dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
5814
share rss forum feed


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

2 edits

4 recommendations

Yes, I was hacked. Hard.

see here..

»www.emptyage.com/post/2867987559···ked-hard

»honan.net/

DISCLAIMER: Name Game is not Mat...just posting this since I am sure Mat would not want it to happen to others. He is also looking for answers and help if you have suggestions.

--
Gladiator Security Forum
»www.gladiator-antivirus.com/


Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
kudos:13
Targeted attack?

Cudni


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 recommendation

Gizmodo Twitter Account Hacked by Clan VV3 (Video)
Clan VV3, a group of hackers that specializes in “jacking” Twitter and YouTube accounts, has managed to take over the profile of tech news website Gizmodo.

Apparently, it all started when the hackers compromised the iCloud account of Mat Honan, a former Gizmodo employee. According to Honan, that allowed them to take over his Google and Twitter accounts.

Since his Twitter account had been linked at some point to the one of Gizmodo, the members of Clan VV3 were able to gain access to that one as well and started publishing their own tweets.

Unfortunately for Honan, the hackers also wiped the data from his iPhone, iPad and MacBook Air, most of it being lost, probably for good.

“I still can’t get into Gmail. My phone and iPads are down (but are restoring). Apple tells me that the remote wipe is likely irrecoverable without serious forensics. Because I’m a jerk who doesn’t back up data, I’ve lost at more than a year’s worth of photos, emails, documents, and more. And, really, who knows what else,” he wrote in a blog post.

After everything was sorted out, Gizmodo regained access to the account and provided the 416,000 followers with a brief explanation as to what happened.

“To be clear, a former Gizmodo employee's Twitter account appears to have been hacked, and that is how those tweets appeared on,” read a post made by Gizmodo after the account had been recovered.

“Apologies to those who saw those tweets. And now back to our regularly scheduled programming.”

As far as Clan VV3 is concerned, the list of Twitter accounts they’ve compromised in the past, according to their website, is impressive. It includes the accounts of Tami Roman (664,000 followers) Whitney Cummings (659,000 followers), Booker Huffman (300,000 followers) and many more.

They also managed to compromise the YouTube accounts of MabeInAmerica and Yonas.

»news.softpedia.com/news/Gizmodo-···37.shtml
--
Gladiator Security Forum
»www.gladiator-antivirus.com/

voxframe

join:2010-08-02

1 recommendation

reply to Name Game
Oh shit! That hurts, BAD!

I've been nailed once for my own stupidity of putting my voip PBX on an internet facing network and forgot about it. Very similar stream of beginning "oddities" until it starts to make sense and to your horror you realize what's going on.

I kept getting international calls on my home phone (Which was the outgoing CID of my PBX). Most of which couldn't understand me, and seemed quite irate. This was really strange as it started one night out of the blue. No weirdness on my voip line or any other clues to something going on. It wasn't until the next day (And probably a dozen or so calls later) that I got an email from my SIP provider saying they want money NOW.

Turns out the bastards managed to drill my prepaid account into the negative by holding up so many simultaneous talk paths to crazy countries. The billing only counted once the calls were ended.

To make matters worse, my PBX actually recorded these Indian (At least that's the origin of one of the languages they were confirmed speaking) fuckers playing with my switch once they got control of it. You could hear them sitting in front of a blasting TV, drinking booze, and smoking up (Yes it was part of their conversation).

So needless to say the weird calls I was getting, were from the targeted callees who saw my CID and called me back wondering what the hell was going on. These guys would call, and play an automated "You've won a trip, please hold" B.S. and some music to hopefully pacify the callee for as long as possible.

All in all I had to pay a couple hundred $$ back to my SIP provider for the charges.

PUKES! I feel for ya man, I really do!


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to Name Game
How @Gizmodo Got Hacked and How You Should Defend Yourself

If you follow Gizmodo on Twitter, you may have noticed our account started spewing some garbage last night. We got hacked. Here's how it happened, and some steps you can take to keep it from happening to you.

The weak link in the security chain turned out to be the seven digit alphanumeric password to our good buddy and former contributor Mat Honan's iCloud account. After presumably brute-forcing his way into iCloud, the nefarious hacker was able change the password and gain access to Mat's Google account, remote wipe his Macbook Air, iPhone, and iPad, get into his Twitter, and then use that to access ours. While we managed to snatch our Twitter account back from the claws of evil, Mat's been having a bit more trouble. You can read more about his harrowing tale on his blog.

