Aussie Teen Takes Credit for Twitter Trouble

Sept. 22, 2010— -- An Australian teenager has become an overnight Internet celebrity for admitting that he was the mastermind behind the "mouseover" attack that led to Tuesday's Twitter mayhem.

Pearce Delphin, 17, from Melbourne, Australia, said he exposed a security flaw on the micro-blogging site that other malicious hackers then exploited to send thousands of users to porn and other potentially unsavory websites.

The teenager, who calls himself "an almost legal teen (XVII), social media whore & politics lover" on his Twitter page, told the Agence-France Press that he tweeted a piece of code that would allow websites to open in pop-up browsers as users moved their mouses over the links.

Delphin said got the idea from a Twitterer who used a similar code to tweet rainbows, and when he tweeted his own code it was just to test it out.

"I did it merely to see if it could be done ... that JavaScript really could be executed within a tweet," he told the AFP. "At the time of posting the tweet, I had no idea it was going to take off how it did. I just hadn't even considered it."

Teenager: 'I Had No Idea It Was Going to Take Off'

According to the Bath, England, security firm Netcraft, which traced the source of the code to Delphin within a few hours of the teenager's post, hackers had unleashed a "massive" worm attack against Twitter users.

By mid-morning, a href="http://status.twitter.com/post/1161435117/xss-attack-identified-and-patched" target="_blank">Twitter announced on its status blog that it had patched the hole. But before the company addressed the flaw, some experts said the attack could have affected hundreds of thousands of Twitter users.

The incident has made Delphin something of an Internet star, and from his Twitter posts, it looks as if he's enjoying the fame.

After Netcraft posted a message about the security flaw and attributed the source of the code to Delphin, Delphin tweeted, "Guise, look at me, I'm Internet faaaamous! http://zzap.eu/39555"

Later, he posted, "I appear to be receiving some media coverage. What a great pleasure it must be, to have a friend as wonderful as me."

Twitter Attack Could Have Affected Hundreds of Thousands of Users

When the attack started spreading across Twitter Tuesday, Graham Clulely, a senior technology consultant at Sophos, " target="_blank">posted a warning on his blog.

According to Cluley, the new "onmouseover" security flaw affected thousands of users, including the British prime minister's wife, Sarah Brown.

On his blog, Cluley wrote that the flaw had been exploited to send visitors to Brown's Twitter page to a hardcore porn site in Japan. As soon as Brown noticed the problem, she tweeted a warning to her more than 1 million followers.

Security Experts: Flaw Opens Door for Cybercriminals to Unleash Attacks

Until the hole had been fixed, Cluley warned Twitter users to stay off the site altogether and to use third-party sites, such as TweetDeck or Seesmic, instead. The mobile Twitter application appeared to be unaffected.

Cluley said some users appeared to use the flaw for fun, but it could have opened the door for cybercriminals to unleash more malicious and harmful attacks.

"There is obviously the potential for cybercriminals to redirect users to third-party websites containing malicious code, or for spam advertising pop-ups to be displayed," Cluley wrote.

To see how the hack actually worked on Twitter, check out a video Clulely posted a on YouTube.