Breaking Analysis: Tumblr Hack – Mischievous or Malicious Attention Whores?

The blogging site Tumblr has been hacked by group called GNAA. The hackers created a worm that flooded users’ dashboards with spam. This wasn’t their first venture at hacking big sites, as SiliconANGLE Contributing Editor John Casaretto reminded viewers about the AT&T and Apple iPad hacking story from last week. Goatse Security is also an off-shoot of the GNAA group.

Casaretto described GNAA as a notorious group, best known for their “crap-flooding” exploits, meaning they flood popular website forums with useless messages. Casaretto noted that they have been very creative in getting around firewalls and different obstacles. He said, “In essence, they’re an internet trolling organization; they do a lot of it for laughs. But lately we’ve seen some of these exploits . . . and they’re starting to become more of a hacking type of group where they’re exposing weaknesses on these websites.”  Casaretto attributed the motivation of these attacks to the group wanting to attract attention by declaring war on all blogs as well as targeting adult fans of “My Little Pony” or “bronies” as they are known.

Regarding the attack itself, Casaretto explained that the worm was able to compromise user pages by exploiting Tumblr’s re-blogging feature. Casaretto said the hackers exposed a small piece of JavaScript code which led to a pop-up page for people who were actively logged in, and when their browser hit that URL, it prompted the user, and the page would then re-blog, thus spreading the virus.

In another hacking story, last Friday, a security researcher by the name of Carlos Reventlov, published an article on how to attack Instagram and gain control of another user’s account. Reventlov discovered the vulnerability in mid-November and actually developed the attack to prove his research. Although he notified Instagram of the problem on November 11, it has yet to be addressed.

The weakness was found in a version of Instagram that is only for iPhone. Reventlov noticed that certain activities, such as logging in or editing profile data would send encrypted data to Instagram, but other functions would only send plain text. Casaretto clarified that the vulnerability only exists if the hacker is on the same LAN as the victim.  See the entire segment with Kristin Feledy and John Casaretto on the Morning NewsDesk Show.