Print 59 comment(s) - last by Smilin.. on Jun 21 at 11:30 AM

  (Source: icanhascheezburger)
Facebook, Gmail, and Twitter pages defaced as mob mentality rules

Today everyone's favorite (or least favorite, perhaps) cyberbanditsLulzSec, leaked 62,000 peoples' email addresses and passwords.

The listing, which can be found here in text file form, has lots of different users and passwords.  A few notes -- the passwords appear to be all 15 or less characters and don't include capital letters (the last entry seems a fluke).  

This could simply be a coincidence that speaks to peoples' password tendencies these days, or it could be a sign that LulzSec used brute force attacks to crack these passwords.  

Using an SSD-driven rainbow tables approach, a 14-character hashed password can be cracked in about 5 seconds; cracking 62,000 passwords would take approximately three and a half days, at most (probably less if you exclude capitals).  Of course that's for Windows passwords, which use MD4 hashing.  More secure sites likely use MD5 and SHA1, in addition to salting, and a high iteration account -- of course there's plenty of sites that are probably using MD4 with no salting or -- as the Sony hacks showed -- storing passwords as cleartext in web accessible databases.

Many users whose email addresses were hacked subsequently had their Twitter or Facebook accounts illegitimately accessed and defaced [source].  It appears that the internet equivalent of a mob is behind these attacks -- thousands of individuals have downloaded the file containing the passwords and begun to try to access peoples' accounts.

The Next Web has been promoting a tool to find if you've been hacked, stating, "We've promised we won't say who built it, but can absolutely 100% assure it wasn't LulzSec and there's no email harvesting going on."

That said, the widget -- originally hosted here -- is the work of an unknown developer, so entrusting it with your emails might not be wise.

As always you can maintain safety online by:

  1. Using one-time use accounts for your various online registrations (to avoid one account being compromised allowing others to be compromised).
  2. Use passphrases with numbers, capital letters, and preferably ASCII symbols.
  3. Make sure your passwords are over 20 characters long.
  4. Don't reuse passwords.
  5. Don't share passwords with anyone.
While the above may seem difficult, it will allow you to remain safe from cybercrime online, for the most part.


Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Why are you linking to the file and contributing
By SeeManRun on 6/16/2011 9:23:12 PM , Rating: 2
Why on earth is this article linking to the file and contributing to the problem? That is quite brutal!

By Manch on 6/16/2011 9:28:40 PM , Rating: 4
Maybe people want to check to see if they're on the list so they can change their passwords and delete their weiner pics?

By ShaolinSoccer on 6/17/2011 9:26:50 AM , Rating: 3
Why on earth is this article linking to the file and contributing to the problem?

It's not longer there. Does anyone know where we can see the list of names that were hacked? I don't wanna see the passwords. I just wanna see if anyone in my family is in the list.

By ShaolinSoccer on 6/17/2011 9:45:13 AM , Rating: 3
Nevermind. I found a website but if I were you, don't type in the whole email address. Just a partial name will work.

By tastyratz on 6/17/2011 1:01:01 PM , Rating: 2
THANK you. THAT is what we needed, not a list of passwords on dt!!
This needs to go in the main article pronto. The first thing I cared about was knowing if I was impacted by this. It should also say that there were many different providers. As I read on I was thinking... all att? hotmail?yahoo? etc. I never would have expected from everywhere.

Isn't this a little script kiddie for lulzsec though? They set the bar higher than a few days on rainbow tables I would think...

"If you look at the last five years, if you look at what major innovations have occurred in computing technology, every single one of them came from AMD. Not a single innovation came from Intel." -- AMD CEO Hector Ruiz in 2007

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki