Darwinbots Forum

General => Off Topic => Topic started by: Botsareus on May 08, 2016, 03:02:35 PM

Title: <Rant> Twitter hacked for the 3rd time <Rant>
Post by: Botsareus on May 08, 2016, 03:02:35 PM
OMG. This is the third time twitter gives me BS about some service or website not associated with twitter compromised my account and than I am following random people I never wanted to follow. Not that I care, being socially connected even to random people is better than nothing. But very annoying.
Title: Re: <Rant> Twitter hacked for the 3rd time <Rant>
Post by: Botsareus on May 08, 2016, 03:33:41 PM
The good news: I got an ip hit on the mofo. Looks like the individual is from Netherlands. Lets see what my options are.  :P
Title: Re: <Rant> Twitter hacked for the 3rd time <Rant>
Post by: Botsareus on May 08, 2016, 03:40:26 PM
Looks like a proxy. Attempting to trace further now.
Title: Re: <Rant> Twitter hacked for the 3rd time <Rant>
Post by: Botsareus on May 08, 2016, 03:52:18 PM
hmm... I got another hit from where Numsgil is (see picky)

Numsgil, does any of this look familiar to you?
Title: Re: <Rant> Twitter hacked for the 3rd time <Rant>
Post by: spike43884 on May 09, 2016, 12:07:44 PM
hmm... I got another hit from where Numsgil is (see picky)

Numsgil, does any of this look familiar to you?
If thats Numsgil's location (which I have no clue if it is), but if it is then the its either a very, very rare coincidence OR:
Someone sent a computer virus through IM, or through something both of you (and possibly more people, E.G. the dude from the netherlands) which may or may not have lay dormant for a long time, and has been activated as a proxy. This allows the person then to ping back and forth through most of us, taking a long time to be actually trace them down, and its likely they're doing it from some device which they can move (e.g. a laptop) which they've setup to use a dynamic IP.


Are any of our members that were around when IM was up and running from the netherlands? (that we know of atleast)?
Title: Re: <Rant> Twitter hacked for the 3rd time <Rant>
Post by: Peter on May 09, 2016, 01:51:00 PM
...Netherlands here. No, I didn't do anything. And Numsgil neither most likely.

What's the service/website doing it? What does this  (https://twitter.com/settings/applications)say?
Where/how did you retrieve the IP?

Enable 2 factor authentication if you think someone else is logging into the account.
Title: Re: <Rant> Twitter hacked for the 3rd time <Rant>
Post by: Botsareus on May 09, 2016, 02:21:23 PM
I am sure it was not you Peter. My end point was indeed a laptop in the woods.
If it keeps up I will probably enable more authorization.
I also posted the Numsgil bit just to be safe for Numsgils sake because that was early on my trace.
Twitter is pretty good at listing ips that have access to my account.
Title: Re: <Rant> Twitter hacked for the 3rd time <Rant>
Post by: Peter on May 09, 2016, 03:30:17 PM
Uh, if you're sure someone messed with it. I would take precautions at once. I never had weird stuff like this happening to me, and that's weird as I've messed around plenty, in windows xp using all kinds of warez and no virus or other kind of protection. Did you do anything strange?

Do you have a password which can be guessed?
Title: Re: <Rant> Twitter hacked for the 3rd time <Rant>
Post by: Botsareus on May 09, 2016, 03:37:18 PM
Yea, I had a reasonably easy to guess password. I changed it because twitter prompted me to do so.
Title: Re: <Rant> Twitter hacked for the 3rd time <Rant>
Post by: spike43884 on May 10, 2016, 01:27:12 PM
Yea, I had a reasonably easy to guess password. I changed it because twitter prompted me to do so.
Have a password with numbers 'mixed into' the word. Whole words are easier to guess by a computer or person than ones with numbers in (E.G. Hello is easier to guess they H3ll0).
Also, 2-factor authentication is good, or just regular password changing (2-factor authentication is better, as it requires both devices to be compromised).
Title: Re: <Rant> Twitter hacked for the 3rd time <Rant>
Post by: Peter on May 11, 2016, 04:47:48 PM
(https://imgs.xkcd.com/comics/password_strength.png) (https://xkcd.com/936/)
From: https://xkcd.com/936/

I'm using random generated passwords by keepass. More due to laziness, than for having stronger passwords. I don't want to remember multiple passwords!
Title: Re: <Rant> Twitter hacked for the 3rd time <Rant>
Post by: spike43884 on May 12, 2016, 11:23:52 AM
(https://imgs.xkcd.com/comics/password_strength.png) (https://xkcd.com/936/)
From: https://xkcd.com/936/

I'm using random generated passwords by keepass. More due to laziness, than for having stronger passwords. I don't want to remember multiple passwords!
Your both correct, and incorrect. For that model of hacking, yes it works.
However, if they're hacking like that, with simple incrementation of lettering, then you can rely on account lockouts really. No, they don't work like that.

