http://techcrunch.com/2011/07/04/fox-news-twitter-account-hijacked-president-obama-declared-dead/


There’s nothing even remotely amusing about this: some stupid kids – actual age unknown – have taken over the (verified) @FoxNewsPolitics Twitter account and posted a series of messages declaring U.S. President Barack Obama dead on the eve of the Fourth of July, the national day of the United States.

The ‘hackers’ appear to have taken over the account around 2 AM Eastern time, and went on to claim President Obama was shot twice at an Iowa restaurant, that he passed away soon thereafter, and that the shooter’s identity was unknown.

By the time this post was published, the account had seen no tweets for a couple of hours, but neither was it suspended or were any of the fake reports deleted, so whoever gained access to the Twitter account may still have it.

Update: the Fox News website now shows a message saying:

FoxNews.com’s Twitter feed for political news, FoxNewspolitics, was hacked early Monday morning.

Hackers sent out several malicious and false tweets claiming that President Obama had been assassinated. Those reports are incorrect, of course, and the president is spending the July 4 holiday with his family.

The hacking is being investigated, and FoxNews.com regrets any distress the false tweets may have created.

Update 2: from Twitter’s communication team:

While Twitter does monitor accounts for brute-force login attempts and similar methods of attack, we’re unable to anticipate compromises that take place due to offsite behavior.

Generally speaking, we suggest using an email address associated with your domain or, if you do not have one, using two-factor authentication or being aware of best practices around password security in order to prevent attacks.

We’ve heard from Fox News that they have identified the offsite vector that led to the compromise, and would encourage follow-up with them about the details of how that compromise took place.

@FoxNewsPolitics has around 33,000 followers, but evidently many of the tweets have been retweeted and spread rapidly across the network.

Multiple reports claim there were more tweets, some declaring the successful hacking of the account, which have since been deleted. One of them reportedly read:

“Fox news politics hacked by the scrip tkiddies! http://t.co/6yZDcTS more embarrassment for FoxNews is imitate”

The link in the tweet led to another Twitter account, which has since been suspended.

THINK claims to have spoken to a ‘representative’ of The Script Kiddies, who said:

“I would consider us to be close in relation to Anonymous, 2 of the members of our group were members of Anonymous. I was a member of Anonymous.

We hope to be working with them soon.”

He or she also said this was only the beginning, and explained why Fox News was singled out:

“We are looking to find information about corporations to assist with antisec.

Fox News was selected because we figured their security would be just as much of a joke as their reporting.”

They also appear to have talked to The Hacker News, if you’re interested.

Follow the link to view the comments, because they're hilarious.

Such as: "Breaking news - bunch of 12 years old hack into FOX News... And nobody can tell the difference."

Well, pretty soon now, people will no longer regard Twitter with any hint of seriousness... oh wait...

The U.S. Secret Service will investigate the hijacking of a Fox News Twitter account by hackers who posted false reports that U.S. President Barack Obama was assassinated.
Secret Service spokesman George Ogilvie confirmed the investigation to CBC News on Monday.
Six tweets from FoxNewsPolitics, which has more than 34,100 followers, alleged the president was shot and killed at a restaurant while campaigning in Iowa. They were posted starting at about 2 a.m. ET on Monday, Independence Day.
Fox News announced on its website later in the morning that it had alerted the Secret Service, which is responsible for protecting the president, about the incident.
On its website Monday morning, FoxNews.com said, "Hackers sent out several malicious and false tweets claiming that President Obama had been assassinated.
"Those reports are incorrect, of course, and the president is spending the July 4 holiday with his family."
Fox News, which is based in New York City, later added it had alerted the Secret Service. Jeff Misenti, vice-president and general manager of Fox News Digital, was quoted as saying the website was requesting a detailed investigation by Twitter to figure out how the attack occurred and how to "prevent future unauthorized access into FoxNews.com accounts."
FoxNews.com expressed regrets for "any distress the false tweets may have created."
A group called the Script Kiddies initially took responsibility for the attack but later deleted information about itself from the Twitter feed, reported Think, a student news website at New York's Stony Brook University, which followed the attack as it progressed.
A person claiming to be from the Script Kiddies told the website the group includes former members of Anonymous, a loose-knit group of hackers who had taken responsibility for cyber attacks on various governments, including Tunisia and Egypt, as well as businesses that include MasterCard and Visa.
The spokesperson said the Script Kiddies are involved in an activist "antisec" movement targeting computer security that both Anonymous and Lulz Security are part of.
"Fox News was selected because we figured their security would be just as much of a joke as their reporting,” the group told the magazine. As of Monday morning, its apparent Twitter accounts, @TheScriptKiddie and @scriptkiddi3s, were suspended.
A purported Script Kiddies spokesperson gave similar information to TheHackerNews.com. He or she also claimed the group had access to several Fox News email accounts.
Tweets from the hacking incident remained online until around noon ET, including: "BREAKING NEWS: President @BarackObama assassinated, 2 gunshot wounds have proved too much. It's a sad 4th for #america. #obamadead RIP," and "We wish @joebiden the best of luck as our new President of the United States. In such a time of madness, there's light at the end of tunnel."
Security blogger Graham Cluley wrote that "may mean that no one at Fox has been able to log into the account to remove the tweets."
Cluley, a senior technology consultant for the computer security firm Sophos, noted that the rogue tweets started just after a post on the FoxNewsPolitics Twitter account saying, "Just regained full access to our Twitter and email. Happy 4th."
He suggested this means someone gained access to the Twitter account by compromising the email address of the person who administers it.
As of 9:30 a.m. ET Monday, Twitter had not commented on the attack, and its media inquiries website returned an error message with the suggestion to "Try again later."
On Monday, the only tweet issued by Twitter's official account was one asking the public to tweet questions for President Barack Obama for an online White House town hall on Wednesday.

