Computer Crime Research Center

hack/hack100.jpg

Hacker used 'happiness' to access Twitter accounts

Date: January 08, 2009
Source: latimesblogs.latimes.com


The newly notorious Twitter hacker didn't take long to show himself. An 18-year-old cyberpunk who goes by the alias GMZ used password-guessing software to gain entry to a Twitter administrator's account, he told Wired yesterday.

Once inside, he was able to gain access to any Twitter account through the administrative tools, which allowed him to leave mischievous notes under the guise of such noteworthy figures as Barack Obama and Fox News.

What was the secret key for unlocking this seemingly infinite power? Happiness.

The hack victim, a Twitter staffer who goes by the name Crystal on the social network, used that nine-letter word as the password for her account, ignoring just about every rule of smart password choices (for examples, experts suggest avoiding words in the dictionary, varying the letter case and using symbols).

Wired writes:

The intrusion began unfolding Sunday night, when GMZ randomly targeted the Twitter account belonging to a woman identified as "Crystal." He found Crystal only because her name had popped up repeatedly as a follower on a number of Twitter feeds. "I thought she was just a really popular member," he said.

Using a tool he authored himself, he launched a dictionary attack against the account, automatically trying English words. He let the program run overnight, and when he checked the results Monday morning at around 11:00 a.m. Eastern Time, he found he was in Crystal's account.
Add comment  Email to a Friend

Copyright © 2001-2024 Computer Crime Research Center
CCRC logo