Slashdot Mirror

← Back to Stories (view on slashdot.org)

Obama's Twitter Account "Hacked"

Posted by CmdrTaco on from the well-not-exactly dept.

Oxford_Comma_Lover writes "A 24-year-old living with his mother in France was arrested for 'hacking' into Obama's twitter accounts. (Warning: WSJ does obnoxious paywall things. Your miles may vary.) Apparently he guesses the answer to a question related to password recovery in order to break into the accounts of famous people; he has no computer science training or financial motive. He posted screenshots to a few boards and twitter found out within a few hours, either from a tip or from noticing when someone from France logs onto twitter as the President of the United States. (He did not actually tweet as POTUS, but just wanted to show he could break into the account.)"

54 of 308 comments (clear)

  1. He shouldn't be arrested by Monkeedude1212 · · Score: 5, Insightful

    Apparently he guesses the answer to a question related to password recovery in order to break into the accounts of famous people

    If thats all it takes then the system is broken, not the people abusing it.

    1. Re:He shouldn't be arrested by magsol · · Score: 4, Insightful

      Or the users need to cease using common knowledge as the answers to these not-so-security questions.

      --
      "I'd just like to emphasise that taking a million years isn't a metaphor here..." -Rich Bradshaw
    2. Re:He shouldn't be arrested by girlintraining · · Score: 4, Insightful

      If thats all it takes then the system is broken, not the people abusing it.

      Yes, blame the victim. You didn't install triple deadbolts on your door. It's not my fault all your stuff got fenced by me. Jeez, I mean, what do you expect a criminal to do? Hey, btw -- what kind of slashdot poster are you, I didn't find any ramen to eat while you were out running errands either. I really wanted to have a snack after cleaning the place out. Ungrateful jerk...

      --
      #fuckbeta #iamslashdot #dicemustdie
    3. Re:He shouldn't be arrested by Monkeedude1212 · · Score: 4, Insightful

      The "Security question" system in itself is the weak point in most security situations.

      Mother's Maiden name?

      Pet's first name?

      Favourite Band?

      How long do you think it would take to brute force any of those with a simple script? There's no point in making sure your passwords Really strong if your security question can be as weak as a noodle.

    4. Re:He shouldn't be arrested by drachenstern · · Score: 2, Interesting

      I just wanna know if it had the phone number to Obama's Blackberry synced and if those were in the screenshots...

      --
      2^3 * 31 * 647
    5. Re:He shouldn't be arrested by DragonWriter · · Score: 5, Insightful

      If thats all it takes then the system is broken, not the people abusing it.

      Its pretty trivial to break into most homes, cars, etc., but when people actually do it, we consider their actions to be the problem.

      I don't see why the fact that it is a computer system means that there is suddenly nothing wrong with the actions of the person deliberately breaking in.

      Sure, its fairly trivial for an online service to institute better security than "guess an fairly easy question and get access", so there are grounds for saying that the system has a problem. Its another thing, though, to go further and say that it is the system and not the intruder that is the problem.

    6. Re:He shouldn't be arrested by magsol · · Score: 2, Insightful

      I agree, it's a double-edged sword. The system lends itself to simple questions with answers that are easily guessed, and simultaneously users make themselves very predictable. I should have started my previous comment with "And" instead of "Or".

      --
      "I'd just like to emphasise that taking a million years isn't a metaphor here..." -Rich Bradshaw
    7. Re:He shouldn't be arrested by Monkeedude1212 · · Score: 2, Insightful

      Having a security question that is easily guessable is like leaving your car door unlocked. I wouldn't be surprised if it got stolen. Simple as that.

      However, not using a security question, or using one that is as difficult to guess (Symbols, upper lower case, etc) - is like locking the doors. It will deter most criminals.

      If someone SERIOUSLY wanted to hack into Obama's Twitter and cause a ruckus, they would, and I would sympathize for the Prez. But when some dude in France is pulling it off to show off his "leet skills", when all he's doing is guessing, yeah - I think I know who to really blame.

      Next thing I know I'm going to read the NSA is still using WEP/TKA!

    8. Re:He shouldn't be arrested by clone53421 · · Score: 4, Funny

      Mix metaphors thoroughly, serve confused.

      --
      Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
    9. Re:He shouldn't be arrested by KarlIsNotMyName · · Score: 2, Insightful

      Flamebait?

