Teenage Twitter systems hacker admits guilt

It doesn’t appear that his motive for hacking Twitter was for financial gain, but it has forced the social network to take a good look at its security processes.

An 18-year old hacker, who managed to breach Twitter's administration systems and take over multiple high-profile accounts, has admitted his guilt.

The teenager, who goes by the handle GMZ, told the Wired Threat Level blog that he broke into Twitter's administrative control panel by using an automated password-guesser program on the account of a popular user.

It turned out that this user was a Twitter support staff member called "Crystal", who had chosen the easy-to-guess password "happiness". He said that breaking into the account was easy as Twitter allowed an unlimited number of rapid log-in guesses.

Using a self-created tool, he used a dictionary program which automatically tried English words and managed to gain access into Crystal's account. He was then able to access any other Twitter account by resetting an account holder's password.

He told Wired in an IM interview: "I feel it's another case of administrators not putting forth effort towards one of the most obvious and overused security flaws. I'm sure they'll find it difficult to admit it."

He didn't use the hacked accounts personally, instead offering hackers in his forum access to any Twitter account by request. This led to the access and defacement of feeds for Barack Obama, Britney Spears, Fox News and Facebook among others.

Twitter confirmed to Wired that the intruder had used a dictionary attack to gain access to the administrative account, although it refused to confirm the other details. It has so far not taken any legal proceedings.

Co-founder Biz Stone did say in a follow-up email that Twitter was doing a "full security review on all access points to Twitter. More immediately, we're strengthening the security surrounding sign-in. We're also restricting access to the support tools for added security."

Featured Resources

Humility in AI: Building trustworthy and ethical AI systems

How humble AI can help safeguard your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Leadership compass: Privileged Access Management

Securing privileged accounts in a high-risk environment

Download now

Why you need to include the cloud in your disaster recovery plan

Preserving data for business success

Download now

Recommended

Canon employee data exposed in ransomware attack
ransomware

Canon employee data exposed in ransomware attack

1 Dec 2020
Hackers could trick scientists into making deadly toxins
hacking

Hackers could trick scientists into making deadly toxins

30 Nov 2020
Pennsylvania county shells out a $500K ransom to recover stolen data
ransomware

Pennsylvania county shells out a $500K ransom to recover stolen data

30 Nov 2020
What is AES encryption?
Advanced Encryption Standard (AES)

What is AES encryption?

30 Nov 2020

Most Popular

What is phishing?
phishing

What is phishing?

25 Nov 2020
Huawei Mate 40 Pro 5G review: A tragically brilliant Mate
Mobile Phones

Huawei Mate 40 Pro 5G review: A tragically brilliant Mate

26 Nov 2020
Samsung Galaxy Note might be discontinued in 2021
Mobile Phones

Samsung Galaxy Note might be discontinued in 2021

1 Dec 2020