Hacker used 'happiness' to access Twitter accounts

The newly notorious Twitter hacker didn't take long to show himself. An 18-year-old cyberpunk who goes by the alias GMZ used password-guessing software to gain entry to a Twitter administrator's account, he told Wired yesterday.

Once inside, he was able to gain access to any Twitter account through the administrative tools, which allowed him to leave mischievous notes under the guise of such noteworthy figures as Barack Obama and Fox News.

What was the secret key for unlocking this seemingly infinite power? Happiness.

The hack victim, a Twitter staffer who goes by the name Crystal on the social network, used that nine-letter word as the password for her account, ignoring just about every rule of smart password choices (for examples, experts suggest avoiding words in the dictionary, varying the letter case and using symbols).

Wired writes:

The intrusion began unfolding Sunday night,  when GMZ randomly targeted the Twitter account belonging to a woman identified as "Crystal." He found Crystal only because her name had popped up repeatedly as a follower on a number of Twitter feeds. "I thought she was just a really popular member," he said.

Using a tool he authored himself, he launched a dictionary attack against the account, automatically trying English words. He let the program run overnight, and when he checked the results Monday morning at around 11:00 a.m. Eastern Time, he found he was in Crystal's account.

The good news is that "happiness" isn't among the 500 worst passwords of all time, as listed in Mark Burnett's 2005 book "Perfect Passwords: Selection, Protection, Authentication." But "happy" is on the list, ranking 349th.

You know, I think I'll change my e-mail password -- as it turns out, "123456" isn't the technological equivalent of Ft. Knox after all.

-- Mark Milian

Photo: Huffington Post Twitter account hacked. Credit: Mat Honan via Flickr