The hackers say they support Donald Trump.
Two pranksters say they rendered the subreddit, r/SandersforPresident, unusable for four minutes on Sunday night. Their malicious modification to the community’s webpage caused it to devolve into a chaotic spiral of flashing neon.
Moderators rapidly shut down the stunt, but not before some in the community took notice.
“So, short answer: yes; long answer: yes,” Alex Stigler, one of the moderators of Sanders for President, said in an email confirming the breach, “but it was absolutely inconsequential. We’ve been waiting for and expecting such chicanery for a while.”
Sanders for President, which boasts more than 164,000 users, has become one of the independent Vermont senator’s central hubs of online activism. The volunteer community is responsible for helping drive large crowds to Sanders’ presidential campaign stops. Last week, the community raised more than $1 million for the Sanders campaign, and the moderators have instituted myriad tools to help get out the vote for Sanders.
The pranksters, who go by the names boots and Teridax, claimed responsibility for the hack in Twitter direct messages with the Daily Dot on Sunday evening. Boots said that they gained access to a moderator’s account by using a password that was included in the dump of a “particular online streaming service in 2013.” The attacker would not confirm the name of the service, only that “it’s a public dump that’s been on the open Internet since 2013.”
The hijacked moderator account gave the pair access to the subreddits’ CSS code—the underlying data that tells your browser how to display the webpage—into which they injected a modification that crashed the sites’ functionality while still leaving it accessible.
Boots provided screenshots of a moderator’s account and said they had control of an account that was added as a moderator. The name that appears in the screenshots was listed as a moderator of Sanders for President, but the account has since been deleted.
“I’m not sure I’d say that the subreddit was ‘hacked,’ but an account was compromised momentarily,” said Stigler, who also serves as a lead organizer at Grassroots for Sanders. “In that time, they were able to change the CSS such as to render the subreddit unusable; however, as we keep back-ups of everything, the changes were reversed in a matter of minutes.”
Stigler confirmed that Sanders for President mods notified Reddit administrators, who added “additional security measures … as a response.”
In a public post on Sanders for President, the moderators explained what happened.
“Yes, the CSS went haywire for a second. The problem has been fixed,” subreddit moderator writingtoss posted. “Don’t get distracted by trolls.”
Writingtoss later updated the post, confirming that “a moderator’s account was compromised and used to tamper with our CSS. It’s been resolved and proper measures have been taken. Don’t get distracted. 22 hours to Iowa.”
The code that was inserted into the CSS file, making the subreddit unreadable and unusable, came from the r/reubenmchawk subreddit, boots said, which looks like that on purpose.
Screengrab via r/SandersforPresident