One thing that didn’t make a lot of sense about the 33 celebrity Twitter accounts hacked this morning - the messages left on the various accounts weren’t consistent and were clearly written by different people with different agendas.
Fox News got “Breaking: Bill O Riley is gay,” and Rick Sanchez from CNN got “I am high on crack right now might not be coming into work today.” But other Twitter accounts had links to sites to generate affiliate revenue. Facebook’s Twitter account had a message pointing to getlaid.info (now shut down), which redirected to a porn site. President Elect Barack Obama’s account had a link to a site that offered a $500 gas card for taking a survey. Both had affiliate links associated with them.
Why were some sites simply defaced while others used to generate affiliate fees? It all seems to point back to one person that goes by “Gmz” on a hacker site called Digital Gangster (this site was also where Miley Cyrus photos were posted after they were taken from her hacked Gmail account). Gmz, says a source, obtained the account credentials for the Twitter accounts and then posted them on DigitalGanster. It was removed shortly afterward, but not before others grabbed the information and started to post on the various sites.
A later post on Digital Gangster asked “Who did it?” Gmz chimed into the thread, saying “That guy must have been a very generous individual. To hand out accounts rather than use that for profit. Could it be enough for respect or just enough for that user to be identified as an “idiot”?”
I’ve emailed Gmz from my new Digital Gangster account to confirm that he originally posted the credentials and I can’t wait to read his unlikely response. Twitter, of course, could follow up with Digital Gangster via their attorneys or the police and get access to that information. And it should be very easy to track the people who posted affiliate links on hacked Twitter accounts - just contact the affiliate companies and follow the money.
I wouldn’t be surprised if arrests were made in connection with all the Twitter drama this morning, once all this plays out.
See all
Post
Well, that’s one way to get an email from Arrington!
Eh, Twitter is old hat.
Not to worry this hacker was not that dumb after all and nothing will happen to the hacker. Twitter can do nothing even with an army of attorneys nor is there ANY LAW in the USA to protect Twitter from any hackers. The FBI will not even lift their little pinky finger unless Twitter can prove that at least 1 million dollars was lost or stolen from Twitter by the hacker. If you can’t prove the lose then there is NO CASE…Case closed! SORRY but those are the FACTS.
I suspect the prat fools at Twply.
I wouldn’t necessarily point the finger at Twply, but considering the number of 3rd party Twitter services that store user credentials, it’s not too far fetched to assume a Twitter employee with > user level access inadvertently gave someone the keys to the palace.
As far as I’m concerned, every 3rd party Twitter service that deals with user credentials should be approached with caution. It truly amazes me how many people easily give up their credentials. Especially considering that people tend to reuse passwords across web services.
It’s getting to the point that I dread visiting the homepage.
Make a resolution for 2009 to lose some of the page weight and the excess clutter.
http://www.jugargame.com/
What’s this, talking out of your ass? Oh yes, that’s surely it.
Seriously, you only have moronic comments to base your opinion on what the previous owner of Twply did.. You have no reliable proof to back up your sheep response. So STFU.
Wasn’t me.
Create or join a crunchie’s chat group at http://groups.im/
This guy probably at least used a proxy, but like in the Palin email case, the proxy guys are going to be happy to assist the law when heat comes their way.
the ones that drop affiliate links were real idiots.
not if they know what they’re doing…
But obviously they don’t… So I guess that makes them idiots…
Bad deed + even worse plan = idiot
The guy posted a whole bunch of links to digitalgangster.com on the @huffpost account. They got deleted pretty quickly though.
Would love to see the Secret Service shoot this guy trying to apprehend - Darwin Award all over it
Takes one to know one.
I doubt that someone with access to those accounts can be that dumb to get caught that easily. I’m sure that it is not as straight forward as it seems.
following money from an affiliate account to a bank account is tremendously straightforward.
what he’s saying is he thinks the affiliate links are designed to throw investigators off his/her trail.
and forging affiliate links to different people who were completely uninvolved isn’t something anyone would do to create plausible deniability …
c’mon think more than one step ahead
you guys watch too many movies. seriously.
Not movies, just a bit of common sense really.
Maybe they hoped to make some quick money.
The smart ones would promote affiliate accounts of other innocents and hack those accounts to get the money out. Now all they need is a list of affiliate account logins. Oh heck, you could have made a bunch of money legitimately by that time!
The most complex crimes are often foiled stupid mistakes. Makes for great reading, I can’t wait to find out more.
Nah.. digital money has to be deposited at a bank to be converted to physical currency. Even if they transfer it to paypal, paypal still requires a verified bank account to send the funds. If they opt to have paypal send a check instead, theres still the name and physical address factors. It seems a rather overly elaborate scheme to go so far as to obtain fake ID’s, open a bank account under said credentials, then setup a paypal account under the same name, just for a one-time affiliate scam. Obviously the name’s going to be flagged, accounts closed, and its definitely not going to be as much as it cost them to setup in the first place.
