Friday, August 07, 2020

Hackers Flood Reddit With Pro-Trump Takeovers

By apparently compromising moderator accounts, the attackers were able to post MAGA materials all over at least 70 popular subreddits
.

WIRED AUGUST 7,2020


PHOTOGRAPH: WIN MCNAMEE/GETTY IMAGES

IN WHAT APPEARS to be a massive coordinated strike against Reddit, hackers took over dozens of pages on Friday afternoon, using their access to plaster pro-Donald Trump imagery across subreddits with huge followings.

Coming just over three weeks after hackers used access to high-profile Twitter accounts to tweet a bitcoin scam, the wave of Reddit compromises has a similarly eye-popping reach. Reddit communities with well over a million members—including r/space, r/food, and r/NFL—were all defaced with Make America Great Again campaign banners and other pro-Trump signage.

Sometime on Friday morning, hackers began breaking into the accounts of the moderators of dozens of subreddits, ranging from the popular channels cited above to more niche fare like r/beerporn. They used that access not only to splash the pro-Trump imagery all over the page, but in many cases posted a MAGA missive from the moderator’s account with the subject “We Stand With Donald Trump #MIGA2020.”

“We on behalf of the American people want to implore and strongly encourage you all to vote Trump in the 2020 elections of the USA of America,” read one such message, posted to the college-football-focused r/cfb. The post goes on to call the novel coronavirus a “hoax,” loosely compares Trump to Batman, and ends with a list of “Ten Things Democrats Did Wrong,” which includes “Nice people are hated by the Democrats” as a bullet point. In the case of r/cfb, the hackers also set the community to private, leaving only an emoji-strewn pro-Trump message on the landing page for those locked out.

“An investigation is underway related to a series of vandalized communities,” said a Reddit spokesperson. “It appears the source of the attacks were compromised moderator accounts. We are working to lock down those accounts and restore impacted communities.”


Hackers attempted to claim credit for the attacks on Twitter, saying, “We combined password stuffing and social engineering together to beat the teenage bitcoin cheater,” an apparent reference to alleged Twitter hack ringleader Graham Ivan Clark, who was arrested last week. Credential stuffing is when attackers use previously leaked passwords to break into accounts made by the same email address, taking advantage of the common human tendency to reuse passwords. Social engineering is a catch-all for ways to trick people into giving you information that helps break into their account or someone else’s; it’s at the heart of many so-called SIM-swap attacks that help hackers get around two-factor authentication.

Exclusive Offer.Don't miss the future. Get 1 year for $5.Subscribe Now

Claims of hacking credit on Twitter should be taken with hefty boulders of salt, but some combination of password reuse and SIM-swapping could certainly be at the heart of the Reddit hacks. Since the takeovers occurred, Reddit users have been scrambling to figure out what happened, and to protect their own accounts. A post published Friday afternoon by a Reddit community moderator warns people to look for unexpected password reset emails and encourages mods to change their passwords. A post on r/SubredditDrama includes a “Guide to unfucking your subbreddit” that initially led off with “#ENABLE TWO-FACTOR AUTHENTICATION” but was edited to say that some accounts were compromised even with two-factor in place.

There’s also the possibility, as in the case of the Twitter hacks, that attackers gained access to Reddit’s internal tools. That would help explain the huge scope of the problem and how the attackers were able to move so quickly across the platform.

At least 70 subreddits experienced issues. Many of the subreddits were restored by later in the afternoon, but some victims, including r/GreatBritishBakeOff and r/buffy, remained MAGAtized.
COURTESY OF BRIAN BARRETT VIA REDDIT
So far the fallout appears to be limited to subreddit vandalism, although presumably the hackers also had access to the affected moderators’ private messages. If password reuse was how the attackers got in, those moderators' other accounts may be vulnerable, as well.

Fortunately, the clean-up seems relatively straightforward: Once they have control of their subreddits back, moderators need only to revert the changes and delete the uploaded images to put things back to normal.

The MAGA messaging itself is less disturbing than the hackers' ability to pull off this coordinated stunt. How worrisome it is, though, depends on whether they hit individual moderators with sloppy passwords or mounted a more sophisticated assault against Reddit’s internal controls.

And while there’s no reason to believe that the two are connected, the MAGA-laced Reddit hack does come just a little over a month after more than a thousand profiles in the online multiplayer game Roblox were hacked to include the phrase "Ask your parents to vote for Trump this year!”

For now, other than a few lingering subreddits, the attack seems to be under control. We’ll update this article if and when Reddit shares more details about not just what happened, but how.

Many Reddit communities vandalized with pro-Trump content, possibly due to compromised moderator accounts
Some hugely popular subreddits were affected


By Jay Peters@jaypeters Aug 7, 2020, 
Illustration by Alex Castro / The Verge

A number of subreddits were taken over and vandalized on Friday, possibly as part of a coordinated campaign. Hackers reportedly posted messages or changed a subreddit’s design in support of President Donald Trump.

“An investigation is underway related to a series of vandalized communities,” a Reddit spokesperson said in a statement to The Verge. “It appears the source of the attacks were compromised moderator accounts. We are working to lock down those accounts and restore impacted communities.”

What r/Japan looked like when it was vandalized. Image: r/Japan

It’s unclear right now how the accounts were compromised. A post on r/subredditdrama listed dozens of subreddits that were affected, and many were quite popular, including r/CFB, r/food, r/Japan, r/nfl, r/podcasts, and r/space. It appears that subreddits are in the process of reverting back to normal, and some moderators have posted messages noting that their subreddit was compromised.

The attack on Reddit marks another moment in an increasingly worrying trend of social media accounts being hijacked. Twitter fell prey to an unprecedented hack in mid-July, resulting in some of the social network’s most notable accounts being taken over to tweet a bitcoin scam. (Three people have been charged in connection with that attack.) And some YouTube accounts have been compromised in recent days to show “live streams” that are actually bitcoin scams.

No comments: