Could You Be Hacked Like Twitter?
Using a method known as "cracking," the man who goes by the name Hacker Croll was able to break down Twitter security by trolling the Web for publicly available information, according to TechCrunch.
Mon, July 20, 2009
PC World — The French hacker who broke into Twitter's Google Apps and stole more than 300 private company documents has revealed in detail how he did it. Using a method known as "cracking," the man who goes by the name Hacker Croll was able to break down Twitter security by trolling the Web for publicly available information, according to TechCrunch. Eventually, Croll found one weakness many of us are guilty of -- using one password for everything -- and Twitter's security was compromised. Read on to see how Hacker Croll did it, and consider whether access to your digital life could be breached by his methods.
Croll Cracks Twitter
Hacker Croll started by building a profile of his target company, in this case Twitter. Basically, he assembled a list of employees, their positions within the company, and their associated e-mail addresses. After the basic information was accumulated, Croll built a small profile for each employee with their birth date, names of pets, and so on. After Croll had created these profiles, he just went about knocking on doors until one fell down. That's exactly what happened when he did a password recovery process for a Twitter employee's personal Gmail account. Croll discovered that the secondary account attached to this person's Gmail was a Hotmail account. The problem was that Hotmail account had been deleted and recycled due to inactivity -- a longstanding policy on Hotmail. Now, all Hacker Croll had to do was reregister the Hotmail account for himself, go back and do the Gmail password recovery, and then Gmail sent the password reset information straight to the bad guy. But it's not over yet. Gmail asked Hacker Croll to reset the password of the Twitter employee's personal e-mail account, which he did. But now the original user was locked out of their account, which would send up an obvious red flag. So all Croll did was search the Gmail account itself for passwords from the person's other active services. Then he entered a commonly used password he'd found, and waited to see if the person began using their account normally. Croll now had access to the Gmail account from behind the scenes, and was able to access information undetected. Making life even eaiser, the Twitter employee used the same password on her business and personal accounts, so the hacker now had access to both, and the rest was history.
Are You Vulnerable to the Same Crack?