UPDATED 13:18 EDT / DECEMBER 04 2012

Breaking Analysis: Tumblr Hack – Mischievous or Malicious Attention Whores?

The blogging site Tumblr has been hacked by group called GNAA. The hackers created a worm that flooded users’ dashboards with spam. This wasn’t their first venture at hacking big sites, as SiliconANGLE Contributing Editor John Casaretto reminded viewers about the AT&T and Apple iPad hacking story from last week. Goatse Security is also an off-shoot of the GNAA group.

Casaretto described GNAA as a notorious group, best known for their “crap-flooding” exploits, meaning they flood popular website forums with useless messages. Casaretto noted that they have been very creative in getting around firewalls and different obstacles. He said, “In essence, they’re an internet trolling organization; they do a lot of it for laughs. But lately we’ve seen some of these exploits . . . and they’re starting to become more of a hacking type of group where they’re exposing weaknesses on these websites.”  Casaretto attributed the motivation of these attacks to the group wanting to attract attention by declaring war on all blogs as well as targeting adult fans of “My Little Pony” or “bronies” as they are known.

Regarding the attack itself, Casaretto explained that the worm was able to compromise user pages by exploiting Tumblr’s re-blogging feature. Casaretto said the hackers exposed a small piece of JavaScript code which led to a pop-up page for people who were actively logged in, and when their browser hit that URL, it prompted the user, and the page would then re-blog, thus spreading the virus.

In another hacking story, last Friday, a security researcher by the name of Carlos Reventlov, published an article on how to attack Instagram and gain control of another user’s account. Reventlov discovered the vulnerability in mid-November and actually developed the attack to prove his research. Although he notified Instagram of the problem on November 11, it has yet to be addressed.

The weakness was found in a version of Instagram that is only for iPhone. Reventlov noticed that certain activities, such as logging in or editing profile data would send encrypted data to Instagram, but other functions would only send plain text. Casaretto clarified that the vulnerability only exists if the hacker is on the same LAN as the victim.  See the entire segment with Kristin Feledy and John Casaretto on the Morning NewsDesk Show.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU