Twitter accounts are getting hacked and spreading adult content

More than 2,500 Twitter Accounts Hijacked and Taken Over by Pornbots in last two weeks!

The hijacking of over 2,500 Twitter accounts has suddenly become the talk of the town as everyone seems to be affected by the news. Maybe because the accounts hacked also include a majority of those that contained a large number of followers. After the hack, hackers modified the profile pictures, bios and full names of the users in order to popularize adult websites and replaced them with pictures of women in “a suggestive pose or wearing lingerie/swimwear.” The names also have been altered and substituted with other real names taken from a variety of forums.

Chromeo is a Canadian electro-funk duo from Montreal who had their verified account hacked / Image Source: Symantec

Symantec, a security company, has provided the list of celebrities and well-known individuals whose Twitter accounts were hijacked by hackers. These include Chromeo, an electrofunk band, David Carr, late New York Times reporter, Cecil Shorts III, US Footballer and Azeem Banatwala, a stand-up comedian. The list also includes international reporters from The Telegraph.

According to Satnam Narang, Symantec’s senior security manager, this is indeed a preposterous way to popularize particular dating or pornographic sites. In his blog post, Narang wrote that: “Rather than tweeting or direct-messaging users, the attackers used these compromised accounts to like tweets and follow other users, hoping to capitalize on users being curious enough to investigate their Twitter profiles.”

The hijacking took place over a two weeks’ span and apparently pornbots have replaced them. Pornbots are actually intelligent software that repeatedly post sexually explicit and inappropriate content (read pornographic content) on these hijacked Twitter accounts. Moreover, these pornbots are also tweeting links to adult dating sites.

The hacking spree has turned out to be quite profitable for the hackers as they must have raked in $4 for every single user that registered on that website. That happened because users were automatically redirected and asked for registering to these adult sites. The aim of this hijacking was to compel users into clicking on the provided links that will take them to the adult websites. Narang told MotherBoard:

The Curious Case of Creepy @FFD8FFDB Twitter Bot Spying and Posting Images

Twitter Alerting Users on State-Backed Attacks, Urging Use of Tor

“If a user visits the compromised profile, they will see tweets that claim to offer free sign-ups to watch “hot shows” over webcam, or dates and sexual encounters. Each of these tweets includes sexually suggestive photos and shortened links using either Bitly or Google’s URL shortener,”

Upon clicking on short URLs users are being redirected to ads like this / Image Source: Symantec

“Being able to bust into that account, and use that account to post a tweet will make it more likely that people will click on their links compared to someone who has say, 100 followers or 20 followers” states Narang.

However, it has been identified that a majority of the hacked account were quite old and some were created in 2007 while some were merely dormant as there wasn’t a single tweet posted from that account. As per Narang’s analysis, hackers managed to break into such a vast number of accounts due to “a combination of weak and reused passwords”.


Related Posts