There was a bit of a buzz on the 10th anniversary of 9/11 when the NBC News Twitter account was hacking and started posting updates regarding a repeated terrorist attack against ground zero.
It only lasted a few minutes but as the account has 120,000 followers – it caused quite a stir. It’s not known how the hackers who call themselves ‘Script Kiddies’ got access to the account, but my guess would be social engineering.
Hackers calling themselves the Script Kiddies took control of the NBC News Twitter account on Friday afternoon and used it to send out a series of hoax Twitter messages claiming there was a repeat terrorist attack on New York’s Ground Zero.
The Script Kiddies had control of the account, which has more than 120,000 followers, for about 10 minutes before it was suspended. During that time they sent three messages stating that hijackers had crashed two airplanes on the site of the Sept. 11, 2001, terrorist attacks. “This is not a joke, Ground Zero has just been attacked. We’re attempting to get reporters on the scene. #groundzeroattacked.” said one of the messages.
Then, a minute later, perhaps sensing that the jig was up, they wrote. “NBCNEWS hacked by The Script Kiddies. Follow them at @s_kiddies!”
That s_kiddies Twitter account was immediately suspended, but according to a cached version of the page, the group describes themselves as “Anonymous Supporters :: Hackers :: Exploiting simplistic methods with hilarious results :: Occasionally doing it for teh lulz :: We are The Script Kiddies.”
The hack was brought to an abrupt end fairly shortly and the perpetrators own Twitter account was also suspended – @s_kiddies.
No major damage was done, but it does interest me as to how this was achieved – it has happened numerous times to celebrities on Twitter. I would have thought a fairly serious news organization would have better controls and processes in place though.
This hack doesn’t have anything to do with the Anonymous group though, it seems to be for the lulz more than anything else.
This type of account compromise is a regular occurrence on Twitter, although it is typically celebrities, and not trusted news organizations, that fall victim. Often the accounts are taken over following a phishing attack. Script Kiddies did not respond to an email asking them how they managed to take over the NBC News account.
Script kiddies is a hacking term, referring to technically unsophisticated hackers who rely on automated scripts rather than hacking wiles to conduct their online attacks.
Friday wasn’t exactly a gold star day for accuracy on Twitter. Earlier in the day, an account associated with CBS News show “What’s Trending” erroneously posted a Twitter message citing rumors that Apple founder Steve Jobs had died. That message was quickly deleted and “What’s Trending” apologized.
I guess this may well be the new Web2.0 version of defacement for a new generation of Script Kiddies – breaking into high profile Twitter/Facebook accounts and spamming them with humorous or offensive updates.
I don’t think there will be any more to this story than what has already been published, I’m sure we’ll see many more similar cases in the future though.
Source: Network World
Bogwitch says
So a new player in the ‘hack-for-publicity’ camp?
At least they’re honest about what they’re doing. Using simple tools that are available to all and sundry, not writing their own exploit code.
did they social engineer to get the password or brute-force it? Who cares. It was a wetware issue one way or another.
I don’t expect s_kiddies will stay around for too long and if they do, perhaps they’ll only boast about hacking non-twitter sites on twitter; it seems that twitter aren’t keen to have their own site affected…