×
  • remind me tomorrow
  • remind me next week
  • never remind me
Subscribe to the ANN Newsletter • Wake up every Sunday to a curated list of ANN's most interesting posts of the week. read more

Forum - View topic
How ANN Was Hacked


Goto page Previous  1, 2, 3, 4, 5  Next

Note: this is the discussion thread for this article

Anime News Network Forum Index -> Site-related -> Talkback
View previous topic :: View next topic  
Author Message
Mr. Oshawott



Joined: 12 Mar 2012
Posts: 6773
PostPosted: Fri Aug 11, 2017 5:59 pm Reply with quote
This is why I never use my telephone number as a password. All that does is make your account more vulnerable to hacking.

In any case, I'm ecstatic that ANN is still in one piece. Smile
Back to top
View user's profile Send private message Visit poster's website
QuarkboySam



Joined: 26 Sep 2005
Posts: 18
PostPosted: Fri Aug 11, 2017 6:06 pm Reply with quote
One of the good things about Japanese cellphones is getting a number transferred to a new sim card is not trivial, and requires forging a form of Japanese identification like a driver's license or passport identical to the users.
Also the company that handles the number transferring approvals is a 3rd party partially funded by the government, and takes a number of days before any number can be transferred.

It's inconvenient for consumers but it does make this kind of social engineering much more difficult than in the US... I suspect that eventually the government will step in and add in some more safeguards to this kind of thing.
Back to top
View user's profile Send private message
Kougeru



Joined: 13 May 2008
Posts: 5577
PostPosted: Fri Aug 11, 2017 6:08 pm Reply with quote
Just gonna note that this technically wasn't a hack then. I'm most surprised that the CSR gave him/her access without proof of identification. And if he/she had proof, that's pretty scary. Either way, you should really push to find out WHY they gave them access. But it wasn't a "Hack". Access was literally handed to them.
Back to top
View user's profile Send private message AIM Address My Anime My Manga
luffypirate



Joined: 06 Oct 2006
Posts: 3187
PostPosted: Fri Aug 11, 2017 6:28 pm Reply with quote
Will you expose the hacker?
Back to top
View user's profile Send private message
Ashen Phoenix



Joined: 21 Jun 2006
Posts: 2940
PostPosted: Fri Aug 11, 2017 6:32 pm Reply with quote
angelmcazares wrote:
Thanks for explaining what happened. I hope you are able to recover the domain. What happened to ANN sucks, but I am glad the content and communication were mostly uninterrupted. And Christopher, you should sue your phone carrier and demand from them the money this whole affair is going to cost ANN.

Took the words right out of my mouth.

I'm so sorry this happened and I'm relieved it hasn't caused more harm. ANN is by bar my favorite anime news site and the community built around it is wonderful. You guys have done so much.
Back to top
View user's profile Send private message My Anime My Manga
SejinPK



Joined: 22 Dec 2013
Posts: 129
PostPosted: Fri Aug 11, 2017 6:54 pm Reply with quote
I'm sorry that all of this happened. It really sucks. But, it's great that you were able to get your stolen accounts back, and that you'll be able to get your domain back as well. This .cc replica website is really handy. Is it the result of lessons learned from a previous hack?

I'm not very well-informed about these things, so this may sound like a dumb question, but what would a hacker gain by stealing domains, especially for a relatively small and obscure operation like ANN? It seems particularly odd to me since they didn't steal user information, though I guess that could be because they were headed off quickly enough by ANN's recovery efforts.
Back to top
View user's profile Send private message
CatSword



Joined: 01 Jul 2014
Posts: 1489
PostPosted: Fri Aug 11, 2017 7:09 pm Reply with quote
SejinPK wrote:
I'm not very well-informed about these things, so this may sound like a dumb question, but what would a hacker gain by stealing domains, especially for a relatively small and obscure operation like ANN? It seems particularly odd to me since they didn't steal user information, though I guess that could be because they were headed off quickly enough by ANN's recovery efforts.


Someone with way too much time on their hands who had something against ANN and wanted to cause trouble. They did nothing with the domain other then play some vulgar Soundcloud song on the main page.
Back to top
View user's profile Send private message Visit poster's website My Anime My Manga
Joe Carpenter



Joined: 29 Oct 2011
Posts: 503
PostPosted: Fri Aug 11, 2017 7:21 pm Reply with quote
Why was Zac's Twitter suspended? Does that have something to do with this?
Back to top
View user's profile Send private message
Calico



Joined: 05 Jan 2013
Posts: 383
PostPosted: Fri Aug 11, 2017 7:35 pm Reply with quote
Joe Carpenter wrote:
Why was Zac's Twitter suspended? Does that have something to do with this?


