USA Today Twitter account hacked

USA Today’s Twitter account hacked.

Here’s how the “The Script Kiddies” did it.

USA Today’s Twitter account was hacked today by a group calling itself “The Script Kiddies.”

TechCrunch has more details on what actually happened but is light on details on how such a thing happened.

It’s a common enough problem that we thought our readers would benefit from knowing how their Twitter accounts could suffer the same fate.

First, you should know that the work “hack” is probably inappropriate here. Saying the USA Today’s Twitter account was “cracked” would be more accurate.

A hack is a generic term for modifying something. A crack is a malicious hack.

Next, we have to explain the term Script Kiddies.

Script Kiddies are not hackers. Hackers, in the Technology realm, are highly skilled programmers who use their talents in thousands of different ways from improving Google Maps to finding exploits in supposed “secure” applications.

The latter sounds bad, but, in reality, most time it isn’t. Hackers will find breaches in security and then do nothing malicious with their gained access. In fact, the hacker most likely will tell the company about the hole so it can be patched.

Script Kiddies, on the other hand, take the work of hackers and use it to spread mischief.

For example, if a hacker designed an application that exploited a bank’s security system but then tells said back about the hole, the hacker has preemptively helped the bank avoid catastrophe.

But let’s say someone gets a hold of this application and uses it to exploit other banks who have not yet had the chance to patch the vulnerability. That person is being malicious and would be considered a “Script Kiddie.”

So, in the case of USA Today, it looks like some Script Kiddies got a hold of a Trojan Horse virus and sent it to someone at USA Today in the form of an email attachment. A Trojan Horse is just like the one from Homer’s Odyssey. It disguises itself as something else to release the real intent on the victim.

We don’t know what the disguise was in this case, but it could have been an email that appeared to be from USA Today’s IT Department, telling employees to “install the attached upgrade.”

The “upgrade” actually installed a keylogger on the machine.

A keylogger is a dangerous program that transmits all activity (mainly keystrokes) back to the attackers’ computers.

Keyloggers are used to steal credit card numbers, social security numbers and passwords (as was the case with USA Today).

The attackers then used USA Today’s Twitter password to log in to Twitter and post messages.

So that’s how it happened.

What can you do about it?

Make damn sure you know what you’re opening when you download an email attachment!