They work off both looking for words & doing incrementation. Plus, with the sites that have a 3-guess-limit, it'll probably be a human attempting it, purely as they have a better chance of getting in than a computer within 3 guesses.

So, the solution is to organize your passwords. By having random number/symbol replacements you automatically make it harder for a human or logical guess algorithm to guess, and making it say, a short sentence, makes it slightly more challenging for a simple incrementation.

You make sure then that you follow a rule on all your passwords as to how you replace letters, so it might be that you just replace every o with a 0. I knew someone who did that in the chat of games, without flaw, and it took them a while to move out of that habit after they changed usernames (as the replacement linked to their username, which also replaced o's with 0's).
Then you only have to remember a rule, and a memorable (not random, as random words don't matter to computers on simple incrementation) word/phrase. E.g. the country of your favourite holiday destination + your favourite restaurant there.

Just in case you don't get simple incrementation & logical guessing:
Incrementation:
Guess 1: aaaaaaaaaa
Guess 2: aaaaaaaaab
Guess 3: aaaaaaaaac
Guess 4: aaaaaaaaad
and so on.
Logical guessing, uses information already obtained to make an educated guess (Yes, a computer can kind of do this...)
Firstly, it may use say, your twitter posts, and use words (possibly filtered by wordlength and type to eliminate words like "and") to guess,
Alternatively it may work off known popular passwords or phrases, and slowly work its way down the list of popular words/phrases.


Normally a combination of the methods is used, and I'm sure there is other ways of cracking passwords.
Title: Re: <Rant> Twitter hacked for the 3rd time <Rant>
Post by: Numsgil on May 13, 2016, 06:54:43 PM
hmm... I got another hit from where Numsgil is (see picky)

Numsgil, does any of this look familiar to you?

I'm not poor enough to live in hunter's point :)
Title: Re: <Rant> Twitter hacked for the 3rd time <Rant>
Post by: Botsareus on May 13, 2016, 07:14:19 PM
hmm... I got another hit from where Numsgil is (see picky)

Numsgil, does any of this look familiar to you?

I'm not poor enough to live in hunter's point :)

Alright cool.
Title: Re: <Rant> Twitter hacked for the 3rd time <Rant>
Post by: Botsareus on August 29, 2016, 02:45:53 PM
Everyone! Please call 1(669)238-4335 The more the better. Someone did a crappy job on there robocall system. You can actually get trough to the guys doing the robocalls, kinda like a dos attack.

edit: I am not 100% on this but probably Spike paid Peter off to get my passwords trough IM, Peter had nothing, so Spike did not pay him. So Peter ended up hacking twitter to get my phone number.
Title: Re: <Rant> Twitter hacked for the 3rd time <Rant>
Post by: Peter on August 30, 2016, 01:28:03 PM
I saw your email. No, I haven't hacked you.

Side note: I don't know your twitter account. Nor do I know spike outside this forum.
Title: Re: <Rant> Twitter hacked for the 3rd time <Rant>
Post by: Botsareus on August 30, 2016, 01:51:45 PM
It is just the fact that as soon as I enabled 2 step authorization I started getting robocalls. I do not even own a car!
Also, it does not seem you really care enough to start IM back so I started feeling paranoid a bit. I am sorry for that.
Title: Re: <Rant> Twitter hacked for the 3rd time <Rant>
Post by: Numsgil on August 30, 2016, 02:02:00 PM
Since you live in the US you can try putting your number on the do not call list (https://www.donotcall.gov/).  Not everyone respects it, and it takes ~month to really take effect, but it doesn't hurt.

Also, is this thread just going to be you accusing different forum people of hacking you?  Maybe it's PY!  He's been quiet.  Too quiet.
Title: Re: <Rant> Twitter hacked for the 3rd time <Rant>
Post by: Botsareus on August 30, 2016, 04:59:05 PM
I need to get out more :)
Title: Re: <Rant> Twitter hacked for the 3rd time <Rant>
Post by: Botsareus on September 03, 2016, 08:08:15 PM
Probably the end goal was the same. To make me look stupid. :)
The phone calls magically stopped btw.

edit: Really do not care who is behind it. As long as no more annoying phone calls and text messages.