely that the hacker arrested in France was responsible for an internal Twitter security breach that gave him access to hundreds of sensitive company documents--which he then turned over to industry blog TechCrunch. The TechCrunch incident wasn't mentioned in the AFP story, but since the name "Hacker Croll" was associated with that one, too, it's likely that the same person was responsible.

The hacker, whom AFP reports is unemployed and lives with his parents, appears to have told police what he did to sabotage Twitter's servers and was then released with a court date set for June 24. He was already on authorities' radar for some minor online scam activity, and allegedly has also targeted Facebook and Gmail--though has never attempted to profit financially from his hijinks

Obama's Alleged Twitter Hacker Guessed Passwords
By Jennifer LeClaire
March 25, 2010 1:30PM

Bookmark and Share
A 24-year-old Frenchman who allegedly hacked Twitter accounts of President Obama and other celebrities has been arrested. French police said Francois Cousteix acted on a bet, and he told a TV station, "I'm a nice hacker." Cousteix may also be involved in other Facebook and Twitter hacks, and he could face years in prison instead of a security job.

Related Topics
Hacker
Twitter
Obama
Facebook
Security

Latest News
New Measures Target Port Pollution
Former Priest Wins Templeton Prize
A Third of Breast Cancer Is Avoidable
New Dinosaur Species Discovered
GM Goes Green with EN-V Concept Car

On Thursday, French police arrested a man who allegedly hacked into celebrity Twitter accounts in the United States. Among his victims was President Barack Obama.

French authorities described the hacker as a 24-year-old Frenchman. Rather than revealing his true identity, police are publicly calling him "Hacker Croll," a pseudonym the hacker used during his criminal activities. However, the Associated Press has identified him as Francois Cousteix.

"He was a young man spending time on the Internet," French prosecutor Jean-Yves Coquillat told London's Telegraph newspaper. "He acted as a result of a bet, out of the arrogance of the hacker. He is the type who likes to claim responsibility for what he has done."

Easy as 1, 2, 3?

Cousteix allegedly accessed Obama's Twitter page, as well as the Twitter pages of famous people like Britney Spears and Lily Allen, by guessing passwords, according to French police.

Whether Cousteix obtained any sensitive information from the president's micro-blog was not disclosed. However, news reports put Cousteix on the scene of the crime of dozens of Facebook and Twitter account hacks. Cousteix could spend up to two years in prison on each count of hacking if convicted.

"For a long time, when people got caught for doing this stuff, they got some kind of lucrative security Relevant Products/Services job," said Rob Enderle, principal analyst at the Enderle Group. "Nowadays companies realize that providing incentives to people who are hacking this stuff wasn't a wise thing to do."

Although French authorities took the lead on the investigation, they reportedly relied on the Federal Bureau of Investigation to monitor Cousteix's online activities. The FBI also reportedly took part in the arrest of the hacker.

No System is Invulnerable

Cousteix has admitted to hacking. "I'm a nice hacker ... It's a message I wanted to get out to Internet users, to show them that no system Relevant Products/Services is invulnerable," Cousteix told France 3 television on Thursday. He had been released from police questioning on Wednesday.

Cousteix also leaked some internal Twitter documents to web sites, including TechCrunch in July. At that time, Twitter cofounder Biz Stone said he thought the hacker was able to access an employee's Google Apps account, which contained Docs, Calendars and other Google apps Twitter relies on for sharing notes, spreadsheets, ideas, financial details, and more within the company.

Stone also stressed that the stolen documents downloaded and offered to various blogs and publications were not Twitter user accounts, nor were any user accounts compromised, except a screenshot of one person's account. In that case, Twitter contacted the user and recommended a password change.

"We'll wee what happens, but I have a feeling that hacking into the U.S. president's Twitter account is not something that's going to result in a pat on the head and a lucrative job," Enderle said. "But the hacker is right. It does show that these social networks are fairly vulnerable. Then again, they are also pretty public. The value of stealing somebody's Twitter account is relatively low unless you use that to run a scam."