You may have heard the news about ISIS twitter accounts hacked in light of the Orlando shootings. I am wondering how can it happen so fast (just 2 days after the incident) and what kind of technique did the hacker possibly use?
Asked
Active
Viewed 2,505 times
-1
-
1Probably a list of the top worst passwords. – Alexander O'Mara Jun 16 '16 at 00:09
1 Answers
6
First, don't assume that it was just one "hacker". Anonymous is a pretty large group, and they could have coordinated the activity. For all we know, the Anonymous user that tweeted about the hacked accounts could be a spokeperson, rather than a "hacker".
Second, the attackers reportedly hacked into
dozens of accounts
and, although we cannot know for sure the number of pro-Daesh Twitter accounts, they are likely more than one thousand. If the attack was coordinated, they could have attempted to hack into all the accounts they knew within 48 hours from the Orlando shootings, in which case dozens of breached accounts wouldn't be a really impressive figure.
There are several ways to hack into Twitter accounts, but the three most likely methods used in this case are:
relying on older breaches: a few days ago (June, 8th) a list of 32 million Twitter credentials appeared in the dark web. It is not clear when the leak occurred, but it is possible that someone found, in the list of passwords, those of pro-Daesh accounts. Note that Anonymous had already identified thousands of terrorist accounts, so it would be just a matter of cross-referencing already existing data;
dictionary attacks: a lot of users - perhaps including terrorists - use predictable passwords. Although Twitter locks accounts after a certain number of login attempts, the attackers could have simply moved to another account. Remember that there are at least 1,000 pro-Daesh accounts, and it is likely that at least the 0.2% used weak, predictable passwords;
phishing: terrorists are now being more careful with emails and other means of online communication, but it is possible that some of them fell for the classic phishing email, asking to login in a fake page.
A. Darwin
- 3,562
- 2
- 15
- 26
-
Is it confirmed that the Twitter breach was real and not just a fake? Regardless, I agree that older breaches with reused password is a possible explanation. – Anders Jun 16 '16 at 07:42
-
1@Anders [Twitter stated](https://blog.twitter.com/2016/keeping-your-account-safe) "In each of the recent password disclosures, we cross-checked the data with our records. As a result, a number of Twitter accounts were identified for extra protection. Accounts with direct password exposure were locked and require a password reset by the account owner". They don't explicitly refer to the June, 8th breach but it occurred just 2 days before this statement. Anyway, I wouldn't certainly be surprised if the "breach" was true, although I cannot personally prove it. – A. Darwin Jun 16 '16 at 07:54
-
Could someone explain the downvote? I'd like to know if there's something wrong with my answer. – A. Darwin Jun 18 '16 at 08:58