Far too many breadcrumbs left behind here. I’m sure the Hacker(s) are already sitting in a white room with no windows being questioned at this very moment.
I don’t buy it. I feel like you are kind of pissed at them for doing this. You quote someone else calling the person who did it an idiot and go on to say the plan was lame and easy to track.
why would i be pissed at someone for giving us such a great story? this is gold.
Do the math and figure out how much money this story made TC and chip in on their bail.
They’re going to need it.
These hackers are always tech smart, and street dumb. They are usually too young to know they are not as smart as they think they are. They will be caught if they haven’t already been.
You can follow the Rich Famous and Notable on twitter on http://twitter.com/richandfamous
Is that you, John-Boy?!
you guys are hilarious!!!!
ohhh… we need to catch the bad guys who hacked twitter!!!
ohhh!!!
you forget… sarah palin had her email account hacked.. totally different than hacking a website. not that someone won’t complain… but this is nowhere near the crime of ripping off personal information, ie, let’s rip off a few thousand credit card records!!! which will get authorities after your ass!!!!
but you guys keep thinking that twitter is really important!!
yeah.. right….
Are you referring to the “personal information” that was scrutinized because she shouldn’t have been using Yahoo email for government correspondence? In her case, Yahoo wasn’t really hacked, but her hint/password combo was available for anyone who knew certain details about her.
Also, as for myself, I haven’t made up my mind about these “bad guys.” I’m guessing it was probably some bored or awkward young man who loves messing with technology and thought attention would be pretty cool. Sucks to be him. Maybe I’m wrong, but stories like this interest me.
lol. i used to do this kind of shit back in the day.
digital gangster is whack with a bunch of script kiddies. if you even took a minute to read some of the replies in the stickied thread, you’d see that someone mentioned it was a dictionary list. twitter probably doesn’t (or didn’t) have a rate limit on the # of attempts for logins so they created a simple program and loaded a pwl to crack the accounts.
that or there was another exploit.. but to call these kids hackers is giving them too much credit.
Incorrect.
The site became overrun by wannabe script kiddies following all of the other major media coverage of the site due to the Miley thing & some other hacks & defacements that were attributed to the site.
Surely this will bring a new influx.
Oh yeah, I am sure the local authorities have nothing better to do than track down the criminal masterminds behind this devious plot. I would be horrified to learn if even one day of police resources were wasted on this non-issue. I mean, they do have real crimes to solve, which does not include finding the guy who hacked into Rick Sanchez’s Twitter account just to prove that he did.
oh and what kills me is all the idiots commenting to this article who mention that they “ARE BEING QUESTIONED RIGHT THIS MOMENT IN A WHITE WALL WITH NO WINDOWS OOOHH OOOH PEEKA BOO ZOMG”
who the fuck wants to actively pursue some script kiddies on a bunk ass service that can’t even get their code secure and acts like they are a gift from the internet gods to the public.
if you ask me, it HELPED twitter more than harmed them because it showed them that they need to be up on their code.
and to stop using rails.
“Arrested by morning”
You give the government waaaay too much credit. Ever get in a car accident and call the cops? Then wait 4 hours for a car to show up?
But you’re right, I’m sure they woke up the top dogs and judges and started requesting information from IPs to track down these horrendous criminals that posted funny comments on some peoples blogs.
By the way everyone, head on over to DG to celebrate the new years with us! Doin it big this time around! <3
Mostly agree with op here. While there are many different theories about the affiliate links being a decoy or being easy to trace. The fact is there is a trail to follow to the guy who originally posted the credentials, whether proxies were used or not. You really have to be a fool to hack something of this magnitude and then post about it on a forums. Kind of mornonic if you ask me.
You guys always get so worked up… It’s cute! Somebody let the kitten out to clean up all this spilt milk, would you?
Dmz didn’t count on six Texas Rangers busting him…
Gmz*
I like how there are now 500+ guests floating around the DG forums now.
Some 14 year old kid is getting one hell of a kick out of all this.
Someone needs to send him his 4 Internets as a prize, he’s earnt it.
wack man.
I just do it, now!
Today…
Ha, one guy is behind it all?
Hacking - it’s what hackers do. Hopefully Twitter will be the better for it and have a tighter security.
Thanks for finding the source, T/C!
did gmz target bigfoot as well?
After a spate of high-profile Twitter accounts were hacked, Bigfoot became the next victim.