As awful as getting hacked always is, it's a learning experience. So what can you do to help avoid a similar fate? A few things.

See more here on suggestions
»gizmodo.com/5931828/how-gizmodo-···yourself
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 edit

1 recommendation

reply to Name Game
I personally don't think they brute forced into iCloud .

»www.facebook.com/gizmodo/posts/4···ments=20

How to access OS X's built in password generator! (self.apple)
submitted 2 hours ago* by TheVloginator
In light of the recent iCloud user getting hacked and thus all his devices being wiped, people should re-think their current password on iCloud and on other sites. But there's a few problems: You don't trust online password generators or you don't want to pay for a password managing program. That is no longer a problem! OS X has a BUILT IN completely random password generator!! And here's how to access it:
1) Go into finder and search "Keychain Access"
2) Open the program, and if necessary click the lock in the upper left hand corner and enter your system password to access the application
3) Now that you can fully access the application, on the bottom of the window click on the little "+" symbol
4) Now in the window it created, next to the "Password" box, click on the image of the key
5) And there you go! Your very own OS X built in password generator! You can choose from the drop-down menu different options of passwords.
And the best part is that it works with Keychain!

»www.reddit.com/r/apple/comments/···nerator/


Rocky67
Pencil Neck Geek
Premium
join:2005-01-13
Orange, CA
said by Name Game:

I personally don't think they brute forced into iCloud .

I don't believe it either. I think they got in some much easier way. I don't suppose we'll ever find out the real story.
--
Panic is the new patriotism


mackey
Premium
join:2007-08-20
kudos:12

3 recommendations

reply to Name Game
Dude seriously, this board supports quoting using the [bquote]stuff here[/bquote] tag. Please use it, I have absolutely no idea what's your words or what you just ripped from elsewhere. I find this WAY more annoying then all caps. Here's an example:

This is an example quote. The thread »Yes, I was hacked. Hard.. could really use some quoting.

If you wanted to get really fancy you could even use the [bquote=some user] form to let us know who it is you're quoting.

/M


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
Have any comments on the story..or are you just policing today.
Click on the links and you will be ok.


Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Time Warner Cable
·Clearwire Wireless

2 recommendations

said by Name Game:

Have any comments on the story..or are you just policing today.
Click on the links and you will be ok.

I've got the same problem as mackey See Profile has with your quoting (or lack thereof) & I don't see commenting on it as 'policing' at all.
Just because you know who or what you're quoting it doesn't mean anyone else does.
Do us a favor, quote as if it matters that your understood without having to click links. It's very doable, a little more work on your part but if it's too much work - just start less threads with offsite links - quality over quantity - now you have a legit 'policing' complaint.


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

3 edits
Try that edit.. you don't like stories happening in real time with offsite links.. hey ok by me.

complaining even after you read a disclaimer cracks me up..but then neither of you really ever start topics in the Forums.


EGeezer
zichrona livracha
Premium
join:2002-08-04
Midwest
kudos:8
reply to Name Game
There's nothing like having a single point of vulnerability that links to multiple systems that only have cloud backups.


Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Time Warner Cable
·Clearwire Wireless
reply to Name Game
said by Name Game:

Try that edit.. you don't like stories happening in real time with offsite links.. hey ok by me.

I appreciate the effort.
Part of my concern over who is being is quoted can be illustrated with this thread.
If it were *you* that were hacked hard I'd be very interested in the matter whereas my interest in a Mat Honan, a former Gizmodo employee being hacked hard is of no interest to me.
I shouldn't have to click a link to find out that you are quoting someone as opposed to writing in the first person, IMO.


Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Time Warner Cable
·Clearwire Wireless

1 recommendation

reply to Name Game
said by Name Game:

complaining even after you read a disclaimer cracks me up..but then neither of you really ever start topics in the Forums.

Editing a post after the person it was directed at has responded doesn't crack me up -
Yeah, I don't start threads, especially just cut-n-paste threads where I don't bother to take a minute to clarify what I'm cutting n-pasting.


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to Snowy
I understand..but you did not have to click since the disclaimer was there and still is.. so you knew who was the first person with the dangling participle ... and what was on second...now I have not been hacked or harmed..but facebook has modifed my gizmo to protect the public.


