Obama's Twitter Account "Hacked" 308
Oxford_Comma_Lover writes "A 24-year-old living with his mother in France was arrested for 'hacking' into Obama's twitter accounts. (Warning: WSJ does obnoxious paywall things. Your miles may vary.) Apparently he guesses the answer to a question related to password recovery in order to break into the accounts of famous people; he has no computer science training or financial motive. He posted screenshots to a few boards and twitter found out within a few hours, either from a tip or from noticing when someone from France logs onto twitter as the President of the United States. (He did not actually tweet as POTUS, but just wanted to show he could break into the account.)"
He shouldn't be arrested (Score:5, Insightful)
Apparently he guesses the answer to a question related to password recovery in order to break into the accounts of famous people
If thats all it takes then the system is broken, not the people abusing it.
Re:He shouldn't be arrested (Score:5, Insightful)
Laugh It Off (Score:2, Insightful)
They laughed it off when Palin was hacked...Will they laugh now for the POTUS?
The weakest link in any form of security (Score:4, Insightful)
Re:He shouldn't be arrested (Score:5, Insightful)
If thats all it takes then the system is broken, not the people abusing it.
Yes, blame the victim. You didn't install triple deadbolts on your door. It's not my fault all your stuff got fenced by me. Jeez, I mean, what do you expect a criminal to do? Hey, btw -- what kind of slashdot poster are you, I didn't find any ramen to eat while you were out running errands either. I really wanted to have a snack after cleaning the place out. Ungrateful jerk...
Re:He shouldn't be arrested (Score:5, Insightful)
The "Security question" system in itself is the weak point in most security situations.
Mother's Maiden name?
Pet's first name?
Favourite Band?
How long do you think it would take to brute force any of those with a simple script? There's no point in making sure your passwords Really strong if your security question can be as weak as a noodle.
Good. (Score:5, Insightful)
Having a password clearly dictates the intent of the person is not to allow other people to use it.
If a door is locked, then people know they shouldn't enter and kicking in the door would be a crime... or at least very rude.
Re:He shouldn't be arrested (Score:5, Insightful)
Its pretty trivial to break into most homes, cars, etc., but when people actually do it, we consider their actions to be the problem.
I don't see why the fact that it is a computer system means that there is suddenly nothing wrong with the actions of the person deliberately breaking in.
Sure, its fairly trivial for an online service to institute better security than "guess an fairly easy question and get access", so there are grounds for saying that the system has a problem. Its another thing, though, to go further and say that it is the system and not the intruder that is the problem.
Re:He shouldn't be arrested (Score:3, Insightful)
Fake? (Score:3, Insightful)
Wouldn't it be fairly trivial to fake those screenshots?
Re:He shouldn't be arrested (Score:3, Insightful)
Having a security question that is easily guessable is like leaving your car door unlocked. I wouldn't be surprised if it got stolen. Simple as that.
However, not using a security question, or using one that is as difficult to guess (Symbols, upper lower case, etc) - is like locking the doors. It will deter most criminals.
If someone SERIOUSLY wanted to hack into Obama's Twitter and cause a ruckus, they would, and I would sympathize for the Prez. But when some dude in France is pulling it off to show off his "leet skills", when all he's doing is guessing, yeah - I think I know who to really blame.
Next thing I know I'm going to read the NSA is still using WEP/TKA!
Re:He shouldn't be arrested (Score:2, Insightful)
Flamebait?
Personally I hate security questions. The suggestions are always obvious things where most you need to know is the person that owns the account.
The only safe thing is to not put an actual answer as the answer.
Re:He shouldn't be arrested (Score:3, Insightful)
Saying it could have been prevented by a better "system" and then redirecting the blame is like blaming my broken leg on the car manufacturer for not installing a reinforced titanium in the event I choose to plow into a tree.
Re:log of 'hacked' password recovery session: (Score:3, Insightful)
Wow... always knew that he was a fascist communist from central Asia. Everything is coming together now! (i hate teabaggers)
Not "hacking" (Score:4, Insightful)
I don't even see how this can be dignified as "hacking" -- it's not even "script kiddy" in its complexity. If this weren't the President then I doubt it would even be news at all. But is the account even actually Obama's in the sense of, he actually takes the time to post on it himself? Doesn't he have a country to run or something?