      Personally I hate security questions. The suggestions are always obvious things where most you need to know is the person that owns the account.

      The only safe thing is to not put an actual answer as the answer.

      --
      We are all God's parents.
    10. Re:He shouldn't be arrested by cosm · · Score: 2, Insightful

      If I take my keys and guess a random house to try them on, and get in, it isn't the locksmith's, homeowner's, nor key's fault I trespassed. I conscientiously decided to take the action. It is true that simple attack vectors make things prone to exploit, but the responsibility for the intrusion lies on the individual knowingly exploiting that vector.

      Saying it could have been prevented by a better "system" and then redirecting the blame is like blaming my broken leg on the car manufacturer for not installing a reinforced titanium in the event I choose to plow into a tree.

      --
      'We are trying to prove ourselves wrong as quickly as possible, because only in that way can we find progress.' RPF
    11. Re:He shouldn't be arrested by 0100010001010011 · · Score: 3, Interesting

      Who says the answer has to be 'right'?

      For example every website that wants "Mother's Maiden Name" gets a sha1(md5($maidenname)). Technically accurate but no one is going to 'guess' it.

      Same goes for all other questions. It doesn't even have to be as complex as a hash. Just do a simple reverse or Rot13.

      Last name: Smith.
      Reversed: htimS.
      Rot 13: ugvzF.

      Now the last name is technically accurate, even if it is permuted.

    12. Re:He shouldn't be arrested by rolfwind · · Score: 2, Insightful

      Or the users need to cease using common knowledge as the answers to these not-so-security questions.

      Well, when the system forces it upon you, you sometimes have no choice.

      To me, it's the equivalent of needing 2 passwords instead of one, and I never fill out my security questions with anything but random data. It's truly a PoS security wise. I even hate it more when you can't type up your own question.

      I wonder if facebook has "Your highschool?" or something equally stupid as a security question, when you're there to catch up with old friends in the first place.

    13. Re:He shouldn't be arrested by Anonymous Coward · · Score: 3, Funny

      In front of me, asleep, is a nasty dragon who needs a good beheading. As I raise my broadsword to deal the death blow, the back edge of the blade slices into the arm of my pal Eddie, who squeals, and the dragon wakes & flies away. This really pisses me off, so I put some salt on the wound to make him keep squealing, then I tell him how fat & easy his mom is. Fucking Eddie. I guess I should have used the katana.

    14. Re:He shouldn't be arrested by girlintraining · · Score: 5, Insightful

      Having a security question that is easily guessable is like leaving your car door unlocked. I wouldn't be surprised if it got stolen. Simple as that.

      You know, bathroom locks in most homes and apartments can be opened with a straightened paper clip. There's a reason for this: You can't accidentally open the door, but if there's an emergency (say someone has a fall, or locks themselves in to overdose on pills) the door can be easily opened.

      Pointing out the flaws of the security system don't relieve the person overriding it of their ethical responsibilities to their fellow human beings. Most security exists merely to satisfy the restraint that breaking it isn't accidental, because strong security can impede a variety of legitimate activities. As one example, my cousin lives with roommates who steal her pills, so she had a lock placed on her bedroom door. However, she needed me to get into the room while she was away to get some paperwork. So I fashioned a simple lock pick and gained entry (with the owner's permission). The average person would be unable to do this, but as a security expert, I can. However, I did not do so without permission, because that would be a violation of privacy, however trivial it was for me to actually open the door (about 5 seconds).

      --
      #fuckbeta #iamslashdot #dicemustdie
    15. Re:He shouldn't be arrested by MBGMorden · · Score: 2, Insightful

      Having a security question that is easily guessable is like leaving your car door unlocked. I wouldn't be surprised if it got stolen. Simple as that.

      Not being surprised isn't what you said. You said the guy shouldn't be arrested. Effectively, the parallel is that if someone DID leave their door unlocked, and someone came in and stole their stuff, then that person shouldn't be arrested either.

      No matter how weak your security is, if someone trespasses, steals, or otherwise breaks into a computer or a house, then they need to be punished. Claiming that the security was so weak that it wasn't much trouble for you simply isn't an adequate defense.

