Eric Weaver
tried logging in to his Twitter account this summer, but he was locked out. A
hacker had broken into his account and changed the password. But it didn't end
there.
With a little
digging, Weaver found that his Twitter handle -- @weave -- was beingsold
in an online forum at HackForums.net. With more digging, he also found that
software was being sold online to automate the process of quickly hacking
dozens of Twitter accounts.
"I was
surprised this was all happening so openly," said Weaver, an advertising
executive in Seattle. The hackers "are able to operate with seeming
impunity."
Weaver's
experience is not unique. Other Twitter hacking victims have also discovered
that their accounts are for sale in online forums like ForumKorner.com and
HackForums.net, where coveted one-word Twitter handles are sold in bulk for as
little as $10.
This week,
Twitter user Daniel Dennis Jones detailed in a Storify post how his Twitter account -- @blanket -- was
hacked, stolen and put up for sale on the black market. Jones said he
communicated with his hacker, who claimed to be a 14-year-old South Dakota teen
who hacks and sells one-word Twitter accounts. Jones has since regained access
to his account.
Experts say the
underground market for Twitter accounts and the apparent ease with which they
are stolen raises questions about security at the popular micro-blogging site.
Most companies have built systems to prevent hackers from repeatedly guessing
passwords, said Chester Wisniewski, a researcher at cybersecurity firm Sophos.
“Why is Twitter
not doing that?” Wisniewski said. “This has been going on for a long time. It’s
not going away and Twitter doesn’t seem to be doing anything about it.”
Twitter did not
respond to repeated requests for comment.
In his post on Storify, Jones said the teenager who
claimed to be his hacker told him that hackers could mask the IP address of
their location by exploiting a loophole in Twitter security.
Such software --
known as a “Twitter cracker" -- can be easily purchased online.
"It's very
well worth it,” one seller recently said on ForumKorner.com, which was not
working at the time of publication. “With this you can upload more than 10,000
passwords and it automatically checks the login and if it doesn't work it moves on to the
next one.”
Hackers also use
the site to sell the stolen accounts, sometimes in bulk. Last week, a hacker
who went by the name of Gumbo posted a
list of more than 30 recently-stolen Twitter names for sale --
including handles like “gadgetry” and “compadre" -- on ForumKorner.com.
Another hacker
claimed to have stolen the Twitter handle @Fend and vowed
to“begin the bidding at $30.” Still another, who went by the screenname
Spongebob, was selling “a 20-pack of 4 character Twitter handles for $10."
Among the accounts for sale were @Nona, @Pina, @Zala and @Wexa.
Such short,
one-word Twitter handles are in high demand. They are not only easy to
remember, but they also give users a few extra characters to express themselves
within the 140-character limit. Last year, the Wall Street Journal reported that
easy-to-recall Twitter handles like @adam or @megan have become "a stylish
totem in the tech world."
In August, tech
reporter Mat Honan revealed how his digital life was destroyed after
hackers targeted him because of his short, unique Twitter handle -- @mat.
Instead of trying to sell the account, they appeared to use @mat as a platform
to broadcast racist and homophobic messages, Honan wrote.
Rob Bertholf,
who owns the Twitter handle @rob, said his account has never been hacked. But
he suspects hackers often try -- albeit unsuccessfully -- to break into his
account because he receives weekly email notifications from Twitter notifying
him that someone is trying to reset his password.
“No doubt in my
mind that I have been targeted many times,” Bertholf told The Huffington Post.
Weaver, the
Seattle advertising executive, said that after his account was stolen, he was
able to trace his hacker’s identity to a 20-year-old Miami man. He said the
hacker was also selling other accounts: @Bond, @Mock, @Four, @Strung, @545 and
@Mind.
"Selling or
accepting trades only," the
hacker wrote under the screen name "Darent.""I will show
proof to serious buyers."
Weaver said he
contacted Twitter, but did not regain access to his account for three weeks --
and only after a friend called one of his contacts who worked at Twitter.
During that time, his said the name linked to his account was changed to
"Jaimi in Brooklyn."
He said that
getting his account stolen was particularly embarrassing because he is an ad
executive whose work revolves around social media.
"My Twitter
followers are friends and business colleagues," he said. "They were
confused by my sudden fascination with hair, nail and certain R&B
acts."
Weaver said he
has since strengthened his Twitter password by making it 15 characters long and
more complex, but added that the person who he thinks hacked his Twitter
account continues to operate openly online.
“ They're just
bored kids,” he said. "They think they're invincible."
Flickr
photo by shawncampbell.
Source-Huffingtonpost.com
No comments:
Post a Comment