Check out these Unusually Stupid Celebrities.
- Image by Getty Images via Daylife
After much debate over the recent hacking attempts on Twitter (multiple accounts were hacked on Monday, including President Elect Barack Obama's), the case seems to have been solved.
There was initially some debate as to whether or not the attempts were perpetrated by the notorious 4chan /b/ board (who seemingly hacked Google Trends the other day, causing an image of a jet plane flying into two towers to display on the popular service) or the Digital Gangster hacker, GMZ.
The answer? GMZ.
He gained entry to Twitter's administrative control panel by pointing an automated password-guesser at a certain popular user's account. This "popular user" turned out to be a member of Twitter's support staff (D'oh!), who had been using the weak password "happiness."
Cracking the site was easy, because Twitter allowed an unlimited number of rapid-fire log-in attempts.
"I feel it's another case of administrators not putting forth effort toward one of the most obvious and overused security flaws," he wrote in an IM interview. "I'm sure they find it difficult to admit it."
The hacker identified himself only as an 18-year-old student on the East Coast. He agreed to an interview with Threat Level on Tuesday after other hackers implicated him in the attack.
The intrusion began unfolding Sunday night, when GMZ randomly targeted the Twitter account belonging to a woman identified as "Crystal." He found Crystal only because her name had popped up repeatedly as a follower on a number of Twitter feeds. "I thought she was just a really popular member," he said.
Using a tool he authored himself, he launched a dictionary attack against the account, automatically trying English words. He let the program run overnight, and when he checked the results Monday morning at around 11:00 a.m. Eastern Time, he found he was in Crystal's account.
That's when he realized that Crystal was a Twitter staffer, and he now had the ability to access any other Twitter account by simply resetting an account holder's password through the administrative panel. He also realized he hadn't used a proxy to hide his IP address, potentially making him traceable. He said he hadn't used a proxy because he didn't think the intrusion was important enough to draw law-enforcement attention, and "didn't think it would make headlines."
He said he decided not to use other hacked accounts personally. Instead he posted a message to Digital Gangster, a forum for hackers and former hackers, offering access to any Twitter account by request.
"I ... threw the hack away by providing DG free accounts," he said.
He also posted a video he made of his hack to prove he had administrative access to Twitter...
Twitter co-founder Biz Stone confirmed for Threat Level that the intruder had used a dictionary attack to gain access to the administrative account, but wouldn't confirm the name of the employee who was hacked, or the password. He also wouldn't comment on how long the intruder was in the Twitter account resetting passwords before he was discovered.
"Regarding your other questions, I'd feel more comfortable addressing them once we've spoken to counsel because this is still ongoing," he wrote Threat Level in an e-mail.
Stone said that Twitter has already been contacted by the Barack Obama campaign about the hack and has been in touch with everyone whose account was accessed by the intruders. He said Twitter had not had contact with the FBI or any other law enforcement agency.
GMZ said he's used the same dictionary attack to breach the SayNow accounts of Disney star Selena Gomez and other celebrities.
After YouTube blocked his IP and patched some vulnerabilities he was exploiting, he decided "for the fun of it (curiosity and self-entertainment) I'll pen-test Twitter." He was "shocked to realize that there was no rate limit" to lock someone out after a specific number of failed password attempts.
He said he'd never even heard of Twitter until he saw someone mention it on YouTube.
Related articles by Zemanta
- Twitters Hacked and Attacked
- Twitter: The Hackers Darling?
- Obama, Spears Twitter accounts hacked
- Twitter accounts of Obama, Britney Spears hacked
- Twitter accounts of Obama, Spears hacked
- Twitter: Gone phishing? Obama, Britney, and Facebook accounts hacked
- Obama, Spears Twitter accounts hacked
- Twitter Hacking Epidemic Claims Britney Spears, Barack Obama
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=e028946c-eddf-4d0a-a5ca-d82224e0e6f0 "Twitter Hacking Case Solved! Happiness Is to Blame")
It's nice to see you again! Thanks for reading Blippitt. What do you think of this story? Be sure to leave a comment below.
Was the Audi Green Police Commercial Offensive? (VIDEO)
Top 10 Super Bowl Commercials 2010 (VIDEO)
Saints Win Super Bowl 44, Beat Colts 31-17![Toro Snow Blowers [Deals]](http://blippitt.com/wp-content/uploads/2010/02/toro-snow-blowers-150x150.jpg)
Toro Snow Blowers [Deals]
Famous and Celebrity Birthdays for February 8, 2010