      --
      "People who think they know everything are very annoying to those of us who do."-Mark Twain
    16. Re:He shouldn't be arrested by NotBornYesterday · · Score: 2, Insightful

      What is surprising is that out of the 6+ billion people on earth, only this guy seems to have had the motivation (if, indeed, you can calla 24-year old living with his mother "motivated") and imagination to do this. You would think that someone would have done this already either for shits-n-giggles, or possibly more sinister purposes.

      --
      I prefer rogues to imbeciles because they sometimes take a rest.
    17. Re:He shouldn't be arrested by girlintraining · · Score: 2, Insightful

      What victim? It says he didn't even make any posts. This seems more like opening the unlocked front door of your house, saying "yep it's open" and then leaving without taking anything.

      That's still tresspass in the real world. It's reasonable to expect that the residence was occupied and the owner could have been located prior to gaining entry, same as having 'no tresspassing' signs posted. There may be no security present to stop you, but that's not a valid argument for entering the premises.

      --
      #fuckbeta #iamslashdot #dicemustdie
    18. Re:He shouldn't be arrested by clone53421 · · Score: 2, Insightful

      He didn’t “steal stuff”, he came in, looked around, disturbed nothing, but took photographs to prove he was there and then published them to let everyone know how easy it was to get in.

      --
      Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
    19. Re:He shouldn't be arrested by geekoid · · Score: 2, Insightful

      It's still trespass.

      Seriously, what would you do if your neighbor picked your lock, took picture of your house and then left?
      Had you left your door open,, Then your point would be valid.

      --
      The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
    20. Re:He shouldn't be arrested by girlintraining · · Score: 2, Insightful

      He didn't "steal stuff", he came in, looked around, disturbed nothing, but took photographs to prove he was there and then published them to let everyone know how easy it was to get in.

      Which is still trespass, and he posted the evidence of his crime publicly. Idiot. If you want to demonstrate the ease of breaking security, then educate people responsibly and ethically. This person did neither.

      --
      #fuckbeta #iamslashdot #dicemustdie
    21. Re:He shouldn't be arrested by Anonymous Coward · · Score: 2, Funny

      My answer to every security question is "I fucked your mother." It goes over real well when someone has to ask you your security question over the phone. Posting anonymously because this is true.

    22. Re:He shouldn't be arrested by clone53421 · · Score: 3, Informative

      Apparently Twitter doesn’t have secret questions at all. You can have a password reset request sent to the registered e-mail address.

      TFA is rather misleading, because what actually happened was the guy broke into a Twitter employee’s Yahoo account (hello Palin! do we never learn?) and then used that Yahoo account to find other information that he shouldn’t have. — according to this article.

      --
      Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
    23. Re:He shouldn't be arrested by BikeHelmet · · Score: 2, Insightful

      No, he's right in this case.

      If he had twittered something, then it'd be different - but this is about as white hat as it gets.

      It's very similar to someone walking around turning doorknobs until he finds a house with an unlocked door, then leaving a note that your door was unlocked and he could've stolen everything.

      It's not accurate to call a security question a "lock". Most sites have mandatory security questions - stuff like your first pet, mother's maiden name, or first school. In this day and age, all that info will be listed on the first page of Google, so unless you make your answer GHS75Y237HERDSNS94 or something, it's not a "lock".

  2. The password by Anonymous Coward · · Score: 5, Funny

    I heard was "Let them eat cake"

  3. Laugh It Off by Anonymous Coward · · Score: 2, Insightful

    They laughed it off when Palin was hacked...Will they laugh now for the POTUS?

    1. Re:Laugh It Off by Anonymous Coward · · Score: 2, Insightful

      That would be in keeping with their two faced sense of outrage.

    2. Re:Laugh It Off by spun · · Score: 2, Insightful

      Who is 'they?'

      --
      - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
  4. The weakest link in any form of security by Sabz5150 · · Score: 3, Insightful

    is always the human being.

    --
    "Who modded this informative? Whoever it is must've been smokin' some of that martian pot!"
  5. Good. by geekoid · · Score: 5, Insightful

    Having a password clearly dictates the intent of the person is not to allow other people to use it.

    If a door is locked, then people know they shouldn't enter and kicking in the door would be a crime... or at least very rude.

    --
    The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
  6. Re:What? by guspasho · · Score: 3, Funny

    I know, I was shocked that they have computers and electricity.

  7. Re:He should've at least posted something. by Starteck81 · · Score: 4, Funny

    I was thinking "Hey guys Global Thermal Nuclear War later this afternoon... just thought you should know."

