Teenage Twitter systems hacker admits guilt

It doesn’t appear that his motive for hacking Twitter was for financial gain, but it has forced the social network to take a good look at its security processes.

An 18-year old hacker, who managed to breach Twitter's administration systems and take over multiple high-profile accounts, has admitted his guilt.

The teenager, who goes by the handle GMZ, told the Wired Threat Level blog that he broke into Twitter's administrative control panel by using an automated password-guesser program on the account of a popular user.

It turned out that this user was a Twitter support staff member called "Crystal", who had chosen the easy-to-guess password "happiness". He said that breaking into the account was easy as Twitter allowed an unlimited number of rapid log-in guesses.

Using a self-created tool, he used a dictionary program which automatically tried English words and managed to gain access into Crystal's account. He was then able to access any other Twitter account by resetting an account holder's password.

He told Wired in an IM interview: "I feel it's another case of administrators not putting forth effort towards one of the most obvious and overused security flaws. I'm sure they'll find it difficult to admit it."

He didn't use the hacked accounts personally, instead offering hackers in his forum access to any Twitter account by request. This led to the access and defacement of feeds for Barack Obama, Britney Spears, Fox News and Facebook among others.

Twitter confirmed to Wired that the intruder had used a dictionary attack to gain access to the administrative account, although it refused to confirm the other details. It has so far not taken any legal proceedings.

Co-founder Biz Stone did say in a follow-up email that Twitter was doing a "full security review on all access points to Twitter. More immediately, we're strengthening the security surrounding sign-in. We're also restricting access to the support tools for added security."

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

Twitter, LinkedIn reverse course due to climbing COVID cases
remote access

Twitter, LinkedIn reverse course due to climbing COVID cases

29 Jul 2021
1Password Business review: First choice for business travel and guest accounts
Security

1Password Business review: First choice for business travel and guest accounts

16 Jul 2021
Keeper Security review: Keeps corporate password management simple
Software

Keeper Security review: Keeps corporate password management simple

9 Jul 2021
Dashlane review: A very web-focused password manager
Security

Dashlane review: A very web-focused password manager

2 Jul 2021

Most Popular

The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021