- Pro-MAGA pageant queen stripped of title over ‘offensive’ tweets 5 Years Ago
- Marvel unveiled its Phase 4 plans at San Diego Comic-Con Today 9:16 AM
- How a queer Instagram is helping fight the opioid epidemic in Appalachia Today 6:30 AM
- Philadelphia to fire 13 officers for racist, violent Facebook posts Saturday 6:12 PM
- Nick Offerman is so down to play every single role in ‘Cats’ Saturday 4:27 PM
- Woman documents how airport staff broke her wheelchair Saturday 3:04 PM
- Funeral home allegedly posted photos of woman’s dead body on social media Saturday 1:56 PM
- Alinity Divine is being investigated after throwing her cat during stream (updated) Saturday 12:04 PM
- ‘Comedians In Cars Getting Coffee’ returns with Seinfeld making a racist joke about China Saturday 10:26 AM
- YouTubers Eugenia Cooney and Shane Dawson make a joint comeback Saturday 9:06 AM
- The crushing effects of Trump’s abortion ‘gag rule’ on healthcare Saturday 8:00 AM
- How to live stream Pacquiao vs. Thurman Saturday 6:20 AM
- Review: Hulu with Live TV ensures you always have something to watch Saturday 6:00 AM
- How to live stream UFC on ESPN 4: Rafael dos Anjos vs. Leon Edwards Saturday 5:49 AM
- 2020 Democrats refuse to answer our questions about ‘Cats’ Friday 4:14 PM
There’s a new electronic army in town and, for some reason, it hates esports.
Earlier this week, a number of high-profile communities on social news site Reddit were hacked and defaced. A group calling itself the Nigerian Electronic Army has claimed responsibility.
The list of subreddits that were reportedly hit included the esports gaming forums r/DotA2 and r/LeagueOfLegends, the smartphone discussion group r/Android, and popular general interest subreddits r/pics, /rInternetIsBeautiful, and r/MildlyInteresting.
Here’s what the r/LeagueOfLegends page looked like during the hack:
In a Tuesday post on the r/ModNews subreddit, Reddit system administrator Jason Harvey described how the hack went down:
As you may have noticed yesterday, several big subreddits were defaced. All of the defacements were due to mod accounts being accessed by an attacker. In all cases, the accounts were accessed with a single password try. A very similar break in event happened late last year. The attacker may have been different, but the target and apparent method was the same. Given the circumstances of the breakin, it is likely that the attacker had access to some outside password list. While there are a variety of ways an attacker may try to acquire a person’s login credentials, exploiting password-reuse is the most prevalent and easy attack vector.
Harvey advised moderators to make sure that they’re using strong passwords that aren’t shared across multiple accounts and to take steps to ensure that their personal email addresses and computers are secure.
A r/LeagueOfLegends moderator told the Daily Dot that the page was only affected for a few minutes. “We have a very attentive group of mods here,” the moderator explained, “so the attack didn’t stop us for very long at all.”
On a Twitter account claiming to be operated by the organization associated with the hack, the Nigerian Electronic Army claimed to discovered a zero day exploit (meaning a previously undiscovered hole in the site’s security system) and was attempting to sell information about it for a price. The going rate was apparently a single bitcoin—about $640 USD at the current market price.
If you were curious, yes, the hackers said they accept Dogecoin.
This tactic–breaching a site’s security and then attempting to sell info on how it was done–isn’t an unheard of practice with the hacking world. For example, late last year, a Russian hacker who goes by the name ?HASH” gained access to a BBC and then put that info up for sale on an underground hacking forum.
Previous to this hack, there was scant evidence of the Nigerian Electronic Army’s existence anywhere on the Internet. The group’s Twitter account was only created on Monday and its first tweet was advertising the sale of the Reddit exploit.
The group’s name is likely modeled after that of the Syrian Electronic Army. An an organization of hackers that have compromised the websites of media outlets ranging from CNN to the Associated Press to the Daily Dot
As Harvey mentioned in his note, this incident is not the first time hackers have briefly taken over a subreddit. In 2012, shortly after President Obama’s AMA drew newfound national attention to the site, a group of hackers (likely affiliated with the now-banned “game of trolls” community) overtook the r/IAmA subreddit, deleted legitimate posts, and replaced the standard graphics with pornography.
Illustration by Jason Reed
Aaron Sankin is a former Senior Staff Writer at the Daily Dot who covered the intersection of politics, technology, online privacy, Twitter bots, and the role of dank memes in popular culture. He lives in Seattle, Washington. He joined the Center for Investigative Reporting in 2016.