Share
Hacker Croll, who compromised Twitter back in May, is at it again. This time, Croll sent TechCrunch 310 confidential documents, stolen during a second confirmed compromise. The stolen information contained, among other things, a pitch for a Twitter-based reality show and the floor plans for Twitter’s new offices in San Francisco. TechCrunch has posted some of this information, but was it ethical to do so?
Should TechCrunch publish stolen information? (Image: Twitter)
Should the news site have published nothing? Should it publish everything?
In a post confirming that Croll sent it the information, TechCrunch described most of the information as embarrassing to certain individuals, but said the vast majority of information wasn’t that interesting. The sensitive nature of some information, for example the names of people who interviewed for jobs at various senior level positions, will be withheld, TechCrunch said. However, the plans for a reality show were later published.
TechCrunch explained its reasoning, saying: “There is clearly an ethical line here that we don’t want to cross, and the vast majority of these documents aren’t going to be published, at least by us. But a few of the documents have so much news value that we think it’s appropriate to publish them.”
Should the site have published anything? That is the question most started to jump on, and -- based on the Twitter reaction and the comments to TechCrunch’s original story -- most think they should have left it alone and not published anything.
“Let’s put aside the highly sensitive documents that we aren’t going to publish, but which will likely end up on the Internet anyway. We’re not going to post that information whether we have the legal right to or not. No discussion is needed,” the site's Michael Arrington said in his response to the comments and opinions.
“But we are going to publish some of the other information that is relevant to Twitter’s business, particularly product notes and financial projections. Many users say this is ‘stolen’ information and therefore shouldn’t be published. We disagree,” he added, pointing out that “it’s simply news.”
Twitter founder Evan Williams confirmed the information was compromised, and told TechCrunch that: “In general, most of the sensitive information was personal rather than company-related. Obviously, this was highly distressing to myself, my wife, and other Twitter employees who were attacked.” Croll was able to access various e-mail accounts, including those owned by various Twitter employees. Of those e-mail accounts, he had access to Evan Williams’ wife’s GMail account. Williams said there is no evidence that his e-mail account was compromised -- even though Croll said it was during his disclosure. One administrative employee at Twitter was also compromised, and other Twitter employees had various accounts accessed as well, including PayPal accounts, Amazon accounts, AT&T and more.
Croll had access to the registrar information for Twitter.com, where he could have done a number of things, including hijacking the Twitter domain or redirecting traffic. He accessed a complete list of Twitter employees, their salary information, applicant resumes, and lists of new celebrity accounts, including French President Nicolas Sarkozy. There were also e-mail contacts and communications with celebrities.
However, for all the opinions and outrage at TechCrunch’s postings, only the information on the reality TV show is actually new. All the images and information TechCrunch has released was made public on French blog Korben.info just hours before the site ran it. It’s assumed that, aside from the e-mail sent to TechCrunch, Croll sent the information to the French blog and other sources as well.
You can view the original blog and all images here, or on TechCrunch by clicking here and here. A translation of the original post can be found here as well.
My take, while most do not agree, is that TechCrunch did the right thing. The site merely posted information sent to it, like any other news publication would. The information, for the most part, is online, and the odds of it appearing completely are rather high, even if TechCrunch doesn’t publish everything.
However, it also did not post anything that would be embarrassing or harmful to Twitter or its employees. Even the floor plans are subject to change, and most of the business-related elements are important news, and would eventually come out one way or another.
What is your opinion? Leave us a comment or send an e-mail to security@thetechherald.com
[This editorial is the opinion of Steve Ragan and does not necessarily reflect the opinions of the staff on The Tech Herald or the Monsters and Critics (M&C) network.]
Want regular updates from The Tech Herald? Follow us on Twitter.
Interested in a more interactive TTH? Join our Facebook Group.
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story