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to Snowy
Big problem with this forum is that on the first page one sees the Title and the poster in this form. Yes, I was hacked. Hard. by Name Game So if one honors the article and does not change the title...people at our forum are already geared to think the wrong way..."by" should be taken out of the equation.


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to Snowy
said by Snowy:

said by Name Game:

complaining even after you read a disclaimer cracks me up..but then neither of you really ever start topics in the Forums.

Editing a post after the person it was directed at has responded doesn't crack me up -
Yeah, I don't start threads, especially just cut-n-paste threads where I don't bother to take a minute to clarify what I'm cutting n-pasting.

Hmmmm...Last edit on that post was done at 8:16PM..you then posted at 8:22PM .. 6 min later...maybe you have a sticky cache ???
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Time Warner Cable
·Clearwire Wireless
reply to Name Game
said by Name Game:

Big problem with this forum is that on the first page one sees the Title and the poster in this form. Yes, I was hacked. Hard. by Name Game So if one honors the article and does not change the title...people at our forum are already geared to think the wrong way..."by" should be taken out of the equation.

That would be a valid point IMO except for the fact that there's only 1 poster who I have a continuing problem of de-cyphering just who it is their talking about.


norwegian
Premium
join:2005-02-15
Outback

1 recommendation

Off topic:

To you both deciding to post against the topic.
• First I could ask for moderation of your cause as another user here.
• Secondly, NameGame posts a lot more than most and keeps half of the conversation going, so show a little understanding for a very concerned person who posts everywhere, not just here.
• Thirdly, if you notice the first post is always a dup off the link, then the next post will be discussion. Maybe not the best, but are you then going to nail antdude See Profile for posting only links off links for topic starters? Remember these are topic starters, not an initial discussion on a posted link. On this note I did fall into your category a little till I read more, heck some even get told to go and use google - not very friendly.
• You have all been here long enough to use PM?

I'm just glad the stories are getting here for the read, however the topic is started. Maybe a discussion in these in helping plan a better site?
»Feedback
»Feedback
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke



norwegian
Premium
join:2005-02-15
Outback
reply to Name Game
So we guess that a weak password was cracked?
Or the site has an exploitable hole unknown at present?
The computer was hacked and the user keeps passwords stored in the standard locations in password caches of applications?

Scary, we are vulnerable to a lot more than the average user even cares for, and just hope it is all sorted and really serious personal data isn't exploited down the road, it is the biggest worry to me, outside of course, those sites that does store my data.
And remember most of you security people understand all too well, IT costs are non-profitable, which does not help the cause at any level.

I remember an email to me a few years back when a concerned person told me my password was listed off a hacked site on the internet. Luckily that password was only used on old sites and the credit card if they did get that much info no longer exists - still, I was glad someone I did not know had the time to email me, 200,000 users hacked, they would have had a hard time emailing everyone.

Best of luck, and hope Mat learns from this.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke



Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Time Warner Cable
·Clearwire Wireless
reply to norwegian
said by norwegian:

Off topic:...

You put a lot of effort into all that, appreciated.
Too bad it's not as factual as it might seem at a glance.
e.g.,
said by Name Game:

How @Gizmodo Got Hacked and How You Should Defend Yourself

If you follow Gizmodo on Twitter, you may have noticed our account started spewing some garbage last night. We got hacked. Here's how it happened, and some steps you can take to keep it from happening to you.

That's the 5th entry in this thread & the OP is still talking as if he experienced the event in the 1st person.
As I've mentioned earlier, if the OP can't keep his threads straight then maybe he should focus more on quality than quantity.
btw, I seldom have a problem knowing who it's about in antdude See Profile's threads.


norwegian
Premium
join:2005-02-15
Outback

1 edit
Point taken, and guess we will have all our posts deleted shortly.

I tend to think it was the title that frustrated you both more than the content and how it was posted. You can come here hoping to help the user sort problems out, only to feel you have wasted your time?

A simple title change may of helped initially?

We all are very concerned over personal accounts being hacked and passionate to the point we jump in hoping to get the user helped as soon as possible. I'm no different and doubt anyone else here is. But PM is better than messing up what I consider a very important topic for newbies, regulars and another person wanting info or help.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke



EGeezer
zichrona livracha
Premium
join:2002-08-04
Midwest
kudos:8
reply to Name Game
I like to use quote tags and find them helpful in presentation, but I have other foibles.