    --
    "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed H
  8. Re:What? by Anonymous Coward · · Score: 2, Funny

    They have basements in France?

    In France they call them Royale With Cheetos.

  9. Who cares by snowwrestler · · Score: 2, Informative

    What important data is stored within that Twitter account? What crucial lines of communication flow through it?

    --
    Build a man a fire, he's warm for one night. Set him on fire, and he's warm for the rest of his life.
  10. log of 'hacked' password recovery session: by circletimessquare · · Score: 5, Funny

    q: "what city were you born in?"
    a:"honolulu"
    incorrect
    a:"oahu"
    incorrect
    a:"kandahar"
    correct

    q: "what is your political affiliation?"
    a:"democrat"
    incorrect
    a:"centrist"
    incorrect
    a:"fascist"
    correct

    q:"what is your favorite catchphrase?"
    a:"yes we can"
    incorrect
    a:"change we can believe in"
    incorrect
    a:"from each according to his abilities, to each according to his needs"
    correct

    (i love obama and i'm 100% for common sense healthcare reform... i need to make this qualification because some tea party morons out there might actually take my joke seriously)

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
    1. Re:log of 'hacked' password recovery session: by bsDaemon · · Score: 2, Insightful

      Wow... always knew that he was a fascist communist from central Asia. Everything is coming together now! (i hate teabaggers)

    2. Re:log of 'hacked' password recovery session: by bsDaemon · · Score: 4, Interesting

      I used to be a paid functionary of the "conservative" movement. I use the term paid loosely, though, because I made shit for money and no benefits, but was forced to write propaganda against health care reform, even back in 2007. Most of these high-profile people against health care reform, I've met. Eric Cantor, for instance, I've met on several occasions. My hatred for the movement is largely to do with my own shame in having been part of that side of the aisle and actively working against my own interest, as well as that of many, many others of my countrymen. I'm sorry for all the crap that I helped do, but I learned my lesson, left and went on to other things. Maybe hate against movment members on the streets isn't warrented like it is against the party leaders, but I feel really, really bad for them that they either can't or won't realize that they're being manipulated to work against their own interests by the rich and powerful who serve as their puppet masters.

    3. Re:log of 'hacked' password recovery session: by clarkkent09 · · Score: 2, Insightful

      Hmm, so what you are saying is that that you were on the "wrong" side once, and now you are on the "right" side and you are angry that you were made to do dirty work for the wrong side. You are not actually giving any reasons for why one site is right and the other is wrong. If you think carefully about what is really in your long term interest, you will come to the conclusion that it is more economic liberty (which historically means more prosperity for everybody) rather than more government control (even if you are a temporary beneficiary of it). You won't have me arguing that the Republican politicians aren't corrupt, of course they are. But, so are the Democrats. You are the one who wants them to have more power over our lives, not me.

      --
      Negative moral value of force outweighs the positive value of good intentions.
  11. Fake? by moosesocks · · Score: 2, Insightful

    Wouldn't it be fairly trivial to fake those screenshots?

    --
    -- If you try to fail and succeed, which have you done? - Uli's moose
  12. Not "hacking" by bsDaemon · · Score: 3, Insightful

    I don't even see how this can be dignified as "hacking" -- it's not even "script kiddy" in its complexity. If this weren't the President then I doubt it would even be news at all. But is the account even actually Obama's in the sense of, he actually takes the time to post on it himself? Doesn't he have a country to run or something?

  13. Re:And this is why we ONLY SERVE FREEDOM FRIES !! by Anonymous Coward · · Score: 4, Funny

    This is France. Since you don't like our language, we'll be taking it back. Please remove the word 'language' from your post. Merci.

  14. Password recovery methods are stupid by Anonymous Coward · · Score: 2, Insightful

    This is why I type a huge string of random gibberish into those stupid "Password Recovery" sections that ask me questions that any person that does any amount of research into my life can figure out.

    Those things are stupid and the fact that so many sites still use them is completely stupid.