http://ca.news.yahoo.com/secret-probe-fox-news-cyberattack-201718905.html

The name "Lulz Security" made me laugh.

Well, pretty soon now, people will no longer regard Fox News with any hint of seriousness... oh wait...FTFY

lol at brute-force method login attempts.

This is really really stupid of them.

It doesn't matter how hard it is to get into a computer system, or what you do once you're in there. It is a serious crime and carries serious time. Then you add a death threat against POTUS, which is also serious time... really fucking dumb.

Of course, it happens every day. Emails get hacked, forums get hacked, blogs get hacked. Constantly, often not even by a person, by a worm or a virus. And maybe these idiots thought that because it happens all the time and no one gets in trouble they would do it. But people don't get in trouble because it is hard to prove and no one cares when Jaeden's gay porn blog gets hacked. The FBI is more worried about Jaeden's Al Qaeda connections, they have bigger fish to fry.

Of course, if you're stupid enough to try to make national news, while breaking other federal laws, they sort of have to investigate it.

And what script kiddies often don't realize is that the investigators are very good. Unless you're in North Korea, they're probably going to find you.

I am going to laugh so hard when they're arrested. Dumbasses.

How is what they said either "malicious" or a "death threat"?

This is really really stupid of them.

It doesn't matter how hard it is to get into a computer system, or what you do once you're in there. It is a serious crime and carries serious time. Then you add a death threat against POTUS, which is also serious time... really fucking dumb.

Of course, it happens every day. Emails get hacked, forums get hacked, blogs get hacked. Constantly, often not even by a person, by a worm or a virus. And maybe these idiots thought that because it happens all the time and no one gets in trouble they would do it. But people don't get in trouble because it is hard to prove and no one cares when Jaeden's gay porn blog gets hacked. The FBI is more worried about Jaeden's Al Qaeda connections, they have bigger fish to fry.

Of course, if you're stupid enough to try to make national news, while breaking other federal laws, they sort of have to investigate it.

And what script kiddies often don't realize is that the investigators are very good. Unless you're in North Korea, they're probably going to find you.

I am going to laugh so hard when they're arrested. Dumbasses.

Meh ... did fraud occur? Were records and data destroyed, manipulated, or stolen?

Was there an actual threat made on the life of the POTUS?

The answers are no. I think you overstate the case.

lol at brute-force method login attempts.

What is there to laugh about? That wasn't how they gained access to the account.

I think it would have been interesting to see how the 34k followers of the feed would have responded to the tweet.

Also, love the reason why they picked FoxNews: "We figured their security was as big a joke as their reporting." LULZ.

What is there to laugh about? That wasn't how they gained access to the account.

Because it reminds me of the wizard's brute-force method, which never did shit.

Meh ... did fraud occur? Were records and data destroyed, manipulated, or stolen?

Was there an actual threat made on the life of the POTUS?

The answers are no. I think you overstate the case.

Unauthorized access to a computer system doesn't require fraud, doesn't require theft. It doesn't even require hacking. If Betty down the hall writes her password on a postit and you nab it and access her email... technically that is unauthorized access.

And apparently the SS considers it a threat, because the SS doesn't investigate computer crimes but they're investigating this.

See the Palin hacker. He only got 1 year, but he could have been up for 20, and he didn't send any fake emails out trying to fool people into thinking Barack Obama had been shot, then brag about it on a message board. I don't think a judge would be as lenient for sentencing in this case.

Unauthorized access to a computer system doesn't require fraud, doesn't require theft. It doesn't even require hacking. If Betty down the hall writes her password on a postit and you nab it and access her email... technically that is unauthorized access.

And apparently the SS considers it a threat, because the SS doesn't investigate computer crimes but they're investigating this.

