Around 9pm EST on Monday the Twitter account of pop singer Lady Gaga, @ladygaga was cracked in to and a series of messages added to her tweet stream. This is the second high profile Twitter account to be cracked in the last few days, on Friday the account of pop singer Britney Spears, @BritneySpears, started professing sympathy for the devil. The Lady Gaga one is interesting though, because like an homage to old school cracks of the past, the attackers appear to have left their name. Further these are two high profile accounts broken into after Twitter has implemented at least three major changes to their web site’s authentication process.


Around 9pm users who follow @ladygaga started to get the following messages:

• <3 <3 <3 @T3ETH NXT TIME REALNESS PIC A BETTER PASSWORD!!!! PVNKS UNITE!!!
• <3 LADY GAGA – NO HATE INTENDED!!!! CAN’T WAIT 4 THE MONSTER BALL!!!!
• …butt LADY GAGA RULEZ THE WORLD!!!!! Warhol are you listening?!!
• I swear my dick is not as big as T33TH’S!!!! POPWRLDSUCKZ!!! PUNX UNITE!!!! <3
• GAGA PEECE FOR LYFE!!!
• Hay my babies!!! LOVE GAGA??? LOVE T33TH!!! http://www.myspace.com/teethdance

In this case it appears the cracker signed his or her or their work, referencing the Twitter account @t3eth and the MySpace fan page: teethdance.

The defacers appear to be members of the band Teeth: Ximon Tayki, Simon Whybray and Veronica So from the Dalston district in London, UK. This assumption is drawn on the fact that a link to their MySpace page was provided in one of the first tweets and they seem to reference the defacement in their tweets responding to other Twitter users either congratulating them or giving them a hard time. All of this is circumstantial evidence, but the Twitter account is well established and has similar branding as the MySpace page. But of course someone could have done all this and just pointed back to the band.

Anonymous?

The lone offensive tweet references the Internet hoax that suggested Lady Gaga was a hermaphrodite, perpetuated initially by the Youtube video below and a fake quote:

It’s not something that I’m ashamed of, just isn’t something that I go around telling everyone. Yes. I 
have both male and female genitalia, but I consider myself a female. It’s just a little bit of a penis 
and really doesn’t interfere much with my life. The reason I haven’t talked about it is that it’s not a 
big deal to me. Like come on. It’s not like we all go around talking about our vags. I think this is
a great opportunity to make other multiple gendered people feel more comfortable with their bodies. 
I’m sexy, I’m hot. I have both a poon and a peener. Big f*cking deal. 
- Attributed to Lady Gaga

I only bother including the video, because it contains a reference to another famous Internet group: Anonymous. No conspiracy, its just amusing to see Guy Fawke in the beginning of the video hanging out with the Lady Gaga crowd.

Anonymous is that loose affiliation of Internet denizens known for various hoaxes, blaming things on ripoff site eBaum’sWorld, and probably most famously Project Chanology a protest against the Church of Scientology. The members are also known for wearing Guy Fawkes masks:

Britney

On Friday, Britney Spears appeared to be letting us in on a previously unknown penchant for devil worship:

As an aside, the Britney Spears Twitter account @BritneySpears like the @ladygaga account is listed by Twitter as a Verified Account a service offered by Twitter for certain accounts of famous persons (politicians, actors/actresses, singers, athletes) that are at a high risk of impersonation on the micro-blogging service. This service was brought about in part because of a well publicized law suite by baseball manager Tony LaRussa, who went after Twitter for an account on their service that was pretending to be him.

Why is this News?

Celebrities having their Twitter accounts cracked doesn’t seem like a new problem, and indeed Britney did report herself dead via Twitter back on June 28th. But there is a difference, and that is that many of the openings for easily brute forcing the Twitter password via the web site have closed. Note I said easily, don’t spam the comments with speculation on how the account was compromised (unless its high quality speculation), we know quite well that Twitter is still far from security nirvana.

Twitter has been slowly closing loop holes in their authentication process over the course of this year. Back in September we pointed out the reCAPTCHA implementation on login that shows up when you enter too many bad authentication attempts, a key difference in the process from when the rash of prominent account break-ins occurred earlier in the year (including the notable crack of a Twitter admin’s account). Twitter has more recently started to lock out accounts for an hour when they provide too many bad passwords (a lousy idea from a security perspective, but we’ll get into that some other time).

In Breaking Twitter we showed how Twitter rate limits were not enforced as advertised in their API documentation, allowing brute force of passwords via the API. Well that hole has somewhat closed (we’ll touch on that in a future post as well).

Now in the Lady Gaga case, Teeth seems to be admitting that they successfully guessed the password, so fair enough for that one. What about the Britney case? Because what was once a very obvious avenue of attack (point password brute forcing tool and click) has become a little less obvious. Maybe its someone in her entourage, or Kevin Federline?

PoPo Zao.

Update

• Lady Gaga had this to say today: “Seems as though my twitter was hacked yesterday. I could be angry, except I secretly love how psychotically smart my fans are.”
• It looks like Lady Gaga’s password was: JustDance1. Explains why it was easy to guess, that’s the title of one of her initial hit songs. Hopefully she doesn’t fall into the category of using the same password on every web site.

References

• Gnash Your Teeth
• Lady Gaga’s Twitter hacked?

Related Posts:

• James Lipton says “Don’t tweet your junk”
• “Hi. This you?? LOL” Twitter Attack Snares Kevin Mitnick
• Facebook’s Faith: A New Scareware Attack
• Breaking Twitter (authentication)
• ROFL this you on here? The latest Twitter Worm