The past year saw a couple of the largest database leaks in history, leaks that spilled out sensitive info from hundreds of millions of accounts – and since most internet users use one password for multiple accounts, this obviously leads to trouble. Especially when the victims are politicians.
Take Mark Zuckerberg, whose Twitter and Pinterest accounts were taken over past June by hacking group OurMine, probably because his password was among the 160 million leaked LinkedIn accounts. Or Twitter co-founder Biz Stone, who had his Twitter account taken over the month before by the same group. Or Minecraft-creator Markus Persson, or Kylie Jenner, who suffered the same fate.
Now that’s one thing for celebrities, but it becomes a different beast when politicians are involved. If gaining access to an account is as easy as searching for an account in leaked databases (and sometimes breaking a weak hash), it’s not only easy for Twitter vandals to log in, but also for more malicious state actors – spy agencies and the likes.
That’s why a couple of Dutch journalists from local news channel RTL Nieuws decided to take matters in their own hands and demonstrate how easy it can be to access accounts of high level politicians. Journalists Daniël Verlaan and Siebe Sietsma found account data of two local politicians in leaked databases, broke the encryption on the passwords and proceeded to tweet from the politicians’ Twitter accounts.
The journalists left a cheeky message that translates to: “This account is leaky and thus vulnerable to hackers. Signed, @danielverlaan and @siebesietsma of @rtlnieuws,” along with link to the page where they broke the news. RTL Nieuws claims the journalists also gained access to social media accounts of other as of yet unnamed politicians.
Kees van der Staaij, one of the hacked politicians whose access to state secrets makes him a possible target for hacks, has not responded as of yet, as he’s currently on a plane.
In principle, what the journalists did is illegal in The Netherlands and could be punished with a year of jail time. But in this case, RTL will argue it was done as an act of journalism and no harm was done. According to the news channel they hacked the accounts because this is “an important and current issue.”
Although their method might seem a tad irresponsible and a bit sensationalistic, I do applaud the pro-active assertiveness of the journalists. State agents, or anyone else who gains access, can use that access to listen in on private conversations, or disseminating lies or viruses to others. It’s important to show that there are serious weaknesses in the online security of people who run a country – if only to avoid another ‘golden shower’ scandal.
Via: The Next Web