Menu
Matt Damon is Jason Bourne Again

Matt Damon is Jason Bourne Again

Galaxy Note 4 Screen is the World's Best

Galaxy Note 4 Screen is the World's Best

Iggy Azalea Sex Tape Controversy Heats Up

Iggy Azalea Sex Tape Controversy Heats Up

Paris Hilton just bought the Cutest and Smallest Dog

Paris Hilton just bought the Cutest and Smallest Dog

Kim Kardashian Flames Media about Kanye West Attack

Kim Kardashian Flames Media about Kanye West Attack

Blackmailer Hacks Popular Twitter Handle, Commits A Near-Perfect Crime

Jan 29 2014, 11:42pm CST | by , in News | Technology News

Blackmailer Hacks Popular Twitter Handle, Commits A Near-Perfect Crime
 
 

YouTube Videos Comments

Full Story

Blackmailer Hacks Popular Twitter Handle, Commits A Near-Perfect Crime

Naoki Hiroshima, a developer of social apps like Echofon and Cocoyon, was used to people trying to steal his rare Twitter username, @N. He regularly received password reset instructions from people who were trying to gain control of his account, which he had acquired in 2007.

Once, he was even offered $50,000. He turned it down.

Ten days ago, an @N-coveting ne’er-do-well figured out a way to get Hiroshima to give up his Twitter handle. In the process, he may have committed a near-perfect crime.

Hiroshima recounted the sorry tale in a post on Medium: “My $50,000 Twitter Username Was Stolen Thanks to PayPal and GoDaddy.”

The would-be blackmailer, who goes by the moniker “Social Media King,” and uses an email address “swiped@live.com,” began his attack by looking for leverage. He noticed that Hiroshima had registered several domains through the GoDaddy domain registration service. He figured control of those domains could lead to control of @N.

In a few simple steps, Social Media King circumvented the security measures of PayPal and GoDaddy. Within minutes. Hiroshima’s domains were his.

Here’s how Social Media King did it. First, he called PayPal.  Posing as an employee, he persuaded another, real employee to provide the last four digits of Hiroshima’s credit card. Next, Social Media King called GoDaddy. He told them he had lost his credit card, but that he remembered the last four digits. GoDaddy then let the attacker guess the first two digits of the card. He did so correctly, and GoDaddy gave him access to Hiroshima’s account. Once Social Media King was in, he changed all Hiroshima’s account information.

As part of GoDaddy’s security practices, the company duly informed Hiroshima that his account settings had changed. Hiroshima called GoDaddy to explain the situation. But he was confounded when the representative asked for the last six digits of his credit card to confirm his identity. Unfortunately for Hiroshima the Social Media King had already changed the credit card number. Hiroshima was now nobody as far as GoDaddy was concerned.

By taking over Hiroshima’s GoDaddy accounts, Social Media King was also able to take over his email and his Facebook account. Friends began to alert Hiroshima that his Facebook account was acting funny. But @N was linked to a email address that Social Media King did not control. It was still out of reach.

In response to reporters’ questions about Hiroshima’s story, @Ask PayPal tweeted “our investigation did NOT disclose any credit card details. More info soon.” Twitter said it is investigating but does not comment on individual’s accounts. GoDaddy has not yet responded to a request for comment.

In the mid-afternoon of January 20, Social Media King sent a blackmail note to Hiroshima. “I would like to inform you that your GoDaddy domains are in my possession, one fake purchase and they can be repossessed by GoDaddy and never seen again D:

“I see you run quite a few nice websites, so I have left those alone for now, all the data on the sites has remained intact. Would you be willing to compromise? Access to @N for about 5 minutes while I swap the handle in exchange for your GoDaddy and help securing your data?”

Hiroshima pondered the request for a few hours. Finally, he concluded “giving up the account right away would be the only way to avoid an irreversible disaster.”

He released @N. In exchange, the attacker helpfully provided some tips to Hiroshima so that he could avoid becoming a victim in the future.

First, he suggested calling PayPal and asking an agent to add a note to his account not to release details over the phone.

Second, he suggested switching to a more secure registrar like NameChap or eNom.com.

Looking back, Hiroshima has some suggestions of his own.

Hiroshima advises not using emails based on custom domains (like joe@joes-website.com) to log in to service you value. If the registrar of those domains is compromised, then you can kiss the security of your emails goodbye. It is can also be helpful to protect particularly sensitive data with two-factor authorization, which requires a user to enter both a password and a special code that is sent to his or her phone.

Finally, Hiroshima urges making a technical change to your mail server records that would delay the time it took for a change to take effect. Time is the enemy of the digital attackers. The longer it takes to pull off a heist, the most exposed an attacker becomes.

The beauty of the @N heist, from Social Media King’s perspective, was that in an era where everyone leaves digital fingerprints behind wherever they go, he was able to wipe his clean. Law enforcement agencies, already struggling with the enormous rise in digital crime, are unlikely to devote resources to figure out why the ownership of a Twitter handle changed hands.

Today, @N is a locked account. The profile picture features an anonymous person in a hoodie. Only confirmed users can follow @N’s tweets.

For now, Social Media King is lying low. But at some point, the hype will die down. The heist will be forgotten. And @N will likely be for sale.

Source: Forbes

 

You Might Also Like

Updates


Sponsored Update


Advertisement


More From the Web

Shopping Deals

 
 
 

<a href="/latest_stories/all/all/31" rel="author">Forbes</a>
Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.

 

 

Comments

blog comments powered by Disqus

Latest stories

Kourtney Kardashian positively Glows while sporting a Baby Bump
Kourtney Kardashian positively Glows while sporting a Baby Bump
Kourtney Kardashian was spotted recently by paparazzi and she positively glowed while she also sported a baby bump beneath a white lace dress.
 
 
Miranda Lambert nominated for 9 CMA Awards this Year
Miranda Lambert nominated for 9 CMA Awards this Year
Miranda Lambert showed her soft side for a 7 year old fan with cancer. She kept wiping her tears off when she sang “Over You” for a 7 year old cancer patient in Texas on Saturday. And she was also nominated for 9 CMA awards this year.
 
 
The Retrial Jury For John Goodman Will Come from Other Towns
The Retrial Jury For John Goodman Will Come from Other Towns
Members of John Goodman Retrial Jury will come from out of town.
 
 
iPhone 6 Accessories are a Beautiful Addition to the Real Deal
iPhone 6 Accessories are a Beautiful Addition to the Real Deal
Accessories are something that everyone wants to gain access to. The accessories to the iPhone 6 and iPhone 6 Plus are a beautiful addition to the real deal that is the smart phones.
 
 
 

About the Geek Mind

The “geek mind” is concerned with more than just the latest iPhone rumors, or which company will win the gaming console wars. I4U is concerned with more than just the latest photo shoot or other celebrity gossip.

The “geek mind” is concerned with life, in all its different forms and facets. The geek mind wants to know about societal and financial issues, both abroad and at home. If a Fortune 500 decides to raise their minimum wage, or any high priority news, the geek mind wants to know. The geek mind wants to know the top teams in the National Football League, or who’s likely to win the NBA Finals this coming year. The geek mind wants to know who the hottest new models are, or whether the newest blockbuster movie is worth seeing. The geek mind wants to know. The geek mind wants—needs—knowledge.

Read more about The Geek Mind.