Twitter Hackers...
January 2009
Teenage Twitter systems hacker admits guilt. An 18-year old hacker, who managed to breach Twitter’s administration systems and take over multiple high-profile accounts, has admitted his guilt. The teenager, who goes by the handle GMZ, told the Wired Threat Level blog that he broke into Twitter’s administrative control panel by using an automated password-guesser program on the account of a popular user. It turned out that this user was a Twitter support staff member called “Crystal,” who had chosen the easy-to-guess password “happiness.” He said that breaking into the account was easy as Twitter allowed an unlimited number of rapid log-in guesses. Using a self-created tool, he used a dictionary program which automatically tried English words and managed to gain access into Crystal’s account. He was then able to access any other Twitter account by resetting an account holder’s password. He did not use the hacked accounts personally, instead offering hackers in his forum access to any Twitter account by request. Twitter confirmed to Wired that the intruder had used a dictionary attack to gain access to the administrative account, although it refused to confirm the other details. A co-founder did say in a follow-up email that Twitter was doing a “full security review on all access points to Twitter. More immediately, we’re strengthening the security surrounding sign-in. We’re also restricting access to the support tools for added security.”
Teenage Twitter systems hacker admits guilt. An 18-year old hacker, who managed to breach Twitter’s administration systems and take over multiple high-profile accounts, has admitted his guilt. The teenager, who goes by the handle GMZ, told the Wired Threat Level blog that he broke into Twitter’s administrative control panel by using an automated password-guesser program on the account of a popular user. It turned out that this user was a Twitter support staff member called “Crystal,” who had chosen the easy-to-guess password “happiness.” He said that breaking into the account was easy as Twitter allowed an unlimited number of rapid log-in guesses. Using a self-created tool, he used a dictionary program which automatically tried English words and managed to gain access into Crystal’s account. He was then able to access any other Twitter account by resetting an account holder’s password. He did not use the hacked accounts personally, instead offering hackers in his forum access to any Twitter account by request. Twitter confirmed to Wired that the intruder had used a dictionary attack to gain access to the administrative account, although it refused to confirm the other details. A co-founder did say in a follow-up email that Twitter was doing a “full security review on all access points to Twitter. More immediately, we’re strengthening the security surrounding sign-in. We’re also restricting access to the support tools for added security.”
posted by arkietechs at 6:51 AM
0 Comments:
Post a Comment
<< Home