- Laura Ingraham mocks Rep. Ilhan Omar’s accent in audio clip Sunday 5:46 PM
- #ExposeChristianSchools goes viral after Karen Pence and Covington Catholic School uproars Sunday 4:37 PM
- People have started laundering money on Fortnite Sunday 3:03 PM
- Cardi B claps back at Tomi Lahren’s sarcastic tweet Sunday 1:25 PM
- Twitter may have exposed Android users’ private tweets Sunday 12:13 PM
- Leave Me Alurn is the ‘SNL’ product we wish existed in real life Sunday 10:06 AM
- How to watch ‘Charmed’ online for free Sunday 9:00 AM
- How to watch Patriots vs. Chiefs online for free Sunday 8:15 AM
- This is the ‘Star Wars’ VR experience you’re looking for Sunday 8:00 AM
- ‘Salt Fat Acid Heat’ takes viewers on a journey through the four building blocks of a great dish Sunday 7:00 AM
- How to tell the deep web from the dark web Sunday 7:00 AM
- How to watch the Saints vs. Rams online for free Sunday 6:15 AM
- How to watch ‘Supergirl’ online for free Sunday 6:00 AM
- How to stream the NFL conference championship games Sunday 5:00 AM
- How to watch Barcelona vs. Leganes online for free Sunday 1:00 AM
There’s a new electronic army in town and, for some reason, it hates esports.
Earlier this week, a number of high-profile communities on social news site Reddit were hacked and defaced. A group calling itself the Nigerian Electronic Army has claimed responsibility.
The list of subreddits that were reportedly hit included the esports gaming forums r/DotA2 and r/LeagueOfLegends, the smartphone discussion group r/Android, and popular general interest subreddits r/pics, /rInternetIsBeautiful, and r/MildlyInteresting.
Here’s what the r/LeagueOfLegends page looked like during the hack:
In a Tuesday post on the r/ModNews subreddit, Reddit system administrator Jason Harvey described how the hack went down:
As you may have noticed yesterday, several big subreddits were defaced. All of the defacements were due to mod accounts being accessed by an attacker. In all cases, the accounts were accessed with a single password try. A very similar break in event happened late last year. The attacker may have been different, but the target and apparent method was the same. Given the circumstances of the breakin, it is likely that the attacker had access to some outside password list. While there are a variety of ways an attacker may try to acquire a person’s login credentials, exploiting password-reuse is the most prevalent and easy attack vector.
Harvey advised moderators to make sure that they’re using strong passwords that aren’t shared across multiple accounts and to take steps to ensure that their personal email addresses and computers are secure.
A r/LeagueOfLegends moderator told the Daily Dot that the page was only affected for a few minutes. “We have a very attentive group of mods here,” the moderator explained, “so the attack didn’t stop us for very long at all.”
On a Twitter account claiming to be operated by the organization associated with the hack, the Nigerian Electronic Army claimed to discovered a zero day exploit (meaning a previously undiscovered hole in the site’s security system) and was attempting to sell information about it for a price. The going rate was apparently a single bitcoin—about $640 USD at the current market price.
If you were curious, yes, the hackers said they accept Dogecoin.
This tactic–breaching a site’s security and then attempting to sell info on how it was done–isn’t an unheard of practice with the hacking world. For example, late last year, a Russian hacker who goes by the name ?HASH” gained access to a BBC and then put that info up for sale on an underground hacking forum.
Previous to this hack, there was scant evidence of the Nigerian Electronic Army’s existence anywhere on the Internet. The group’s Twitter account was only created on Monday and its first tweet was advertising the sale of the Reddit exploit.
The group’s name is likely modeled after that of the Syrian Electronic Army. An an organization of hackers that have compromised the websites of media outlets ranging from CNN to the Associated Press to the Daily Dot
As Harvey mentioned in his note, this incident is not the first time hackers have briefly taken over a subreddit. In 2012, shortly after President Obama’s AMA drew newfound national attention to the site, a group of hackers (likely affiliated with the now-banned “game of trolls” community) overtook the r/IAmA subreddit, deleted legitimate posts, and replaced the standard graphics with pornography.
Illustration by Jason Reed
Aaron Sankin is a former Senior Staff Writer at the Daily Dot who covered the intersection of politics, technology, online privacy, Twitter bots, and the role of dank memes in popular culture. He lives in Seattle, Washington. He joined the Center for Investigative Reporting in 2016.