Re:He shouldn't be arrested (Score:3, Insightful)
Well, when the system forces it upon you, you sometimes have no choice.
To me, it's the equivalent of needing 2 passwords instead of one, and I never fill out my security questions with anything but random data. It's truly a PoS security wise. I even hate it more when you can't type up your own question.
I wonder if facebook has "Your highschool?" or something equally stupid as a security question, when you're there to catch up with old friends in the first place.
Re:Laugh It Off (Score:2, Insightful)
That would be in keeping with their two faced sense of outrage.
Password recovery methods are stupid (Score:2, Insightful)
This is why I type a huge string of random gibberish into those stupid "Password Recovery" sections that ask me questions that any person that does any amount of research into my life can figure out.
Those things are stupid and the fact that so many sites still use them is completely stupid.
it is simple morality (Score:4, Insightful)
that if you transgress against someone else, you are the problem
for example: if a bag of cash is sitting wide open and unguarded just inside an open door, you have absolutely 0% right to take it, and you are 100% to blame for the theft: YOU took it, no one told you to. your own poor decision making is the key
no matter how horrible or nonexistent someone's defenses, when you transgress against them, you are a criminal, you are 100% culpable, you have no excuse, you should be punished, and your morality sucks. plain and simple
sure, people SHOULD have good defenses. mainly because of all the immoral assholes out there. but even that you knew there were a lot of immoral assholes out there and their behavior is pretty predictable, none of that excuses the actual immoral assholes and their behavior. but another way: stupid is bad, but evil is always worse
so you need good defenses, but when you are transgressed against, the question of the quality of your defenses is completely besides the point: the immoral asshole needs to be punished
Re:He shouldn't be arrested (Score:5, Insightful)
Having a security question that is easily guessable is like leaving your car door unlocked. I wouldn't be surprised if it got stolen. Simple as that.
You know, bathroom locks in most homes and apartments can be opened with a straightened paper clip. There's a reason for this: You can't accidentally open the door, but if there's an emergency (say someone has a fall, or locks themselves in to overdose on pills) the door can be easily opened.
Pointing out the flaws of the security system don't relieve the person overriding it of their ethical responsibilities to their fellow human beings. Most security exists merely to satisfy the restraint that breaking it isn't accidental, because strong security can impede a variety of legitimate activities. As one example, my cousin lives with roommates who steal her pills, so she had a lock placed on her bedroom door. However, she needed me to get into the room while she was away to get some paperwork. So I fashioned a simple lock pick and gained entry (with the owner's permission). The average person would be unable to do this, but as a security expert, I can. However, I did not do so without permission, because that would be a violation of privacy, however trivial it was for me to actually open the door (about 5 seconds).
Re:He shouldn't be arrested (Score:3, Insightful)
Having a security question that is easily guessable is like leaving your car door unlocked. I wouldn't be surprised if it got stolen. Simple as that.
Not being surprised isn't what you said. You said the guy shouldn't be arrested. Effectively, the parallel is that if someone DID leave their door unlocked, and someone came in and stole their stuff, then that person shouldn't be arrested either.
No matter how weak your security is, if someone trespasses, steals, or otherwise breaks into a computer or a house, then they need to be punished. Claiming that the security was so weak that it wasn't much trouble for you simply isn't an adequate defense.
Re:He shouldn't be arrested (Score:3, Insightful)
Re:Laugh It Off (Score:3, Insightful)
Who is 'they?'
Re:He shouldn't be arrested (Score:2, Insightful)
What victim? It says he didn't even make any posts. This seems more like opening the unlocked front door of your house, saying "yep it's open" and then leaving without taking anything.
That's still tresspass in the real world. It's reasonable to expect that the residence was occupied and the owner could have been located prior to gaining entry, same as having 'no tresspassing' signs posted. There may be no security present to stop you, but that's not a valid argument for entering the premises.
Re:He shouldn't be arrested (Score:3, Insightful)
He didn’t “steal stuff”, he came in, looked around, disturbed nothing, but took photographs to prove he was there and then published them to let everyone know how easy it was to get in.
