Feeds

Russian PM's Twitter hacked to slap down Putin, post fake resignation

Mischief-makers also 'ban electricity'

Top 5 reasons to deploy VMware with Tegile

The Twitter feed of the Russian prime minister was hacked on Thursday to post false claims that Dmitry Medvedev had resigned to try his hand as a freelance photographer.

The Russian-language profile, which boasts more than 2.5 million followers, was also updated with messages criticising Russia's president, Vladimir Putin.

Another tweet from the compromised @MedvedevRussia account proposed "banning electricity", the BBC reports.

Shaltay-Boltay, a Russian hacking collective, claimed responsibility for the twitjacking – which appears to have been motivated by a mixture mischief and protest against recent internet restrictions introduced by Russian lawmakers.

"I resign. I am ashamed of the government's actions. I'm sorry," the hijackers said.

Medvedev's office quickly confirmed his account had been hacked and the messages were bogus, Reuters reports.

RT adds that Medvedev's account was hacked at approximately 10:20am Moscow time (07:20 BST). "The hacker produced a flurry of tweets over the 40 minutes he or she was in control," RT reports.

The offending posts were quickly deleted from the seized @MedvedevRussia account, a check by El Reg confirmed.

There's nothing to suggest the hack has anything to do the ongoing conflict in eastern Ukraine.

The BBC adds that the Russian government blocked Shaltay-Boltay's (Russian for Humpty Dumpty) internet blog last month. A site run by the apparently Anonymous-affiliated group, b0ltai.org, is up and running and available to those outside Russia.

Medvedev's English-language Twitter account (@MedvedevRussiaE, 790k followers) was not seized by the attack which, judging by previous similar attacks against celebrities, was probably enabled by weak password security practices by the Russian politician's back room team. Both @MedvedevRussia and @MedvedevRussiaE are verified accounts, but that's a process that only shuts out imposters rather than doing anything one way or another about account hijacking or hacking. Technologies such as two-factor authentication can guard against hijacking, but even they are not foolproof.

Hackers at Shaltay-Boltay also claimed the group had infiltrated several email accounts (Gmail, Timakova and mail.ru) and three iPhones of the Russian prime minister and former president. No solid evidence for the claims was put forward, although they have to be regarded as suspect given reports that Russia is ditching US Apple Corp. kit for government business.

The hackers did post photos and other content from the Medvedev's supposedly pwned Gmail on their site, along with a disclaimer that "all of the above (including the mail file) is a fiction. Any resemblance to real people or events is coincidental."

What the hackers "fictionally claim" to have found is – according to their account – pretty dull. "In general, it's pretty boring and quiet," they write, according to a translation by Google. "The impression is that Dmitry is allowed only to edit some of his speeches and photograph the sights in the places where he appears."

The hackers claimed they'd used the Gmail account supposedly run by Medvedev in an unsuccessful attempt to import a Casio digital watch through Amazon, and said that had been refunded on 1 April. The refund was due to the fact that the shipping address was undeliverable.

We can't help Shaltay-Boltay over-egged the pudding with this highly implausible claim.

Medvedev has had problems with security on the interwebs before. The prime minister denounced online vandals who launched an attack against the site that hosts his LiveJournal blog site back in April 2011, during the time Putin's political number two was president keeping the presidential seat warm for the Kremlin hard man. ®

Internet Security Threat Report 2014

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
BitTorrent's peer-to-peer chat app Bleep goes live as public alpha
A good day for privacy as invisble.im also reveals its approach to untraceable chats
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.