Incident Response, TDR, Vulnerability Management

Justin Timberlake, Hilary Duff, Tila Tequila MySpace profiles compromised to impress hacker group

A person wanting to impress a hacker group broke into the popular MySpace profiles of several celebrities, including Justin Timberlake and model and MTV personality Tila Tequila, researchers said today.

The hacker, who uses the handle "Tesla," gained access late Wednesday into the profiles of Timberlake, Tequila and actress-singer Hilary Duff, and used the compromised accounts to blast out bulletins to the celebrities' tens of thousands of MySpace friends, said Chris Boyd, senior director of malware research FaceTime Security Labs.

The messages, which appeared to come from the Hollywood stars themselves, proclaimed support for a hacker group known as Kryogeniks.

One read: "Hey Tesla here. Justin Timberlake has been hacked by me. HTTP://kryogeniks[dot]org. Cheers [expletive]."

The website for Kryogeniks, a U.S.-based hacking group, was taken offline soon after, Boyd said. The site was back operating by mid-afternoon EST today.

"The whole thing seems to be really strange -- childish shout-outs to this hacking group," Boyd told SCMagazineUS.com today.

The motives for today's attacks are markedly different than a similar incident a month ago when the profile for singer Alicia Keys was compromised by malicious attackers.

In that case, visitors to Keys' profile were first targeted by an exploit that installed malware on unpatched PCs, then presented with a fake codec and told they needed to install it to view a music video.

It is likely hackers are using cross-site scripting vulnerabilities and phishing scams to perpetrate these attacks, which mostly are occurring on music pages that are heavily trafficked and contain dynamic content, Boyd said.

The administrator for Kryogeniks posted a bulletin today on one of the site's forums, denying the group had anything to do with the latest spate of MySpace attacks.

"Anyone posting anything illegal, such as phishing, will be banned instantly," he wrote. "No posting scams, or any personal information. What Tesla did has nothing to do with everyone [sic] in Kryogeniks."

Boyd said he thinks the MySpace hacker was not affiliated with the group and was instead trying to seek their approval.

"I'm sure they weren't too impressed when they woke up this morning to find [their] account suspended," he said.

A MySpace spokeswoman said the social networking site could not comment publicly on the attack. The pages were working normally as of this article's publication. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.