Re:log of 'hacked' password recovery session: (Score:2, Insightful)
I have to say I don't understand the vitriolic hatred you and others on the left have towards the tea party movement. Can you explain it to me? The basic goals of fiscal responsibility (we certainly don't have it in Washington), government acting in accordance with the constitution (if you are against that, please explain why), and free market (the only economic system so far found to produce prosperity) sound ok to me. Of course there will be a few toothless simpletons and conspiracy theorists coming along for the ride in any grassroots movement. Even if you disagree with those goals, I still don't understand the hatred. There are lots of things I disagree with and yet I don't feel the urge to resort to name calling, as much fun as it can be sometimes.
Re:He shouldn't be arrested (Score:3, Insightful)
It's still trespass.
Seriously, what would you do if your neighbor picked your lock, took picture of your house and then left?
Had you left your door open,, Then your point would be valid.
Re:He shouldn't be arrested (Score:2, Insightful)
He didn't "steal stuff", he came in, looked around, disturbed nothing, but took photographs to prove he was there and then published them to let everyone know how easy it was to get in.
Which is still trespass, and he posted the evidence of his crime publicly. Idiot. If you want to demonstrate the ease of breaking security, then educate people responsibly and ethically. This person did neither.
that's kind of funny (Score:5, Insightful)
considering the fact that
1. vitriolic hatred is pretty much all of the tea party consists of,
2. sound fiscal responsibility is finally what this health reform delivers,
3. health care security is unconstitutional only in creative crackpot legal arguments,
4. and free market principles do not answer every question in life (as the 2008 meltdown demonstrates: you need strong government regulation to keep the markets healthy)
a capitalist society with social safety nets is clearly and obviously superior in every measurement to the social darwinism i hear you advocating, even if you don't realize that is what you are advocating. free market fundamentalism died in 2008, i guess you didn't get the memo
Re:He shouldn't be arrested (Score:1, Insightful)
the new/reset password will be sent to a/c holder's email address. was his email address also hacked?
Re:He shouldn't be arrested (Score:1, Insightful)
My *bank* uses favourite food. Who wants to bet like 66% of answers are pizza?
Re:that's kind of funny (Score:2, Insightful)
1. vitriolic hatred is pretty much all of the tea party consists of,
Incorrect. It's frustration, not hatred. Frustration is the fruits of tolerance being pushed past its limits. Hatred is the fruit of intolerance. Democrats show hatred toward the tea party. The tea party shows frustration toward the Republicans and the Democrats. Republicans just haven't caught on to that yet.
2. sound fiscal responsibility is finally what this health reform delivers,
Trying to equate what they passed off as "health reform" with fiscal responsibility is like dividing by zero. It's not possible with even the most brainwashed imagination. Look at the current deficit and tell me congress knows what fiscal responsibility is even supposed to mean. Fiscal responsibility is not the responsibility to tax away problems, or force citizens to purchase healthcare.
and free market principles do not answer every question in life (as the 2008 meltdown demonstrates: you need strong government regulation to keep the markets healthy)
You need MINIMAL government regulation to keep the markets healthy, not STRONG government regulation. "Business-like practices" should be enforced, but it is rarely in the government's interest to regulate their biggest contributors. It is always in their interest to pick on their non-contributors and rivals to their contributors, however.
Re:log of 'hacked' password recovery session: (Score:1, Insightful)
yes only conservatives have "puppet masters"...libtards are too pure of intent and totally own themselves. The fact that you used to have a brain is in no way evidence you have one now you fucking slashtard
Re:He shouldn't be arrested (Score:1, Insightful)
He didn't "steal stuff", he came in, looked around, disturbed nothing, but took photographs to prove he was there and then published them to let everyone know how easy it was to get in.
And he performed a valuable public service. By his demonstrating the flimsy not-even-security, maybe the system will be fixed.
I'd prefer that to having some start putting out bogus tweets in the president's name that people might act on.
Re:He shouldn't be arrested (Score:3, Insightful)
No, he's right in this case.
If he had twittered something, then it'd be different - but this is about as white hat as it gets.
It's very similar to someone walking around turning doorknobs until he finds a house with an unlocked door, then leaving a note that your door was unlocked and he could've stolen everything.
It's not accurate to call a security question a "lock". Most sites have mandatory security questions - stuff like your first pet, mother's maiden name, or first school. In this day and age, all that info will be listed on the first page of Google, so unless you make your answer GHS75Y237HERDSNS94 or something, it's not a "lock".
Re:log of 'hacked' password recovery session: (Score:3, Insightful)