Forum

This is why I never use my telephone number as a password. All that does is make your account more vulnerable to hacking.

In any case, I'm ecstatic that ANN is still in one piece. Smile

One of the good things about Japanese cellphones is getting a number transferred to a new sim card is not trivial, and requires forging a form of Japanese identification like a driver's license or passport identical to the users.
Also the company that handles the number transferring approvals is a 3rd party partially funded by the government, and takes a number of days before any number can be transferred.

It's inconvenient for consumers but it does make this kind of social engineering much more difficult than in the US... I suspect that eventually the government will step in and add in some more safeguards to this kind of thing.

Just gonna note that this technically wasn't a hack then. I'm most surprised that the CSR gave him/her access without proof of identification. And if he/she had proof, that's pretty scary. Either way, you should really push to find out WHY they gave them access. But it wasn't a "Hack". Access was literally handed to them.

Will you expose the hacker?

angelmcazares wrote:

Thanks for explaining what happened. I hope you are able to recover the domain. What happened to ANN sucks, but I am glad the content and communication were mostly uninterrupted. And Christopher, you should sue your phone carrier and demand from them the money this whole affair is going to cost ANN.

Took the words right out of my mouth.

I'm so sorry this happened and I'm relieved it hasn't caused more harm. ANN is by bar my favorite anime news site and the community built around it is wonderful. You guys have done so much.

I'm sorry that all of this happened. It really sucks. But, it's great that you were able to get your stolen accounts back, and that you'll be able to get your domain back as well. This .cc replica website is really handy. Is it the result of lessons learned from a previous hack?

I'm not very well-informed about these things, so this may sound like a dumb question, but what would a hacker gain by stealing domains, especially for a relatively small and obscure operation like ANN? It seems particularly odd to me since they didn't steal user information, though I guess that could be because they were headed off quickly enough by ANN's recovery efforts.

SejinPK wrote:

I'm not very well-informed about these things, so this may sound like a dumb question, but what would a hacker gain by stealing domains, especially for a relatively small and obscure operation like ANN? It seems particularly odd to me since they didn't steal user information, though I guess that could be because they were headed off quickly enough by ANN's recovery efforts.

Someone with way too much time on their hands who had something against ANN and wanted to cause trouble. They did nothing with the domain other then play some vulgar Soundcloud song on the main page.

Why was Zac's Twitter suspended? Does that have something to do with this?

Last edited by Calico on Fri Aug 11, 2017 7:38 pm; edited 1 time in total

Joe Carpenter wrote:

Why was Zac's Twitter suspended? Does that have something to do with this?

The hacker got into his account and tweeted violent threats of some kind on it so it would be suspended. Zac talked about it in the previous thread.

Though it's good to know exactly how all this happened now. I'm glad that no passwords/user information was compromised by the hack.

Joe Carpenter wrote:

Why was Zac's Twitter suspended? Does that have something to do with this?

He explained in a post in a different thread that the hacker was using it to make threatening statements, and by standard policy Twitter suspends any accounts used that way.

At least the cause was identified! From an operational perspective, the consequences were mitigated swiftly without any obvious detriment to the current convention coverage.

Hard to believe that this whole fiasco happened because of one CSR. Just goes to show that you can't find good help nowadays. Rolling Eyes

Kougeru wrote:

Just gonna note that this technically wasn't a hack then. I'm most surprised that the CSR gave him/her access without proof of identification. And if he/she had proof, that's pretty scary. Either way, you should really push to find out WHY they gave them access. But it wasn't a "Hack". Access was literally handed to them.

Contrary to popular belief, social engineering is as much as a hack as any other.

Zimmer wrote:

Kougeru wrote:

Just gonna note that this technically wasn't a hack then. I'm most surprised that the CSR gave him/her access without proof of identification. And if he/she had proof, that's pretty scary. Either way, you should really push to find out WHY they gave them access. But it wasn't a "Hack". Access was literally handed to them.

Contrary to popular belief, social engineering is as much as a hack as any other.

Maybe social settings, but not with those that actually work in IT (such as myself). The overuse of the word "hack" is one of my personal pet peeves. This really shouldn't be considered a "hack". As the other guy said, this was a security failure on the CSR's part that lead to information being freely given to them. This didn't require any coding or brute force methods of password entry. With that bad of a customer service representative, anyone who knows how website domain registry works could have done this.

Kougeru wrote:

Just gonna note that this technically wasn't a hack then. I'm most surprised that the CSR gave him/her access without proof of identification. And if he/she had proof, that's pretty scary. Either way, you should really push to find out WHY they gave them access. But it wasn't a "Hack". Access was literally handed to them.

Zimmer wrote:

Contrary to popular belief, social engineering is as much as a hack as any other.

Personally, I agree with Zimmer. However I know many people wouldn't consider this a proper "hacking," which is why I initially put "hacked" in quotation marks in the TL;DR section, but during the editing process TL;DR was moved to the bottom (I still think it should be up top). I'll add quotes somewhere else.

TL;DR: I have no interest in debating people's definition of "hacking."

Forum - View topic
How ANN Was Hacked

Hookah Haze Game Review

The Fall 2024 Anime Trailer Watch Party Returns with Mother's Basement!

This Life-Size Ainz Ooal Gown Statue is Only One of the Cool Things at the Overlord Exhibition in Tokyo

Kyoto Animation Produces Anime of Keiichi Arawi's CITY Manga

Kyoto Animation Reveals Miss Kobayashi's Dragon Maid: A Lonely Dragon Wants to be Loved Film for 2025

The ANN Aftershow - The New Madoka Anime is Really Happening!

Overlord: The Sacred Kingdom Anime Film Review

This Week in Games - Nintendo Lays Down the Law

Reynatis Game Review

Shangri-La Frontier Cheat Codes: How Its Creators Built Its Video Game World

Your Anime Rankings - Best of Summer 2024, Sep 9-15

Hayao Miyazaki and the Heron Documentary Review

This Week in Anime - Anime Pirates Off the Port Bow

DATE A LIVE: Ren Dystopia Game Review

Creating a Game Space Where Anyone Can Gather: Hidetaka 'Swery' Suehiro on VR

Forum - View topicHow ANN Was Hacked

Forum

Forum - View topic
How ANN Was Hacked