- Alex Jones questions reported suicide of Sandy Hook father Tuesday 9:59 PM
- ‘You were at my wedding Denise’ is the newest clapback for instant regret Tuesday 6:42 PM
- This viral video of Pope Francis not letting anyone kiss his hand is weird Tuesday 6:04 PM
- What does the EU’s Copyright Directive mean for the future of the internet? Tuesday 5:16 PM
- The LGBTQ and Black communities deserve real answers about the Jussie Smollett case Tuesday 3:51 PM
- The Jussie Smollett-Trump collusion discourse is a condescending Wonka meme come to life Tuesday 3:47 PM
- Even teachers are in on TikTok’s #hitthewoah Tuesday 2:49 PM
- Editor’s history of calling trans people ‘frauds’ shines light on Economist’s transphobic tweet Tuesday 2:24 PM
- New ‘Avengers: Endgame’ posters reveal the fates of several Marvel characters Tuesday 2:12 PM
- Man pleads guilty to stealing over $100 million from Facebook, Google Tuesday 12:59 PM
- Washington Post under fire for transphobic cartoon about the Mueller Report Tuesday 12:33 PM
- Congressman quotes ‘Mein Kampf’ on House floor Tuesday 11:55 AM
- Rapper Tone Loc detained after confronting teen in Confederate flag hat Tuesday 11:37 AM
- Sarah Sanders shares Mueller Madness bracket Tuesday 10:19 AM
- NASA postpones all-women spacewalk over lack of suits that fit the female astronauts Tuesday 10:17 AM
There’s a new electronic army in town and, for some reason, it hates esports.
Earlier this week, a number of high-profile communities on social news site Reddit were hacked and defaced. A group calling itself the Nigerian Electronic Army has claimed responsibility.
The list of subreddits that were reportedly hit included the esports gaming forums r/DotA2 and r/LeagueOfLegends, the smartphone discussion group r/Android, and popular general interest subreddits r/pics, /rInternetIsBeautiful, and r/MildlyInteresting.
Here’s what the r/LeagueOfLegends page looked like during the hack:
In a Tuesday post on the r/ModNews subreddit, Reddit system administrator Jason Harvey described how the hack went down:
As you may have noticed yesterday, several big subreddits were defaced. All of the defacements were due to mod accounts being accessed by an attacker. In all cases, the accounts were accessed with a single password try. A very similar break in event happened late last year. The attacker may have been different, but the target and apparent method was the same. Given the circumstances of the breakin, it is likely that the attacker had access to some outside password list. While there are a variety of ways an attacker may try to acquire a person’s login credentials, exploiting password-reuse is the most prevalent and easy attack vector.
Harvey advised moderators to make sure that they’re using strong passwords that aren’t shared across multiple accounts and to take steps to ensure that their personal email addresses and computers are secure.
A r/LeagueOfLegends moderator told the Daily Dot that the page was only affected for a few minutes. “We have a very attentive group of mods here,” the moderator explained, “so the attack didn’t stop us for very long at all.”
On a Twitter account claiming to be operated by the organization associated with the hack, the Nigerian Electronic Army claimed to discovered a zero day exploit (meaning a previously undiscovered hole in the site’s security system) and was attempting to sell information about it for a price. The going rate was apparently a single bitcoin—about $640 USD at the current market price.
If you were curious, yes, the hackers said they accept Dogecoin.
This tactic–breaching a site’s security and then attempting to sell info on how it was done–isn’t an unheard of practice with the hacking world. For example, late last year, a Russian hacker who goes by the name ?HASH” gained access to a BBC and then put that info up for sale on an underground hacking forum.
Previous to this hack, there was scant evidence of the Nigerian Electronic Army’s existence anywhere on the Internet. The group’s Twitter account was only created on Monday and its first tweet was advertising the sale of the Reddit exploit.
The group’s name is likely modeled after that of the Syrian Electronic Army. An an organization of hackers that have compromised the websites of media outlets ranging from CNN to the Associated Press to the Daily Dot
As Harvey mentioned in his note, this incident is not the first time hackers have briefly taken over a subreddit. In 2012, shortly after President Obama’s AMA drew newfound national attention to the site, a group of hackers (likely affiliated with the now-banned “game of trolls” community) overtook the r/IAmA subreddit, deleted legitimate posts, and replaced the standard graphics with pornography.
Illustration by Jason Reed
Aaron Sankin is a former Senior Staff Writer at the Daily Dot who covered the intersection of politics, technology, online privacy, Twitter bots, and the role of dank memes in popular culture. He lives in Seattle, Washington. He joined the Center for Investigative Reporting in 2016.