Broadband Tech > Security > Security > Yes, I was hacked. Hard.

Yes, I was hacked. Hard.

Targeted attack?

Cudni

Gizmodo Twitter Account Hacked by Clan VV3 (Video)
Clan VV3, a group of hackers that specializes in “jacking” Twitter and YouTube accounts, has managed to take over the profile of tech news website Gizmodo.

Apparently, it all started when the hackers compromised the iCloud account of Mat Honan, a former Gizmodo employee. According to Honan, that allowed them to take over his Google and Twitter accounts.

Since his Twitter account had been linked at some point to the one of Gizmodo, the members of Clan VV3 were able to gain access to that one as well and started publishing their own tweets.

Unfortunately for Honan, the hackers also wiped the data from his iPhone, iPad and MacBook Air, most of it being lost, probably for good.

“I still can’t get into Gmail. My phone and iPads are down (but are restoring). Apple tells me that the remote wipe is likely irrecoverable without serious forensics. Because I’m a jerk who doesn’t back up data, I’ve lost at more than a year’s worth of photos, emails, documents, and more. And, really, who knows what else,” he wrote in a blog post.

After everything was sorted out, Gizmodo regained access to the account and provided the 416,000 followers with a brief explanation as to what happened.

“To be clear, a former Gizmodo employee's Twitter account appears to have been hacked, and that is how those tweets appeared on,” read a post made by Gizmodo after the account had been recovered.

“Apologies to those who saw those tweets. And now back to our regularly scheduled programming.”

As far as Clan VV3 is concerned, the list of Twitter accounts they’ve compromised in the past, according to their website, is impressive. It includes the accounts of Tami Roman (664,000 followers) Whitney Cummings (659,000 followers), Booker Huffman (300,000 followers) and many more.

They also managed to compromise the YouTube accounts of MabeInAmerica and Yonas.

»news.softpedia.com/news/Gizmodo-···37.shtml
--
Gladiator Security Forum
»www.gladiator-antivirus.com/

reply to Name Game
Oh shit! That hurts, BAD!

I've been nailed once for my own stupidity of putting my voip PBX on an internet facing network and forgot about it. Very similar stream of beginning "oddities" until it starts to make sense and to your horror you realize what's going on.

I kept getting international calls on my home phone (Which was the outgoing CID of my PBX). Most of which couldn't understand me, and seemed quite irate. This was really strange as it started one night out of the blue. No weirdness on my voip line or any other clues to something going on. It wasn't until the next day (And probably a dozen or so calls later) that I got an email from my SIP provider saying they want money NOW.

Turns out the bastards managed to drill my prepaid account into the negative by holding up so many simultaneous talk paths to crazy countries. The billing only counted once the calls were ended.

To make matters worse, my PBX actually recorded these Indian (At least that's the origin of one of the languages they were confirmed speaking) fuckers playing with my switch once they got control of it. You could hear them sitting in front of a blasting TV, drinking booze, and smoking up (Yes it was part of their conversation).

So needless to say the weird calls I was getting, were from the targeted callees who saw my CID and called me back wondering what the hell was going on. These guys would call, and play an automated "You've won a trip, please hold" B.S. and some music to hopefully pacify the callee for as long as possible.

All in all I had to pay a couple hundred $$ back to my SIP provider for the charges.

PUKES! I feel for ya man, I really do!

reply to Name Game

reply to Name Game
I personally don't think they brute forced into iCloud .

»www.facebook.com/gizmodo/posts/4···ments=20

How to access OS X's built in password generator! (self.apple)
submitted 2 hours ago* by TheVloginator
In light of the recent iCloud user getting hacked and thus all his devices being wiped, people should re-think their current password on iCloud and on other sites. But there's a few problems: You don't trust online password generators or you don't want to pay for a password managing program. That is no longer a problem! OS X has a BUILT IN completely random password generator!! And here's how to access it:
1) Go into finder and search "Keychain Access"
2) Open the program, and if necessary click the lock in the upper left hand corner and enter your system password to access the application
3) Now that you can fully access the application, on the bottom of the window click on the little "+" symbol
4) Now in the window it created, next to the "Password" box, click on the image of the key
5) And there you go! Your very own OS X built in password generator! You can choose from the drop-down menu different options of passwords.
And the best part is that it works with Keychain!

»www.reddit.com/r/apple/comments/···nerator/

reply to Name Game
Dude seriously, this board supports quoting using the [bquote]stuff here[/bquote] tag. Please use it, I have absolutely no idea what's your words or what you just ripped from elsewhere. I find this WAY more annoying then all caps. Here's an example:

Have any comments on the story..or are you just policing today.
Click on the links and you will be ok.

Try that edit.. you don't like stories happening in real time with offsite links.. hey ok by me.

complaining even after you read a disclaimer cracks me up..but then neither of you really ever start topics in the Forums.

reply to Name Game
There's nothing like having a single point of vulnerability that links to multiple systems that only have cloud backups.

reply to Name Game

reply to Name Game

reply to Snowy

reply to Snowy
Big problem with this forum is that on the first page one sees the Title and the poster in this form. Yes, I was hacked. Hard. by Name Game So if one honors the article and does not change the title...people at our forum are already geared to think the wrong way..."by" should be taken out of the equation.

reply to Snowy

said by Snowy:

said by Name Game:

complaining even after you read a disclaimer cracks me up..but then neither of you really ever start topics in the Forums.

Editing a post after the person it was directed at has responded doesn't crack me up -
Yeah, I don't start threads, especially just cut-n-paste threads where I don't bother to take a minute to clarify what I'm cutting n-pasting.

reply to Name Game

Off topic:

To you both deciding to post against the topic.
• First I could ask for moderation of your cause as another user here.
• Secondly, NameGame posts a lot more than most and keeps half of the conversation going, so show a little understanding for a very concerned person who posts everywhere, not just here.
• Thirdly, if you notice the first post is always a dup off the link, then the next post will be discussion. Maybe not the best, but are you then going to nail antdude for posting only links off links for topic starters? Remember these are topic starters, not an initial discussion on a posted link. On this note I did fall into your category a little till I read more, heck some even get told to go and use google - not very friendly.
• You have all been here long enough to use PM?

I'm just glad the stories are getting here for the read, however the topic is started. Maybe a discussion in these in helping plan a better site?
»Site Feature Requests
»Forum Feature Requests
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke

reply to Name Game
So we guess that a weak password was cracked?
Or the site has an exploitable hole unknown at present?
The computer was hacked and the user keeps passwords stored in the standard locations in password caches of applications?

Scary, we are vulnerable to a lot more than the average user even cares for, and just hope it is all sorted and really serious personal data isn't exploited down the road, it is the biggest worry to me, outside of course, those sites that does store my data.
And remember most of you security people understand all too well, IT costs are non-profitable, which does not help the cause at any level.

I remember an email to me a few years back when a concerned person told me my password was listed off a hacked site on the internet. Luckily that password was only used on old sites and the credit card if they did get that much info no longer exists - still, I was glad someone I did not know had the time to email me, 200,000 users hacked, they would have had a hard time emailing everyone.

Best of luck, and hope Mat learns from this.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke