Two Scottish teens arrested over Met Police Twitter hack
Obscene messages appeared on force's official Twitter account following breach of MyNewsDesk platform
Two teenagers thought to have been involved in a hack on the Metropolitan Police force's web site have been arrested and charged in Scotland.
In July, a series of obscene messages appeared on the Met's Twitter account, with fake press releases also appearing on its webpage.
One message called for the release of a London based rapper called "Digga D" and other tweets had expletive messages directed at the police itself.
The arrests were made by the Scottish police force as the hack originated from Glasgow and beyond the jurisdiction of London's Metropolitan Police.
'Two men, aged 18 and 19, from the Lossiemouth and Glasgow areas respectively, have been arrested and charged in connection with unauthorised access and publication of content on the Metropolitan Police Service's news platform on Friday 19 July 2019," a Police Scotland spokesperson told Metro.
Immediately following the incident in July, some speculated that a high-profile hacker from America known as 'Cal' was behind the breach, but that has proved wildly inaccurate with the arrests in Scotland.
The teenagers also didn't gain access directly to the force's Twitter account, as security researcher Graham Cluley noted, the teenagers actually hacked a third-party service for auto-posting content called 'MyNewsDesk'.
"The Met Police should be relieved that something more malicious wasn't posted (such as a phishing attack or link to a website hosting malware) but even though this was clearly more mischievous it's still against the law," he told IT Pro.
"Lots of people do dumb thoughtless things when they're teens, but on social media, it's possible to have a much wider impact. Young people need to realise there can be serious consequences and repercussions when they do something they imagine is a harmless prank, and the police may well not be amused."
MyNewsDesk is a multimedia public relations platform that the police use to distribute notices and release on its social media, email and websites. At the time, the Met said there was no compromise to its IT network and that it had made changes to its accounts on the microsite.
"In response to the incident we are working closely with Mynewsdesk and specialist Met cyber-crime investigators to fully understand what has occurred and if there are criminal offences," a statement said. "Immediate changes have been made to our accounts in response to the incident. There has been no compromise of the Met Police's IT network."
In May, two months before these teenagers gained access, the British Transport Police had staff details accessed via its website. A section of that had to be taken down and replaced with a Tumblr feed.
As yet, there is no date set for sentencing, but it is likely the pair could be looking at a possible 2-year stint in prison under the 'unauthorised access to computer material' provision of the Computer Misuse Act 1990.