See the Palin hacker. He only got 1 year, but he could have been up for 20, and he didn't send any fake emails out trying to fool people into thinking Barack Obama had been shot, then brag about it on a message board. I don't think a judge would be as lenient for sentencing in this case.

1. You implied hacking and hefty penalties.

2. The secret service is/was investigating the potential threat to the POTUS ... as is their job to do. They pretty much investigate every report .. and this was reported to them as a death threat.

3. Involved the collection and dissemination of data ... which this case does not.

Show me a case where a person "hacking" a twitter account and posting under the guise of another incurs penalties that you reference.

If Betty down the hall writes her password on a postit and you nab it and access her email... technically that is unauthorized access.

Ask any hacker and they'll tell you that getting access to that post-it constitutes hacking.

Ask any hacker and they'll tell you that getting access to that post-it constitutes hacking.

Yeah, that sounds about right. Unless the password was blank (IE no password) its still hacking, no matter how dumb it sounds.

Ask any hacker and they'll tell you that getting access to that post-it constitutes hacking.

Actually I think it would be deemed social engineering.

Hacking is using an exploit or flaw in a system to gain access.

Cracking is breaking a login system, typically brute force.

There was a time when I did these things.

And Tsa'aha'ahha I'll get right on finding that other instance of a high profile twitter account theft that was prosecuted to sentencing.... oh wait, there hasn't been one.

You ask for a precedent that does not exist. But plenty of people have been thrown in prison for equivalent unauthorized access to a computer. As I said.

In many cases the sentences are more than what are really deserved, but that is because lawmakers took a kneejerk reaction to hackers in the 90s and early 2000s when drafting this legislation. Much as they did to child porn disseminated by the Internet (which I know you pay extra close attention to) resulting in the situation we have where possessing child pornograpy can get you a longer sentence than molesting an actual child.

The laws are fairly broad and it is easy to justify almost any action as falling under them. For instance, posing as a news organization could be considered fraud.

If some hacking group wants to right the wrongs of the world and crusade for the little guys, shut down Khadafi's communications, find secret Bush documents that prove he knew Saddam had no WMDs, but lied anyways, etc, fine whatever. Or even do things like hack Sony to steal CC#s, at least you have a reasonable motive. This is just a juvenile prank, but, as I said, it carries real penalties, and so doing it was really stupid on their part. It is the digital equivalent of TPing someone's house, but in this case you chose someone important's house and forgot that if they bother to investigate it and catch you, you're looking at serious time.

So, IMO, they're stupid. Big risk, no payoff, and by involving POTUS you've guaranteed it is going to be investigated thoroughly.

Actually I think it would be deemed social engineering.

Ask any hacker and they'll tell you that social engineering is hacking.

Generally if you take a class in server/network security they do in fact state that the weakest link in security is usually the legitimate users. Most full scale data thefts originate from phishing. If your talking about hacking from a DDOS, scripting, exploit search procedure its not like their any harder really. Their downloadable kits. Being proud if ddos'ing someone is like being proud of installing microsoft word.

Hence the term script kiddy, taking a script someone smarter than you wrote and using it to "hack" and call yourself a hacker.

Oh, and Bob, while I'll defer to your expertise on almost anything, I don't think I will on this.

http://en.wikipedia.org/wiki/Social_engineering_(security)



"Social engineering" as an act of psychological manipulation was popularized by hacker-turned-consultant Kevin Mitnick. The term had previously been associated with the social sciences, but its usage has caught on among computer professionals.[2]


Kevin Mitnick... Bobmuthol... Kevin Mitnick... Bobmuthol... dunno.

If there is a piece of that wiki article that supports your argument, I couldn't find it; and what you quoted certainly does not show Mitnick saying that social engineering isn't hacking.

However, take a look at the title of this book listed under the further reading section of the article:

Long, Johnny (http://en.wikipedia.org/wiki/Johnny_Long). (2008). No Tech Hacking - A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing Published by Syngress Publishing Inc. ISBN 978-1-59749-215-7 (http://en.wikipedia.org/wiki/Special:BookSources/9781597492157)

Johnny Long... crb...

I'm not sure if you guys are arguing or not. Social engineering is a facet of hacking, and Mitnick was famous for it. I can't tell if crb agrees or not?

I'm confused why taking, or "nabbing" a post it note is social engineering...Was the post it note psychologically manipulated? That just sounds like theft.

What if you took a blank post it note, is that hacking?

What if you took a blank post it note, is that hacking?

Social engineering, clearly.

Stole that bitch a Post-it note. Bitches love Post-it notes.

Stole that bitch a Post-it note. Bitches love Post-it notes.

http://desertpeace.files.wordpress.com/2010/10/truth.jpg

http://s-ak.buzzfed.com/static/enhanced/terminal01/2011/7/6/17/enhanced-buzz-20191-1309988159-10.jpg