Information Security News mailing list archives
Weak Password Brings 'Happiness' to Twitter Hacker
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 7 Jan 2009 00:10:16 -0600 (CST)
http://blog.wired.com/27bstroke6/2009/01/professed-twitt.html By Kim Zetter Threat Level Wired.com January 06, 2009 An 18-year-old hacker with a history of celebrity pranks has admitted to Monday's hijacking of multiple high-profile Twitter accounts, including President-Elect Barack Obama's, and the official feed for Fox News. The hacker, who goes by the handle GMZ, told Threat Level on Tuesday he gained entry to Twitter's administrative control panel by pointing an automated password-guesser at a popular user's account. The user turned out to be a member of Twitter's support staff, who'd chosen the weak password "happiness." Cracking the site was easy, because Twitter allowed an unlimited number of rapid-fire log-in attempts. "I feel it's another case of administrators not putting forth effort toward one of the most obvious and overused security flaws," he wrote in an IM interview. "I'm sure they find it difficult to admit it." The hacker identified himself only as an 18-year-old student on the East Coast. He agreed to an interview with Threat Level on Tuesday after other hackers implicated him in the attack. The intrusion began unfolding Sunday night, when GMZ randomly targeted the Twitter account belonging to a woman identified as "Crystal." He found Crystal only because her name had popped up repeatedly as a follower on a number of Twitter feeds. "I thought she was just a really popular member," he said. Using a tool he authored himself, he launched a dictionary attack against the account, automatically trying English words. He let the program run overnight, and when he checked the results Monday morning at around 11:00 a.m. Eastern Time, he found he was in Crystal's account. [...] _______________________________________________ Please help InfoSecNews.org with a donation! http://www.infosecnews.org/donate.html
Current thread:
- Weak Password Brings 'Happiness' to Twitter Hacker InfoSec News (Jan 06)