Life is too precious to spend it worrying about them.

Carry on!


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 edit
reply to Snowy
Soo funny..I'll try to ask all the people who put out info on the net to please not do it in first person because snowy might think someone else wrote it...put it this way..if I post a link with info above it..the info came from that link..if there is additional words posted and you don't find them in the link then they are most likely mine...if you don't want to read the link..then stuff it..I could care less.

I personally read antdude's threads and links..but many time never read the entire link since hold no interest..but would be nice if more info was given in the posting.

I post stuff that interests me..if it is not your cup of tea..try another with milk.
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Time Warner Cable
·Clearwire Wireless
said by Name Game:

...put it this way..if I post a link with info above it..the info came from that link..if there is additional words posted and you don't find them in the link then they are most likely mine...

Oh, the name game formula for understanding who it is he refers to.
Everyone else usually uses the block quotes but you require a personal way of de-chypering who is being quoted.
Quality will always trump quantity when it comes to posting.
If you don't believe that, consider a mindless script could outpost you all day long but it couldn't match the quality of a properly block quoted post.
You're capable of showing more intelligence than a script, I don't understand your reluctance.


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
You got it..hell of a lot better than having to force another member to pull up info in quotes themselves just to get the thread going and make a comment That might be even considered by some a rude.

»Facebook's Facial Recognition Draws US Senate Scrutiny

At least now you can throw out some one liners without even reading the links..but truth be know you do read links since in the past you have posted numerous time in threads with just links.

Now..in the link I have posted wxboss had to work over time just to make a comment...and you might be better at this than I..but I have no idea what wxboss is saying or posting..but seems to be OK..
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Time Warner Cable
·Clearwire Wireless
You can continue to blame the forums formatting of threads & keep whining that "Well Johnny does it", but I've made my point, I'm done with this thread.
Now go get the last word in, it's an expected event.


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

2 edits
said by Snowy:

You can continue to blame the forums formatting of threads & keep whining that "Well Johnny does it", but I've made my point, I'm done with this thread.
Now go get the last word in, it's an expected event.

I am confused..was that your italic quote...Johnny thingie..or did you borrow it ? Got a link ?

»cameronmoll.com/archives/2008/06···italics/

And you never really started the thread... it was about
Yes, I was hacked. Hard.

..... you just started your own posting within the thread...but for you I guess that means you are done with a thread you started.


DannyZ
Gentoo Fanboy
Premium
join:2003-01-29
Erie, PA

2 recommendations

reply to Rocky67
said by Rocky67:

said by Name Game:

I personally don't think they brute forced into iCloud .

I don't believe it either. I think they got in some much easier way. I don't suppose we'll ever find out the real story.

Here's the update from his tumblr:
quote:
Update Three: I know how it was done now. Confirmed with both the hacker and Apple. It wasn’t password related. They got in via Apple tech support and some clever social engineering that let them bypass security questions. Apple has my Macbook and is trying to recover the data. I’m back in all my accounts that I know I was locked out of. Still trying to figure out where else they were.
--
Out the 10BaseT, through the modem, down the co-ax, over the fiber, across the backhaul, past the edge router, off the network...nothing but net

tholly911

join:2012-05-30
Pasadena, TX
Now that's a great reply!

You used quotes to build up forum members and the usage of the quotes provided great clarity.

The update itself is valuable information. I am not an Apple and am curious about the Apple tech support being used nefariously. Hopefully more details will be provided ... because as the storyline now rests, I get a sense something is very wrong with that tech support? Here's why:

quote:
Apple tells me that the remote wipe is likely irrecoverable without serious forensics. Because I’m a jerk who doesn’t back up data, I’ve lost at more than a year’s worth of photos, emails, documents, and more. And, really, who knows what else.
Is "remote wipe" a reformat hard drive command? I guess when a user allows remote troubleshooting ... they give someone absolutely total control of the computer. Should the "social engineering" trickery be revealed? Which is greater: The benefit of doing so to help prevent others from being suckered; or, the harm caused by teaching the next generation of hackers.

Mat Honan says the hacker is now in contact with him? How bizarre and brazen! What a hoot if the culprit gets caught.