François Cousteix, better known as Hacker Croll, is a French self-taught cracker who is notable for hacking Twitter in July 2009. He was in close contact with reporters from TechCrunch who published numerous articles about the information obtained and the incident itself. He remained anonymous until his arrest in March 2010.
Attack on Twitter
Croll obtained access to many of Twitter's high-profile executives' numerous Internet accounts. The infiltration was made easy when the targets passwords and usernames were the same for both personal and business accounts. This led to a domino effect whereby all accounts were hacked including their PayPal and iTunes accounts. He obtained over 300 pages of sensitive documents including Twitters financial projections and meeting notes.
TechCrunch first reported the hack which included a screenshot of Twitter founder Evan Williams' Facebook page and speculation as to the true extent of the attack on July 16. It includes a statement by Williams saying "This had nothing to do with the security of twitter.com". Croll, apparently concerned that Twitter had not understood the danger of the attack sent all the documents obtained to TechCrunch, which subsequently published a select section of them. An extensive article describing the details of the attack a few days later after TechCrunch interviewed the Croll.
Letter to Twitter
When asked by TechCrunch if there was a message that he would like to send to Twitter he responded with a note where he encouraged them to be more careful about security.
Je tiens à présenter toutes mes excuses au personnel de Twitter. Je trouve que cette société a beaucoup d’avenir devant elle.
J’ai fait cela dans un but non lucratif. La sécurité est un domaine qui me passionne depuis de longues années et je voudrais en faire mon métier. Dans mon quotidien, il m’arrive d’aider des gens à se prémunir contre les dangers de l’internet. Je leur apprend les règles de base.. Par exemple, faire attention où on clique, les fichiers que l’on télécharge et ce que l’on tape au clavier. S’assurer que l’ordinateur est équipé d’une protection efficace contre les virus, attaques extérieures, spam, phishing… Mettre à jour le système d’exploitation, les logiciels fréquemment utilisés… Penser à utiliser des mots de passe sans aucune similitude entre eux. Penser à les changer régulièrement… Ne jamais stocker d’informations confidentielles sur l’ordinateur…
J’espère que mes interventions répétées auront permis de montrer à quel point il peut être facile à une personne mal intentionnée d’accéder à des informations sensibles sans trop de connaissances.
I apologize to Twitter. I believe this company will be going places.
I didn't make money by that. Security is a topic that has interested me for many years and I want to turn my hobby into a career. In my everyday life, I often help people to protect themselves against the dangers of the Internet. I teach them the basic rules such as being careful where you click, the files you download, and what you type on the keyboard. Ensure that the computer is protected against viruses, external attacks, spams, phishing ... Update the operating system, software frequently used ... Think of using passwords without any common point between them. Thinking about changing them regularly ... Never keep off-the-record information on the computer ...
I hope my numerous interventions will allow [the firm] to understand how easy it can be for a malicious person to access to confidential information without much knowledge.
He was arrested in March 2010 after a joint investigation by the Federal Bureau of Investigation and French police. He was then handed a five-month suspended sentence by the criminal court in Clermont-Ferrand, instead of the two months and €1,000 fine recommended by prosecutors; Croll announced that he would not appeal the sentence.
- Cubrilovic, Nik (2009-07-19). "The anatomy of the Twitter attack". TechCrunch. Retrieved 2009-12-23.
- Sage, Adam (March 25, 2010). "'I'm a nice pirate,' says Hacker Croll after seizing Obama's Twitter account". London: Times online.
- "twitters financial forecast shows first revenue in q3 1 billion users in 2013".
- "twitters internal strategy laid bare to be the pulse of the planet".
- Schonfeld, Erick (2009-07-14). "twitters ev confirms hacker targeted personal accounts attack was highly distressing". TechCrunch. Retrieved 2009-12-23.
- "Hacker avoids jail for Twitter attack". The Connexion. June 25, 2010.