In what appears to be a massive coordinated strike against Reddit, hackers took over dozens of pages on Friday afternoon, using their access to plaster pro-Donald Trump images on subreddits with enormous imitation.
Just over three weeks after hackers accessed high-profile Twitter accounts to tweet a bitcoin scam, the wave of Reddit compromises has a similar reach in mind. Reddit communities with well over a million members – including r / space, r / food, and r / NFL – were all evacuated with Make America Great Again campaign banners and other pro-Trump signs.
Once on Friday morning, hackers started breaking into the accounts of the moderators of dozens of subreddits, ranging from the popular channels mentioned above, to more niche rates like r / beerporn. They used this access not only to splash the pro-Trump images across the entire page, but in many cases posted a MAGA missive from the moderator’s account with the subject “We Stand With Donald Trump # MIGA2020.”
“We, on behalf of the American people, want to encourage and strongly encourage all of you to vote for Trump in the 2020 United States US elections,” reads one such message, posted to the College of Football. straight r / cfb. The post goes on to call the novel coronavirus a ‘hoax’, compares Trump loosely to Batman, and ends with a list of ‘Ten Things Democrats Did Wrong’, which includes ‘Nice people are hated by the Democrats’ as a bullet point. In the case of r / cfb, the hackers also set the community up for private, leaving only an emoji-strewn pro-Trump message on the landing page for those who are excluded.
“An investigation is under way into a series of vandalized communities,” a Reddit spokesman said. “It seems that the source of the attacks were compromised moderator accounts. We are working to rewrite these accounts and restore affected communities. ”
Hackers sought credit for the attacks on Twitter, saying, “We combined password filling and social technology together to defeat the teen cheats,” an apparent reference to astonished Twitter hack ringleader Graham Ivan Clark, who was arrested last week . Credential stuffing is when attackers use previously leaked passwords to break into accounts created by the same email address, and take advantage of the common human tendency to use passwords. Social technology is a summary of ways to trick people into giving you information that helps break into their account as of someone else; it is the heart of many so-called SIM swap attacks that help hackers gain two-factor authentication.
Claims of hacking credit on Twitter should be taken with hefty boulders or salt, but some combination of reuse and SIM swapping could certainly be the heart of Reddit hacks. Since the takeovers, Reddit users have been scrambling to find out what happened, and to protect their own accounts. A post published Friday afternoon by a Reddit community moderator warns people to search for unexpected password reset emails and encourages mods to change their passwords. A post on r / SubredditDrama includes a “Manual to delete your subbreddit” which initially started with “#ENABLE TWO-FACTOR AUTHENTICATION”, but was edited to say that some accounts were compromised even with two- factor in place.
There is also the possibility, as in the case of Twitter hacks, that attackers will gain access to Reddit’s internal tool. That would help explain the enormous extent of the problem and how the attackers were able to move across the platform so quickly.
At least 70 subreddits experienced problems. Many of the subreddits were restored later in the afternoon, but some victims, including r / GreatBritishBakeOff and r / buffy, remained MAGAtized.
.
