Teenage Twitter systems hacker admits guilt

It doesn’t appear that his motive for hacking Twitter was for financial gain, but it has forced the social network to take a good look at its security processes.

An 18-year old hacker, who managed to breach Twitter's administration systems and take over multiple high-profile accounts, has admitted his guilt.

The teenager, who goes by the handle GMZ, told the Wired Threat Level blog that he broke into Twitter's administrative control panel by using an automated password-guesser program on the account of a popular user.

Advertisement - Article continues below

It turned out that this user was a Twitter support staff member called "Crystal", who had chosen the easy-to-guess password "happiness". He said that breaking into the account was easy as Twitter allowed an unlimited number of rapid log-in guesses.

Using a self-created tool, he used a dictionary program which automatically tried English words and managed to gain access into Crystal's account. He was then able to access any other Twitter account by resetting an account holder's password.

He told Wired in an IM interview: "I feel it's another case of administrators not putting forth effort towards one of the most obvious and overused security flaws. I'm sure they'll find it difficult to admit it."

He didn't use the hacked accounts personally, instead offering hackers in his forum access to any Twitter account by request. This led to the access and defacement of feeds for Barack Obama, Britney Spears, Fox News and Facebook among others.

Advertisement - Article continues below
Advertisement - Article continues below

Twitter confirmed to Wired that the intruder had used a dictionary attack to gain access to the administrative account, although it refused to confirm the other details. It has so far not taken any legal proceedings.

Co-founder Biz Stone did say in a follow-up email that Twitter was doing a "full security review on all access points to Twitter. More immediately, we're strengthening the security surrounding sign-in. We're also restricting access to the support tools for added security."

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now


Policy & legislation

Dems Ask Facebook, Google and Twitter for Coronavirus Disinformation Reports

10 Jul 2020
social media

Twitter job postings point to a new subscription platform

9 Jul 2020

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020

Most Popular

Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020

How to find RAM speed, size and type

24 Jun 2020

The best server solution for your SMB

26 Jun 2020