Hacker Charged in Twitter Support HackVendor Compromise Led to Defacement of Twitter Feeds
Cameron Lacroix of New Bedford, Mass., was charged July 2 in San Jose, Calif., with hacking Zendesk, a San Francisco company that provides helpdesk support to numerous companies, including Twitter.
See Also: DevOps - Security's Big Opportunity
The news comes one week after Lacroix pleaded guilty to hacking computer networks of law enforcement agencies across the U.S., as well as at a local college (see: Hacker Pleads Guilty to Breaching Networks). He also pleaded guilty to obtaining stolen credit, debit and payment card numbers.
In this latest case, Lacroix allegedly hacked into Zendesk's website in February 2013 and disabled a security feature designed to limit who can view information pertaining to Zendesk's customers, authorities say. Lacroix is said to have then exported approximately one million Twitter support tickets to computers outside of Zendesk's network and used that information to compromise and deface the Twitter feeds for two companies.
The attacks allegedly resulted in Zendesk and Twitter incurring combined losses of over $200,000 in responding to the attacks, authorities say.
Lacroix has been charged with intentionally causing damage to a protected computer. If convicted, he faces a maximum sentence of 10 years in prison, a fine of $250,000, plus restitution. Lacroix is expected to make his first appearance on Aug. 8.
Prior to the Twitter hack charges, Lacroix admitted to hacking into a computer server operated by a local Massachusetts police department in September 2012, and then accessing the e-mail account of its police chief. He also admitted to repeatedly hacking into law enforcement computer servers across the country which contained sensitive information including police reports, arrest warrants and sex offender information, between August 2012 and November 2012.
The Massachusetts man also admitted using stolen credentials to access and change information in the servers of Bristol Community College, Fall River, Mass., on multiple occasions between September 2012 and December 2013.