A week after President Obama's visit, Reddit's r/IAmA gets hacked
Reddit’s question and answer forum r/IAmA, has had an interesting week. On the heels of President Obama’s visit, which drew media attention from all over the world and represented probably the biggest moment in the social news site’s history, the massively popular question and answer forum got hacked. Bad.
For about ten minutes Wednesday night—as TV host Joy Behar was answering redditor’s questions—trolls, who’d infiltrated the moderator ranks at r/IAmA, stripped away the section’s customizable design elements and added their own. They replaced the subreddit’s header with porn clearly meant to shock its 1.8 million readers (check out the NSFW screen grabs here). They removed legitimate AMAs, like one from the editor-in-chief of movie review aggregator Rotten Tomatoes. And they bragged. Because basking in attention is what trolling is all about.
The good news for Reddit: r/IAmA’s legitimate moderators—all of whom are volunteers—reacted quickly, restoring order in just a few minutes by removing the troll moderators and taking down the images, though it took about half an hour to fully fix the CSS mess.
How did it happen? According to r/IAmA’s top mod karmanaut, a user impersonated another moderator on the list, and messaged the mod team asking them to add his “alternate account.” That alternate account was, of course, the troll. And as soon as he was added, he had complete control over the subreddit’s customizable features, including design, as well as the power to delete posts and ban users. (An early victim of the troll’s ban was Reddit General Manager Erik Martin).
The perpetrators are most likely members of the “gameoftrolls” crew, a group of redditors who turn trolling into a game, complete with a points systems and leaderboards. Their subreddits have repeatedly been banned by Reddit staff.
Reddit’s most valuable properties—its subreddits—are all run by volunteers. The power structure works like this: Any moderator can add another redditor to the mod list. Every moderator has the exact same powers, except for one crucial difference: Older moderators can remove younger moderators. So the first moderator of a subreddit—usually its creator—can remove anyone else on the mod list. The second moderator to join can remove everyone else except the creator, and so on.
Since the troll was the most recent moderator to be added, each of the legitimate mods had the power to remove him. That’s why the hack was so short-lived.
Reddit staff, meanwhile, have banned all the trolls involved the hack. They’ll be back, though. Reddit’s open system and all-volunteer power structure make it an easy target for manipulative users with too much time on their hands.
Photo by Vilde Lauritzen