Two Scottish teens arrested over Met Police Twitter hack

Obscene messages appeared on force's official Twitter account following breach of MyNewsDesk platform

met police website

Two teenagers thought to have been involved in a hack on the Metropolitan Police force's web site have been arrested and charged in Scotland.

In July, a series of obscene messages appeared on the Met's Twitter account, with fake press releases also appearing on its webpage.

One message called for the release of a London based rapper called "Digga D" and other tweets had expletive messages directed at the police itself.

The arrests were made by the Scottish police force as the hack originated from Glasgow and beyond the jurisdiction of London's Metropolitan Police.

'Two men, aged 18 and 19, from the Lossiemouth and Glasgow areas respectively, have been arrested and charged in connection with unauthorised access and publication of content on the Metropolitan Police Service's news platform on Friday 19 July 2019," a Police Scotland spokesperson told Metro.

Advertisement - Article continues below
Advertisement - Article continues below

Immediately following the incident in July, some speculated that a high-profile hacker from America known as 'Cal' was behind the breach, but that has proved wildly inaccurate with the arrests in Scotland.

The teenagers also didn't gain access directly to the force's Twitter account, as security researcher Graham Cluley noted, the teenagers actually hacked a third-party service for auto-posting content called 'MyNewsDesk'.

"The Met Police should be relieved that something more malicious wasn't posted (such as a phishing attack or link to a website hosting malware) but even though this was clearly more mischievous it's still against the law," he told IT Pro.

"Lots of people do dumb thoughtless things when they're teens, but on social media, it's possible to have a much wider impact. Young people need to realise there can be serious consequences and repercussions when they do something they imagine is a harmless prank, and the police may well not be amused."

MyNewsDesk is a multimedia public relations platform that the police use to distribute notices and release on its social media, email and websites. At the time, the Met said there was no compromise to its IT network and that it had made changes to its accounts on the microsite.

Advertisement - Article continues below

"In response to the incident we are working closely with Mynewsdesk and specialist Met cyber-crime investigators to fully understand what has occurred and if there are criminal offences," a statement said. "Immediate changes have been made to our accounts in response to the incident. There has been no compromise of the Met Police's IT network."

In May, two months before these teenagers gained access, the British Transport Police had staff details accessed via its website. A section of that had to be taken down and replaced with a Tumblr feed.

As yet, there is no date set for sentencing, but it is likely the pair could be looking at a possible 2-year stint in prison under the 'unauthorised access to computer material' provision of the Computer Misuse Act 1990.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now

Most Popular

operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
General Data Protection Regulation (GDPR)

Data protection fines hit £100m during first 18 months of GDPR

20 Jan 2020