  15. it is simple morality by circletimessquare · · Score: 3, Insightful

    that if you transgress against someone else, you are the problem

    for example: if a bag of cash is sitting wide open and unguarded just inside an open door, you have absolutely 0% right to take it, and you are 100% to blame for the theft: YOU took it, no one told you to. your own poor decision making is the key

    no matter how horrible or nonexistent someone's defenses, when you transgress against them, you are a criminal, you are 100% culpable, you have no excuse, you should be punished, and your morality sucks. plain and simple

    sure, people SHOULD have good defenses. mainly because of all the immoral assholes out there. but even that you knew there were a lot of immoral assholes out there and their behavior is pretty predictable, none of that excuses the actual immoral assholes and their behavior. but another way: stupid is bad, but evil is always worse

    so you need good defenses, but when you are transgressed against, the question of the quality of your defenses is completely besides the point: the immoral asshole needs to be punished

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  16. How? by iprefermuffins · · Score: 2, Interesting

    I'm a little confused how this guy's "hack" worked as described. I just checked Twitter and it doesn't have password recovery questions. And the "forgot password" form offers to send a password reset link to the email address associated with the account, so it's not going to be a way in unless you have access to the email too.

  17. Re:He should've at least posted something. by amliebsch · · Score: 5, Funny

    No, no, no, he should have tweeted:

    "My fellow Americans, I am pleased to tell you today that I have signed legislation that will outlaw France forever. We begin bombing in 5 minutes."

    --
    If you don't know where you are going, you will wind up somewhere else.
  18. Re:too obvious.. by Yetihehe · · Score: 2, Interesting

    If I forgot my password, there is very high possibility that I also forgot this complicated answer. Happened to me once.

    --
    Extreme Programming - Redundant Array of Inexpensive Developers
  19. Re:too obvious.. by Captain+Splendid · · Score: 4, Funny

    My grandmother hasn't been a maiden since 1910

    Suuuure she was. Pretty damn 'lively' from '07-'09 if you consult the outhouse walls.

    --
    Linux, you magnificent bastard, I read the fucking manual!
  20. Re:too obvious.. by Applekid · · Score: 4, Funny

    Why even include anything that relates to your mothers name? Why even give attackers that much? Just provide a 30 character string of random characters.

    Yo, I heard you like passwords, so we're going to protect your password with another password.

    --
    More Twoson than Cupertino
  21. Re:too obvious.. by cmiller173 · · Score: 4, Funny

    That's a great idea! I'm off to the hall of records with a box of matches!

  22. that's kind of funny by circletimessquare · · Score: 4, Insightful

    considering the fact that

    1. vitriolic hatred is pretty much all of the tea party consists of,

    2. sound fiscal responsibility is finally what this health reform delivers,

    3. health care security is unconstitutional only in creative crackpot legal arguments,

    4. and free market principles do not answer every question in life (as the 2008 meltdown demonstrates: you need strong government regulation to keep the markets healthy)

    a capitalist society with social safety nets is clearly and obviously superior in every measurement to the social darwinism i hear you advocating, even if you don't realize that is what you are advocating. free market fundamentalism died in 2008, i guess you didn't get the memo

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  23. Re:notice the last sentence in my comment by Dahamma · · Score: 4, Funny

    I thought the tea party movement was just a bunch of morons. Then I read this:

    http://www.huffingtonpost.com/andy-borowitz/teabaggers-new-cry-mrs-ob_b_508683.html

    Now I think calling them that has just been an insult to morons.

  24. Re:too obvious.. by flabordec · · Score: 2, Funny

    It's not like anyone actually checks that your mom isn't named 'DFER%$^YBNSwerwer4r67786^##$%#%GFH'...

    My long lost brother!

    --
    "I see undead people" Warcraft III - Necromancer
  25. Re:notice the last sentence in my comment by cyberchondriac · · Score: 3, Informative

    Umm.. you're the moron. Borowitz's blog is a joke. Literally. He's a comedian and writer, not a journalist.
    Look again, it's under the "Comedy" section of the HuffingtonPost.
    The only thing the tea party is against from what I've read is that Michelle Obama wants to take away "Happy Meal" toys and their ilk because they "encourage" children to eat poorly. It's not so much the crappy toys, it's the parent's who are too lazy to cook, and drive their kids to a fast food place that are to blame. And of course, all the HFC in everything. Maybe.

    --

    Look back up at my post, now look back down, you're on the Internet. Now look back up. I'm a signature.
  26. Re:too obvious.. by Captain+Splendid · · Score: 2, Funny

    Thanks, you're my first!

    --
    Linux, you magnificent bastard, I read the fucking manual!