Many people who were on Twitter early managed to get awesome, short handles. As Daniel Dennis Jones found out, that also makes those people high-value targets for hackers.
Jones signed up to Twitter several years ago under the username @blanket: a short, memorable name that would make him easy to find. Trouble is, it made it easy for hackers to find him as well.
On Saturday, Jones, digital media producer at the Berkman Center for Internet & Society at Harvard University, found his account had been accessed and his username stolen.
Some digging revealed that the hijacker (calling himself “n0rth”) was selling his username and that several other accounts, such as @tournament and @deluded, had also been swiped recently.
In his investigation, Jones, who has rejoined Twitter as @originalblanket, discovered that the teens who are cracking these accounts (through vulnerable passwords and holes in Twitter’s security) have two goals: They want to make a little cash, and they're trying to impress girls who may wish to take desirable usernames for themselves.
A Storify of Jones’s Skype chat with one of the hijackers is a compelling read, suggesting that Moon, a 14-year-old who has only been cracking accounts for two weeks, is doing so more to probe holes in Twitter’s security system than to make a killing by selling usernames. Moon claimed that he intends to target only inactive accounts and would not want to hurt anyone.
The teen also provided some details on why Twitter accounts are much easier to hijack than those on YouTube: The latter’s CAPTCHA system filters by account name rather than IP address, which is reroutable via proxies.
Jillian C. York, of digital rights advocacy rights group Electronic Frontier Foundation, tweeted a link to Jones’s initial Storify, adding that “This is reason why @Twitter's ‘verified’ status is coveted. Betcha @originalblanket would have his account back by now if he were verified.”
Still, it’s a troubling tale of how easy one can lose a Twitter account into which they’ve poured years of effort.
Correction: The Twitter handle, @murder, was not obtained by the hacker identified as “n0rth.” We regret the error.
Photo by PrincessAshley/Flickr
Japan accepts U.S. giant-robot battle challenge
What a time to be alive.14k
The Philae comet lander may have discovered alien life
Don't get too excited just yet. The findings haven't been verified.5.8k
South Carolina State Senate votes to take down Confederate flag
The vote sets up another vote and then an almost-certain signature by the governor.4.4k
Dancing pool kid is an inspiration to us all
His shimmy is fabulous.0
Too many people were killed by police this year. Here's how to stop it
Community policing works. So why aren't more police departments adopting it?