The Signpost

From the archives

Compromised admin accounts – again

Contribute   —  
Share this
By Kudpung
Four recent desysoppings (two of which were restored) – see News and notes – remind us that strong and uniquely used passwords are required, especially for admins. The article reprinted here from The Signpost from 2007 shows that although first published 10 years ago, hijackings of admin accounts are still a reality and that all users still need to be vigilant and report anything unusual. The author, Thatcher, is an admin and has not significantly edited since 2010.

Editor's note: Admins KnowledgeOfSelf, AndyZ, and Conscious were later desysopped for lack of activity; user BuickCenturyDriver was first blocked in 2012 for sockpuppetry and the extensive SPI is still ongoing as of 2018.

Administrator status restored to five accounts after emergency desysopping

Admin key rings get lost

Last week the Signpost reported that four administrator accounts which had used weak or insecure passwords were indefinitely blocked and desysopped after they were hijacked by an unknown person who cracked the password.

This week, a fifth administrator account was temporarily hijacked by the same vandal, although it was restored to the user's control a few hours later. All four of the original administrator accounts have been unblocked and resysopped. Mangojuice has proposed a method by which editors may place encrypted identifying information about themselves on their user pages, so they can easily confirm their identity in case of future password attacks (see related story).

KnowledgeOfSelf

On Tuesday, May 8, KnowledgeOfSelf (talk · contribs · blocks · protections · deletions · page moves · rights · RfA) reported (via an alternate account ActWonActToo) that he had been logged out of his account and his password and e-mail address had been changed. Commenters on the Administrators' noticeboard were initially split on whether to accept the claim, but when KnowledgeOfSelf uploaded an obscene image with a deceptive name, the account was immediately blocked and desysopped. Checkuser confirmed that ActwonActToo was KnowledgeOfSelf, and that the account had been hijacked by the same user who was responsible for hijacking four other administrator accounts the day before. KnowledgeOfSelf stated that he had used a strong password [1] [2], so the method of hijacking remains unknown. KnowledgeOfSelf was able to identify himself to Brion VIBBER, who reset the account password to enable KnowledgeOfSelf to retake control about 5 hours later. Bureaucrat Raul654 restored his administrator privileges.

AndyZ

AndyZ (talk · contribs · deleted contribs · logs · filter log · block user · block log) was blocked and desysopped on Monday, May 7, after his password was compromised and his account used for vandalism. AndyZ was unblocked on Tuesday, after establishing his identity to Mark. His administrator rights were restored on Wednesday.

Jiang

Jiang (talk · contribs · deleted contribs · logs · filter log · block user · block log), who was also blocked and desysopped Monday morning, was unblocked Monday evening, May 7 and resysopped Thursday evening, May 10.

Marine 69-71

Marine 69-71 (talk · contribs · deleted contribs · logs · filter log · block user · block log) was unblocked and resysopped on Monday, May 7, a few hours after the hijacking.

Conscious

Conscious (talk · contribs · deleted contribs · logs · filter log · block user · block log) was unblocked and resysopped Thursday after checkuser confirmed that he was still in control of his account.

BuickCenturyDriver

Finally, the indefinite block on BuickCenturyDriver (talk · contribs · deleted contribs · logs · filter log · block user · block log) was lifted three days after the incident, based on an apology and on checkuser evidence that he was responsible for blocking Ryulong from AndyZ's account but was not the culprit behind the attack.

See also

S
In this issue
+ Add a comment

Discuss this story

These comments are automatically transcluded from this article's talk page. To follow comments, add the page to your watchlist. If your comment has not appeared here, you can try purging the cache.



       

The Signpost · written by many · served by Sinepost V0.9 · 🄯 CC-BY-SA 4.0