• Our Solutions
• Customers
• Partners
• News & Events
• Blog
  • Latest Blog Posts
  • About the Authors
  • Subscribe to Blog via Email
• Company
• Resource Center

January 9, 2009

Social Networking Abuse – Twitter Hack on Youtube

The embed video below shows teenage hacker CMZ walking through his attack on Twitter using a brute force password attack. CMZ exploited the fact that Twitter did not put time-outs on login attempts by running a series of dictionary attacks against the admins account to correctly determine the password as ‘Happiness’. The admin’s details were posted on digitalgangster, which were then used to send spam through Barack Obama and Britney Spears accounts.

This kind of brute force attack using a guessed user name and password generator by a teenager should send chills down any company that thinks that a user name and password is sufficient to keep their crown jewels safe.

Device Intelligence and Device Identification can’t fix bad admin security practice but many social networks are now turning to the device as a form of transparent two-factor authentication to determine whether an account is being accessed from an unauthorized computer, or to detect when the same computer is accessing multiple unrelated accounts.

Posted by Alisdair Faulkner Categories: Account Compromise. Device Identification. Social Networks. Web Application Security

Leave a Comment

Click here to cancel reply.

Name (required)

Mail (will not be published) (required)

Website

• < Previous Article

• Translator

  

• Share Our Posts

• Subscribe

  Subscribe Via Email
  Subscribe to our RSS Feed
  Follow us on Twitter

• Top Posts

  • Not Another Word: European Commission Law Requires Explicit Consent
  • The Other Side of Facebook’s IPO
  • Hackers Don’t Have to Worry About Police at the Door as Much as a Hellfire Missile Down the Chimney
  • Robbing the Cradle…Literally – Child Identity Theft Rising
  • The Google Web

• Additional Resources

  	Ponemon Study: Consumer Attitudes on Privacy & Fraud Prevention
  	Executive Primer: Using Device ID for Fraud Prevention
  	Technical White Paper: Device Intelligence In-depth

• Categories

  Select Category Account Compromise  (37) Adknowledge  (1) Advanced Persistent Threats  (1) Analyst  (1) Analysts and Research  (12) Anonymous  (8) Anonymous Attacks  (13) bank fraud  (30) Bank of America fraud  (1) BART  (1) Botnets  (28) Brian Krebs  (2) Carberp  (1) Carberp banking Trojan  (1) Chinese cyber attacks  (5) Citibank hacking  (1) Citigroup account hacking  (3) Cloud computing  (18) Comerica Bank  (2) Comerica Bank Fraud  (3) ComodoHacker  (1) Conflicker worm  (1) Cookie wiping  (15) Cookieless Device Identification  (82) Credit Card Fraud  (27) Credit Card Transactions  (53) Cyber Attacks  (42) Cyber Monday  (4) Cyber warfare  (23) cybercriminals  (19) cybersecurity  (15) Cyworld account hacking  (1) Dark Market  (3) Dasient  (2) Data Breaches  (2) Data Privacy Day  (2) Dating fraud  (9) Device Detection  (100) Device Fingerprint  (120) Device ID  (116) Device Identification  (139) Electronic Crimes Task Force  (1) Electronic Frontier Foundation  (1) Epsilon Account Hacking  (1) Epsilon Data Breach  (6) European privacy  (1) European privacy laws  (1) Events  (12) Facebook  (9) Facebook account hacking  (2) Facebook IPO  (1) FFIEC  (8) FFIEC Banking Guidelines  (11) FTC on stolen child identities  (1) Gaming Fraud  (3) Google  (1) Government Fraud  (22) Hackers  (23) Hacking  (27) Humor  (1) IAPP  (1) Identity Theft  (56) IMF Cyberattack  (1) IP Address Cloaking  (1) IRS Fraud  (2) Kerry-McCain Commercial Privacy Bill of Rights  (2) Killer apps  (1) Krebs  (1) KrebsonSecurity  (1) Law and Enforcement  (17) Lulz Security Attacks  (11) LulzSec  (5) Malware  (14) malware prevention  (8) malware protection  (10) man-in-the-browser attack  (10) Micropayments  (4) microtransactions  (2) MitB  (9) mobile payments  (14) monetization platform  (1) mules  (1) mules in fraud  (1) National Cybersecurity Awareness Month  (4) Nato Fraud  (6) New Account Registration  (25) New York cyber attack  (1) NSA  (2) online banking  (46) Online Credit Card Transactions  (53) Online Fraud  (104) Online Fraud Trends  (69) Patco Construction Lawsuit  (2) Patco online banking fraud  (1) Payments Management  (11) PBS account hacking  (1) PC Fingerprint  (69) Pentagon  (11) personally identifiable information  (65) PII  (65) Ponemon Institute  (10) PrECISE  (1) Privacy  (14) Proxies  (8) Ramnit malware  (1) Red Herring Global 100  (1) RSA  (4) RSA Fraud  (7) RSA hacking of SecurID  (1) Russian cyber attacks  (6) San Francisco City College Hacking  (1) Sega account hacking  (6) Sega fraud  (6) Social Media Fraud  (9) Social Networks  (17) Social Security Fraud  (8) Sony  (6) Sony PlayStation  (10) Sony Playstation hacking  (1) SOPA  (1) South Africa’s Postbank Hacking  (1) State of Texas Stolen Social Security Numbers  (1) Statfor Global Intelligence Service hacking  (1) Stolen identities  (14) Stop Online Piracy Act  (1) Stuxnet  (2) Super Rewards  (1) ThreatMetrix  (68) ThreatMetrix Cybercrime Defender Platform  (10) ThreatMetrix Fraud Facts  (29) ThreatMetrix User Conference  (11) Toshiba Fraud  (3) Trojans  (1) TrustDefender Client  (11) TrustDefender Cloud  (11) TrustDefender ID  (11) TrustDefender Labs  (1) Twitter  (2) U.S. Department of Homeland Security  (1) Uncategorized  (67) Virtual currency  (2) virtual goods  (1) Web Application Security  (2) Wordpress.com Hacking  (1) Worldpress.com Hacking  (1) Zappos  (1) Zappos hacking  (1) Zeus Trojan  (7)

• Blog Archives

  Select Month February 2012  (2) January 2012  (11) December 2011  (9) November 2011  (10) October 2011  (12) September 2011  (5) August 2011  (12) July 2011  (5) June 2011  (15) May 2011  (4) April 2011  (3) March 2011  (5) February 2011  (2) December 2010  (2) November 2010  (2) October 2010  (3) September 2010  (1) August 2010  (3) July 2010  (3) June 2010  (3) May 2010  (4) April 2010  (4) March 2010  (3) February 2010  (4) January 2010  (1) December 2009  (1) November 2009  (3) October 2009  (4) September 2009  (4) August 2009  (2) July 2009  (3) June 2009  (5) May 2009  (6) April 2009  (1) February 2009  (5) January 2009  (6)

• Other Resources

  • Banking Analytics Blog
  • CalvinAyre Blog
  • Dark Reading
  • eCommerce Tactics
  • eWeek Security Watch Blog
  • Inside Social Games
  • Javelin Strategy
  • Online Dating Post
  • Online Personals Watch
  • Payment News
  • Scam Detectives Blog
  • Shop.org
  • Social Networking Watch
  • The Fraud Blog
  • Virtual Goods

Become Our Customer | Contact Support | Schedule a Demo
© 2012 Threatmetrix All Rights Reserved. Privacy Policy | Site Map | Terms of Service