Posted on August 8, 2020 at 12:40 PM
In what seems to be an immense planned cyber attack against Reddit, Hackers hijacked dozens of web pages yesterday afternoon, using the access to inscribe Pro-Donald Trump imagery in solidarity with Trump’s election campaign.
The hackers plastered the imagery on subreddits with massive followings.
Reddit communities with more than a million members-including r/NFL, r/food, r/Space – were all affected as their pages were taken down and replaced by Make America Great campaign banners.
Sometime yesterday morning, the hackers started infiltrating the accounts of moderators of several subreddits, including popular channels mentioned above
They made use of their access for showing support for Trump’s campaign. Apart from splashing Trump’s imagery on the hijacked subreddit page, the hackers also posted a MAGA missive from the subreddit account of the moderator, with ths tag, “We Stand With Donald Trump #MIGA2020.
“We on behalf of the American people want to implore and strongly encourage you all to vote Trump in the 2020 elections of the USA of America,” reads one of the messages.
The post went ahead to say the COVID-19 is a “hoax,” and then goes ahead to liken Trump to Batman before concluding with a list of 10 things democrats did wrong. The hackers also defaced the r/cfb reddit community and set it as private. They also left a Pro-Trump message using an emoji on the landpage for the locked out sections.
Reddit said there is ongoing investigation
According to Reddit’s spokesperson, an investigation on a series of hijacked Reddit communities is currently going on. The spokeperson pointed out that the attack source appears to be from infiltrated moderator accounts. Reddit is working to close those accounts and restore affected communities.
Some hackers even tried to claim they are responsible for the attack on twitter. The group of hackers said they combined social engineering and password stuffing together to beat the teenage Bitcoin cheater. The Bitcoin cheater here is referring to Graham Ivan Clark, an alleged twitter hack ringleader, who was apprehended last week.
When a hacker or attacker utilizes formerly leaked account details and passwords to infiltrate accounts opened using the same email address, it is termed credential stuffing. The attackers usually take advantage of human’s tendency of reusing passwords in other sites or applications. For this, security researchers and experts have always advised users not to use one password to manage different account. That’s because if one account is compromised, attackers can use the details to infiltrate other accounts sharing the same password.
For social engineering, the attacks use various ways to trick people into giving them details that will help them infiltrate the user’s account. So many SIM-swap attacks use one form of social engineering or the other. It’s the method they use to get around two-factor authentication and get into their accounts.
Although there have been claims of hacking credit on Twitter, but the Reddit hacks could be the combination of SIM-swapping and password reuse. Since the takeover incident on Reddit, users of the social media site has been trying to protect their accounts as they scramble to figure out what actually happened.
A Reddit community moderator published a post yesterday afternoon warning people against unsolicited password reset emails. The post also adviced other moderators to change their passwords as soon as possible.
Attackers may be infiltrated Reddit’s internal tools
Based on recent information, the hackers could have gained access into the internal tools of the social networking site. This possibility could help to explain the depth of the problem and how the attacker was able to navigate swiftly across the Reddit platform.
Yesterday, about 70 subreddits had issues. But most of the subreddits were reinstated later the same day. However, few victims like r/buffy and r/GreatBritishBakeOff are still MAGAtized.
As it stands, the fallout seems to have affected only sebreddit, although the attackers could have had access to the private messages of the moderators. That means other accounts could be vulnerable too. But the repair and cleanup process appears to be smooth, with Reddit promising to fix everything soon.