Twitter Hack Explained By Hacker


Recommended Posts

7 January 2009, 09:46

Twitter hack explained by hacker

The person responsible for the Twitter hack that saw various celebrity twitter accounts announcing bizarre news, or pointing to spam sites, has come forward and spoken to Wired magazine. There were numerous theories on how the person, who goes by the handle GMZ, gained access to those accounts. It turns out that it was a simple brute force dictionary attack on a Twitter account's password. The hacker, who only identified themselves as an 18 year old US student, had been randomly targeting apparently popular users with his own, dictionary based, brute force password guesser. It appears that Twitter allows an unlimited number of rapid fire logins, and after an overnight run, the hacker found that a popular user with the name "crystal" had a password of "happiness".

The hacker logged in to the account and found that crystal was a Twitter staff member and he now had access to the administrative panel of Twitter. Deciding not to use other hacked accounts directly, partly down to his not using a proxy, the hacker then offered password resets to users of Digital Gangster who requested passwords for Barack Obama, Facebook, Fox News, Britney Spears and others. According to Twitter, thirty three accounts were compromised. Biz Stone, Twitter co-founder, confirmed that a dictionary attack had been used, but would not confirm the username, password or other details, telling Wired "Regarding your other questions, I'd feel more comfortable addressing them once we've spoken to counsel, because this is still ongoing".

http://www.heise-online.co.uk/security/Twi...r--/news/112364

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...