martes, septiembre 01, 2009

Croll cracks Twitter


Ian Paul

Hacker Croll started by building a profile of his target company, in this case Twitter. Basically, he assembled a list of employees, their positions within the company, and their associated e-mail addresses. After the basic information was accumulated, Croll built a small profile for each employee with their birth date, names of pets, and so on. After Croll had created these profiles, he just went about knocking on doors until one fell down. That's exactly what happened when he did a password recovery process for a Twitter employee's personal Gmail account. Croll discovered that the secondary account attached to this person's Gmail was a Hotmail account. The problem was that Hotmail account had been deleted and recycled due to inactivity -- a longstanding policy on Hotmail. Now, all Hacker Croll had to do was reregister the Hotmail account for himself, go back and do the Gmail password recovery, and then Gmail sent the password reset information straight to the bad guy. But it's not over yet. Gmail asked Hacker Croll to reset the password of the Twitter employee's personal e-mail account, which he did. But now the original user was locked out of their account, which would send up an obvious red flag. So all Croll did was search the Gmail account itself for passwords from the person's other active services. Then he entered a commonly used password he'd found, and waited to see if the person began using their account normally. Croll now had access to the Gmail account from behind the scenes, and was able to access information undetected. Making life even eaiser, the Twitter employee used the same password on her business and personal accounts, so the hacker now had access to both, and the rest was history.