Weekly World News was able to screen-capture the fake update before it was deleted, which announced, “nessie is gay”.
http://www.weeklyworldnews.com.....er-hacked/
i had an open session in which i discovered my email had been changed to awdeoh@hotmail.com - i did a quick search on google and got this page on digital gangster- http://tinyurl.com/8f6×7c where it looks like someone was giving out invites to something back in september and the username ‘audio’ looks to be tied to that email address. the hacker did not post or send any messages from my account (@jim), but did change my password and email- which i am trying to get twitter support to fix.
Wow dude that is way too cool.
Jess
http://www.web-privacy.pro.tc
THEN WHO WAS PHONE?
You guys really have digitalgangster.com all wrong. ITS NOT ABOUT HACKING. Nor is it about kiddie scripts. Nor is it about Miley Cyrus. The forum was originally created as a way for us digital deviants to exchange grannysecks photos under the front of being a tough web hacking community. The front helped keep our true cause secret. Soon thereafter we got tired of grannysecks and moved onto bigger and better things (mainly poz loads). Today our biggest commitment in the innanets is making sure everyone knows that gay thug love is okay and there are many others out there just like you. So if you find yourself watchign Tupac videos and thinking…”Wheres my gay thug…??” Head on over to DG, home of the gayest thug love on the ‘net.
stop sucking ytcracker’s shlong. fool used to spam and hang out in pr: darkside and other lame aim rooms days ago.
dg is a joke.
lol nignog whatchu know about PR_LEET and darkcyde
omg dg is a joke and ytcracka is so geh he used 2 like totally chat in aim chatz omg u guys r all fucken faggetz!111!1!!! >:O
ps granny sex poz loads in ya buns ya flippin homo
Tonight.. LIVE CONFERENCE WITH PHONE CALLS TO CELEBRITY HACKERS WHO DONT EXPECT WE HAVE OWNED THEM AND KNOW WHO THEY ARE.
DON’T MISS THIS ONE. JOIN #ADMIN ON EFNET TONIGHT.. 10PM EASTERN
/SERVER IRC.EFNET.ORG
/JOIN #ADMIN
I was one of the 33 accounts that were hacked and Twitter promptly assisted me in getting my account back. Why I was lumped in with celebrities is a bit of a mystery, but I do admin a prominent website, Newgrounds.com. As an admin there are people who would not like me because I have spoiled their fun (abuse) on our website. One of these people probably got a hold of the information posted on this hacker site and used it to mess with my Twitter account. I believe it was more than 1 person behind the hacks.
Well, one of the guys on DigitalGangster just gave details about the hack on his blog at http://trainreqlol.org/ and a video of the hack was posted on Youtube.
Please remove the Miley Cirus link, I though it was to a story not to the pics. Jesus christ whats wrong with you people, why do you even have that link saved?
thats not a link to MiCy shit. its about the stupidness of wannebe hackers. the MiCy hacker as well as the twitter hacker GMZ are in fact miscalled hackers, get it. twitter was hacked by simple dictionary bruteforce attack on an admin account. twitter response to that is phishing, lol
I thought Digital Gangster was a site for sharing pictures of your pet hamsters and talking about gay sex at the Burning Man whilst smoking “purp.”
maybe this is the guy who created the phisher. http://eslice.it/twitter-phisher-available/
Must have been so easy for them considering how laid back Twitter has been about security. I drew a cartoon to express what I think about this whole mess: http://www.jonin60seconds.com/.....hacks.html
Hah.
Not to worry this hacker was not that dumb after all and nothing will happen to the hacker. Twitter can do nothing even with an army of attorneys nor is there ANY LAW in the USA to protect Twitter from any hackers. The FBI will not even lift their little pinky finger unless Twitter can prove that at least 1 million dollars was lost or stolen from Twitter by the hacker. If you can’t prove the lose then there is NO CASE…Case closed! SORRY but those are the FACTS.
eh, twiter is old hat
Free adult webcamming.
Prick!!!!! I applaud digital gangsters, this net belongs to those who know how to use it. Not to some corporate companies who use it to increase their popularity and viewer ratings so they can feed them lies and propaganda. I say down with all social networking sites and say to all the hackers to keep fighting the good fight, spread your knowledge, and train the next generation of hackers so that they can keep this net clear of FCC mother F*****s. The net is a world wide web and belongs to the people who know what they are doing on it and shouldn’t be used for feeding lies. DARK SQUAD
If you know how to do it f*** em up. Script kiddies, junior league, or not , terrorize the net.
PS sue me if you dont like me. You ain’t going ot get shit any way.
seems like Twitter technical team is on a long sleep dream of big bucks.
Tips to prevent Twitter account from Hackers -
http://newzburp.com/2009/05/pr.....m-hackers/
Time to take the matters in your hands