14 DAY TRIAL // A 28-year-old man from Maryland, US, has pleaded guilty to hijacking YouTube accounts in an effort to make a profit via the video sharing site’s ad service. He has also admitted hacking the email account of AOL’s CEO.
According to the Washington Post, Matthew A. Buchanan made almost $56,000 (€41,000) by abusing hijacked YouTube accounts.
Buchanan’s accomplice, John T. Hoang Jr., wrote a piece of software designed to scan YouTube for popular channels that weren’t using Google’s Adsense service to make money through advertisements.
They’re said to have identified 200,000 Google accounts, some of which they hacked by abusing the password reset process. Court documents show that the suspects exploited a flaw in the process to obtain the victim’s email address.
Then, they used special software for cracking passwords, or guessed the answers to the security questions in order to hijack the accounts.
Another clever method utilized by the cybercriminals included registering email accounts such as [email protected]. When registering accounts, many users will enter such email addresses as secondary addresses because they think they don’t exist, and they don’t want to go through the trouble of registering a secondary email.
However, some of these apparently non-existent addresses do exist, and some of them were controlled by Buchanan and Hoang. The men used these accounts to have temporary passwords sent to them. The scheme lasted between June 2012 and September 2013.
As far as the AOL hacking is concerned, Buchanan admitted breaching the accounts of several employees, including the company’s CEO, by exploiting a vulnerability in the email service. He said he did it as part of a hobby that involved looking for security issues on the Internet.
Buchanan will be sentenced on March 28, 2014. He faces five years in prison for his crimes.