Read the full post at darknet.org.uk
Read the full post at darknet.org.uk
Two days ago, Ars ran a syndicated story by software developer Naoki Hiroshima on how his potentially valuable Twitter handle was stolen (the story originally appeared on Medium). Hiroshima described a painful ordeal wherein an attacker extracted credit card information from his PayPal account, used that information to reset the login credentials for Hiroshima's GoDaddy account, and then modified the domain's MX records (the set of DNS entries that tell everyone else on the Internet where to send that domain's e-mail) away from Hiroshima's servers to their own. The attacker also appeared to have modified a number of other details of Hiroshima's GoDaddy account, making it impossible for Hiroshima to gain access. The attacker then attempted to reset the password to Hiroshima's Twitter account, "@N," but was unsuccessful.
Unable to gain access to the @N account, the attacker then e-mailed Hiroshima and threatened to take action against Hiroshima's website's domains unless he changed his Twitter handle to something else, allowing the attacker to assume the "@N" handle—which he would then presumably sell.
Hiroshima attempted to regain access to his GoDaddy account, but GoDaddy wouldn't restore his access, because Hiroshima no longer appeared to be the legitimate owner of the account. Even involving a GoDaddy executive didn't appear to fix things. A day later, after further threats from the attacker, Hiroshima surrendered the @N handle, and the attacker promptly sent Hiroshima his GoDaddy login credentials. It was a successful hostage exchange, as such things go, but Hiroshima found himself victimized with no apparent recourse other than acceding to the attacker's demands.
This article originally appeared on Medium.com: How I Lost My $50,000 Twitter Username
I had a rare Twitter username, @N. Yep, just one letter. I've been offered as much as $50,000 for it. People have tried to steal it. Password reset instructions are a regular sight in my e-mail inbox. As of today, I no longer control @N. I was extorted into giving it up.
While eating lunch on January 20, 2014, I received a text message from PayPal for a one-time validation code. Somebody was trying to steal my PayPal account. I ignored it and continued eating.
These days when there’s trouble on the internet, there’s usually someone at the ready to jump up and take (or assign) blame for whatever went wrong, nevermind the facts. It can mean free publicity for your cause — whether it’s killing laws like SOPA or beefing up the federal budget for cyber security.
Sometimes it doesn’t take much more than a tweet and a Pastebin post to get a serious amount of free publicity. So in the spirit of yesterday’s GoDaddy incident where a random Twitter handle claimed to have downed the hosting giant, here are five great hacks that never happened — despite what you might have learned from the media.
1. GoDaddy Gets PwndDaddied
With millions of customers feeling the pain of downtime, the DDoS attack on GoDaddy.com made the internet service provider’s onetime support of SOPA a conversation topic from coast to coast.
GoDaddy’s DNS went out of commission for about six hours, starting at 10 a.m. Pacific Monday. With no way for computers on the internet to look up GoDaddy’s customers, e-mail and websites went down.
Take for instance the online retailer RunningShoes.com. The outage cost the company somewhere between $10,000 and $20,0000, says CEO Chad Weinman. “It’s devastating. We’re absolutely dependent on that site for our revenue,” he says.
On Twitter, the culprit soon reared his ugly head. A hacker named Anonymous Own3r (the self-proclaimed “Security leader of #Anonymous,” thank you very much) had taken GoDaddy down with a withering distributed denial of service attack, so stealthy that security companies could find no trace of it on the internet.
The Huffington Post quickly connected the dots, clued in by an Anonymous source. “This is a warning shot,” the HuffPo wrote.
A warning shot that was muffled somewhat the next day when GoDaddy, embarrassingly, admitted that it had screwed up its DNS routing tables. The hacker’s proof that he had stolen proprietary GoDaddy source code? A simple Google search showed it was open source.
2. Twitter Gets Its Wings Clipped
As Justin Bieber and cat lovers know, there is nothing that can silence the Twitterverse. Nothing except for a cunning hacker, that is.
And that’s who stepped gracefully into the news cycle on June 21 this year when Twitter went down for an awful 40 minutes.
When the perp stepped forward, it was the UGNazi crew who had previously DDoSed the NASDAQ and the CIA.
UGNazi was soon getting mad press in outlets such as the Telegraph, Mashable, and Slate.
But the press bubble was popped the next day when Twitter admitted that its own admins had somehow torpedoed the site.
“This wasn’t due to a hack or our new office or Euro 2012 or GIF avatars, as some have speculated today,” Twitter reported on its company blog. The culprit: a “cascading bug.” That’s Twitter-speak for “everything went wrong all at once.”
3. Fuck the FBI Friday
It was the greatest Anonymous operation of all. A systematic campaign of terror against the Man. Every Friday, the Antisec wing of Anonymous would drop a treasure trove of documents, shining a merciless light on the secret plans of law enforcement, government agencies and big corporations around the world.
The pump was primed and the dox were about to flow. The dumps would happen every Friday, and Antisec had already loaded up enough inventory to fill five months of Fuck the FBI Fridays. “Yes, each and every Friday we will be launching attacks,” the Antisec member told Wired, “with the specific purpose of wiping as many corrupt corporate and government systems off our internet.”
There was only one snag. Less than two weeks later, law enforcement swooped in and arrested 25 alleged Anonymous members. After that, Fuck the FBI Friday simply folded.
4. Brazil Goes Dark
Do you remember where you were when 60 Minutes ran its chilling November 2009 report on cybersecurity? One of the bombshell revelations in the report was news that hackers had broken into the local power grid in September 2007, leaving more than 3 million people in the dark in the state of Espirito Santo.
This was the perfect storm that cyberwar hawks had been dreaming of. An attack on computers that took out physical infrastructure.
60 Minutes‘ report was a little light on sourcing. In fact, it didn’t name a single one of its “half-dozen” intelligence community sources behind the allegation.
A quick check with Brazilian regulators cleared things up, though. Shortly after the report aired, Wired reviewed reports on the incident written by Brazil’s independent systems operator group and the National Agency for Electric Energy.
The source of the outage? Soot on the insulators.
5. Tango Down Internet
The Name: Operation Global Blackout
The Group: Anonymous
The Target: The internet’s 13 root servers
The Date: The day before April Fool’s, 2012
It was a brilliant plan, but in retrospect the timing of the attack may have been a clue.
In an anonymous Pastebin post, Operation Global Blackout pledged to use a genuinely scary attack — known as DNS amplification to take out the root servers that serve as the authoritative sources linking up internet protocol addresses to human-readable domain name system addresses such as Wired.com.
“By cutting these off the Internet, nobody will be able to perform a domain name lookup, thus,” the Global Blackouters said. “Anybody entering ‘http://www.google.com’ or ANY other url, will get an error page, thus, they will think the Internet is down.”
Anonymous operatives quickly distanced themselves from the event, which came and went like a bad joke.
Know any #vaporhacks we missed? Drop them in the comments.