The hacker got into his account and tweeted violent threats of some kind on it so it would be suspended. Zac talked about it in the previous thread.

Though it's good to know exactly how all this happened now. I'm glad that no passwords/user information was compromised by the hack.


Last edited by Calico on Fri Aug 11, 2017 7:38 pm; edited 1 time in total
Back to top
View user's profile Send private message
Key
Moderator


Joined: 03 Nov 2003
Posts: 18436
Location: Indianapolis, IN (formerly Mimiho Valley)
PostPosted: Fri Aug 11, 2017 7:37 pm Reply with quote
Joe Carpenter wrote:
Why was Zac's Twitter suspended? Does that have something to do with this?

He explained in a post in a different thread that the hacker was using it to make threatening statements, and by standard policy Twitter suspends any accounts used that way.
Back to top
View user's profile Send private message Send e-mail Visit poster's website My Anime My Manga
Zin5ki



Joined: 06 Jan 2008
Posts: 6680
Location: London, UK
PostPosted: Fri Aug 11, 2017 7:41 pm Reply with quote
At least the cause was identified! From an operational perspective, the consequences were mitigated swiftly without any obvious detriment to the current convention coverage.
Back to top
View user's profile Send private message Send e-mail Visit poster's website My Anime My Manga
AnimeLordLuis



Joined: 27 Jan 2015
Posts: 1626
Location: The Borderlands of Pandora
PostPosted: Fri Aug 11, 2017 8:34 pm Reply with quote
Hard to believe that this whole fiasco happened because of one CSR. Just goes to show that you can't find good help nowadays. Rolling Eyes
Back to top
View user's profile Send private message
Zimmer



Joined: 08 Jul 2015
Posts: 199
PostPosted: Fri Aug 11, 2017 9:15 pm Reply with quote
Kougeru wrote:
Just gonna note that this technically wasn't a hack then. I'm most surprised that the CSR gave him/her access without proof of identification. And if he/she had proof, that's pretty scary. Either way, you should really push to find out WHY they gave them access. But it wasn't a "Hack". Access was literally handed to them.
Contrary to popular belief, social engineering is as much as a hack as any other.
Back to top
View user's profile Send private message
Razor/Edge



Joined: 05 Jun 2015
Posts: 607
PostPosted: Fri Aug 11, 2017 9:25 pm Reply with quote
Zimmer wrote:
Kougeru wrote:
Just gonna note that this technically wasn't a hack then. I'm most surprised that the CSR gave him/her access without proof of identification. And if he/she had proof, that's pretty scary. Either way, you should really push to find out WHY they gave them access. But it wasn't a "Hack". Access was literally handed to them.
Contrary to popular belief, social engineering is as much as a hack as any other.

Maybe social settings, but not with those that actually work in IT (such as myself). The overuse of the word "hack" is one of my personal pet peeves. This really shouldn't be considered a "hack". As the other guy said, this was a security failure on the CSR's part that lead to information being freely given to them. This didn't require any coding or brute force methods of password entry. With that bad of a customer service representative, anyone who knows how website domain registry works could have done this.
Back to top
View user's profile Send private message
Tempest
I Run this place.
ANN Publisher


Joined: 29 Dec 2001
Posts: 10455
Location: Do not message me for support.
PostPosted: Fri Aug 11, 2017 9:36 pm Reply with quote
Kougeru wrote:
Just gonna note that this technically wasn't a hack then. I'm most surprised that the CSR gave him/her access without proof of identification. And if he/she had proof, that's pretty scary. Either way, you should really push to find out WHY they gave them access. But it wasn't a "Hack". Access was literally handed to them.
Zimmer wrote:
Contrary to popular belief, social engineering is as much as a hack as any other.


Personally, I agree with Zimmer. However I know many people wouldn't consider this a proper "hacking," which is why I initially put "hacked" in quotation marks in the TL;DR section, but during the editing process TL;DR was moved to the bottom (I still think it should be up top). I'll add quotes somewhere else.

TL;DR: I have no interest in debating people's definition of "hacking."
Back to top
View user's profile Send private message Send e-mail My Anime My Manga
Display posts from previous:   
Reply to topic    Anime News Network Forum Index -> Site-related -> Talkback All times are GMT - 5 Hours
Goto page Previous  1, 2, 3, 4, 5  Next
Page 2 of 5

 


Powered by phpBB © 2001, 2005 phpBB Group