Slashdot Mirror

← Back to Stories (view on slashdot.org)

Twitter Hack Details Revealed

Posted by CmdrTaco on from the my-password-is-p4ssw0rd dept.

Jack Spine writes "Twitter co-founder Biz Stone has confirmed both to ZDNet UK and Wired's Threat Level blog that a dictionary attack was used to hack Twitter. After the hacker distributed details on the Digital Gangster forum, celebrities such as Britney Spears and Barack Obama had their accounts defaced. Wired spoke to the alleged hacker, while ZDNet UK got in contact with someone who had been on the Digital Gangster forum at the time."

12 of 222 comments (clear)

  1. Lack of Hacker Ethics by alain94040 · · Score: 5, Insightful

    Cracking the site was easy, because Twitter allowed an unlimited number of rapid-fire log-in attempts.

    Twitter is doubly at fault here. First, it's not that hard to detect rapid-fire password attacks. Even Unix (way before Linux) knew to kick you out after 3 failed attempts. Second, they should enforce better passwords for their employees (not necessarily for regular users, that's another discussion).

    He decided not to use other hacked accounts personally. Instead he posted a message to Digital Gangster offering access to any Twitter account by request.

    That's where the 18-year old kid is at fault. He showed a lack of hacker ethics. Good hackers may discover an exploit, but they don't do harm.

    When I hacked my university's computer network (Vax machines on Bitnet back in 1990), I did it with the knowledge of the sysadmin staff. And once you have made your point, you stand back.

    --
    FairSoftware.net -- geeks starting fair and open software businesses together

    1. Re:Lack of Hacker Ethics by Anonymous Coward · · Score: 5, Funny

      That's where the 18-year old kid is at fault. He showed a lack of hacker ethics. Good hackers may discover an exploit, but they don't do harm.

      Maybe so, but really nice hackers patch the exploit with fairy dust and unicorn farts.

    2. Re:Lack of Hacker Ethics by Jonah+Bomber · · Score: 5, Funny

      Aw, what's the use of going through all that trouble if you can't have Bill O'Reilly announce he's gay?

    3. Re:Lack of Hacker Ethics by TheCycoONE · · Score: 5, Insightful

      That's where the 18-year old kid is at fault. He showed a lack of hacker ethics. Good hackers may discover an exploit, but they don't do harm.

      Perhaps, but it's likely because this kid did a little harm that he's captured the attention of so many people. It adds a healthy dose of sensationalism to the story which convinces people to treat security seriously better than some hypothetical 'it could have been really bad if..' would"

    4. Re:Lack of Hacker Ethics by silentquasar · · Score: 5, Insightful

      That's where the 18-year old kid is at fault. He showed a lack of hacker ethics. Good hackers may discover an exploit, but they don't do harm.

      When I hacked my university's computer network (Vax machines on Bitnet back in 1990), I did it with the knowledge of the sysadmin staff. And once you have made your point, you stand back.

      Indeed. At my college a while back, some seniors found a way to hack into the school's network. They posted every user's password on a local network site. Only a handful of weeks away from graduation, they were expelled. Sure, they meant no harm, just to expose the weaknesses in the system, but they broke the rules and seriously compromised the system by posting the passwords, so they had to pay the price. Yikes!

    5. Re:Lack of Hacker Ethics by bughunter · · Score: 5, Insightful

      Um... what kind of harm can you cause by hacking Twitter? It's the internet equivalent of writing on a bathroom wall.

      (Yes, I'm aware of the recursive metaphor I'm creating here.)

      --
      I can see the fnords!
    6. Re:Lack of Hacker Ethics by RemoWilliams84 · · Score: 5, Funny

      Is it any different than finding an unlocked car in the parking lot and opening the door, pushing the door lock, closing the door, and continuing on your merry way?

      I like to do this when I find a car sitting outside a gas station still running.

      --
      "I don't have to think. I only have to do it. The results are always perfect, but that's old news." - Meat Puppets
    7. Re:Lack of Hacker Ethics by dwarg · · Score: 5, Funny

      Yeah, Hacker Ethics, that's it.

      That reminds me of the time I thought I heard a noise at night and I walked into my kids room and there was this guy standing there looking at my 8 month old daughter sleeping. Scared the shit out of me. I was about to either kick his ass, or shit myself when he told me to calm down. He was an Ethical Burglar(TM).

      He had used some pretty basic lock picking methods to break in and just wanted me to know my family was at risk and that we should cage ourselves in our own home so that the marauding Visigoths couldn't break in and kill us all.

      I thanked him for his generous service and he said it was no problem. On his way out he looked at my house one more time and mentioned that he might come back another time and set the place on fire, so we should probably get a coating of asbestos or something to be ready for that.

      I only wish we had more of these ethical hackers and burglers to keep up safe.

    8. Re:Lack of Hacker Ethics by Anonymous Coward · · Score: 5, Funny

      To show I have a sense of humor, I modded the parent Troll.

  2. Re:Limit logins without DOS? by larry+bagina · · Score: 5, Insightful

    Slow down cowboy! It's been 1 minute since your last failed attempt to login.

    --
    Do you even lift?

    These aren't the 'roids you're looking for.

  3. Comment removed by account_deleted · · Score: 5, Insightful

    Comment removed based on user account deletion

  4. Re:Compromise One Password, Compromise Them All by SighKoPath · · Score: 5, Informative
    FTA:

    GMZ doesn't know what the reset passwords were, because Twitter resets them randomly with a 12-character string of numbers and letters.

    No passwords were compromised except for the admin account he used the dictionary attack on. So really, the GP's analysis of harm done is pretty accurate.