- Chaotic good, true neutral: The 2020 Democrat alignment chart Today 6:30 AM
- How to stream Mexico vs. Brazil live in the U-17 World Cup final Today 3:00 AM
- Influencer gets prison time for performing illegal cosmetic procedures on followers Saturday 5:13 PM
- Parent immediately regrets baby monitor after seeing ‘possessed’ baby Saturday 3:53 PM
- Buttigieg used Kenyan stock photo to promote plan for Black America Saturday 2:29 PM
- Disney+ is the best streaming service for families available today Saturday 1:43 PM
- Netflix to amend Nazi docuseries after being accused of rewriting history Saturday 1:09 PM
- Everything you need to know about TikTok Saturday 1:00 PM
- Screaming drummer girl steals hearts with passionate Nirvana cover Saturday 12:50 PM
- The Kardashians receiving backlash for food fight Instagram post Saturday 10:26 AM
- How to stream Artem Lobov vs. Jason Knight in BKFC Saturday 9:00 AM
- Lizzo sued by Postmates runner she accused of stealing her food Saturday 8:39 AM
- How to stream Jan Blachowicz vs. Ronaldo ‘Jacare’ Souza on UFC Fight Night Saturday 8:00 AM
- How to watch Georgia vs. Auburn live Saturday 6:30 AM
- How to stream Navy vs. Notre Dame live Saturday 3:30 AM
‘Nigerian Electronic Army’ hacks Reddit
There’s a new electronic army in town and, for some reason, it hates esports.
Earlier this week, a number of high-profile communities on social news site Reddit were hacked and defaced. A group calling itself the Nigerian Electronic Army has claimed responsibility.
The list of subreddits that were reportedly hit included the esports gaming forums r/DotA2 and r/LeagueOfLegends, the smartphone discussion group r/Android, and popular general interest subreddits r/pics, /rInternetIsBeautiful, and r/MildlyInteresting.
Here’s what the r/LeagueOfLegends page looked like during the hack:
In a Tuesday post on the r/ModNews subreddit, Reddit system administrator Jason Harvey described how the hack went down:
As you may have noticed yesterday, several big subreddits were defaced. All of the defacements were due to mod accounts being accessed by an attacker. In all cases, the accounts were accessed with a single password try. A very similar break in event happened late last year. The attacker may have been different, but the target and apparent method was the same. Given the circumstances of the breakin, it is likely that the attacker had access to some outside password list. While there are a variety of ways an attacker may try to acquire a person’s login credentials, exploiting password-reuse is the most prevalent and easy attack vector.
Harvey advised moderators to make sure that they’re using strong passwords that aren’t shared across multiple accounts and to take steps to ensure that their personal email addresses and computers are secure.
A r/LeagueOfLegends moderator told the Daily Dot that the page was only affected for a few minutes. “We have a very attentive group of mods here,” the moderator explained, “so the attack didn’t stop us for very long at all.”
On a Twitter account claiming to be operated by the organization associated with the hack, the Nigerian Electronic Army claimed to discovered a zero day exploit (meaning a previously undiscovered hole in the site’s security system) and was attempting to sell information about it for a price. The going rate was apparently a single bitcoin—about $640 USD at the current market price.
If you were curious, yes, the hackers said they accept Dogecoin.
This tactic–breaching a site’s security and then attempting to sell info on how it was done–isn’t an unheard of practice with the hacking world. For example, late last year, a Russian hacker who goes by the name ?HASH” gained access to a BBC and then put that info up for sale on an underground hacking forum.
Previous to this hack, there was scant evidence of the Nigerian Electronic Army’s existence anywhere on the Internet. The group’s Twitter account was only created on Monday and its first tweet was advertising the sale of the Reddit exploit.
The group’s name is likely modeled after that of the Syrian Electronic Army. An an organization of hackers that have compromised the websites of media outlets ranging from CNN to the Associated Press to the Daily Dot
As Harvey mentioned in his note, this incident is not the first time hackers have briefly taken over a subreddit. In 2012, shortly after President Obama’s AMA drew newfound national attention to the site, a group of hackers (likely affiliated with the now-banned “game of trolls” community) overtook the r/IAmA subreddit, deleted legitimate posts, and replaced the standard graphics with pornography.
Illustration by Jason Reed
Aaron Sankin is a former Senior Staff Writer at the Daily Dot who covered the intersection of politics, technology, online privacy, Twitter bots, and the role of dank memes in popular culture. He lives in Seattle, Washington. He joined the Center for Investigative Reporting in 2016.