- The Washington Times - Monday, December 13, 2010

Gawker Media, the cluster of news blogsites that helped define the emergent era of Internet news, has become the victim of an even more cutting edge Web phenomenon — it was hacked over the weekend, and the passwords of its staff and users and the private communications of its editors were posted online.

“We’re deeply sorry for and embarrassed about this breach of security — and of trust,” the company said on its website, adding that although user passwords were stored in encrypted form “simple ones may be vulnerable” to being decrypted.

“You should change your Gawker password and on any other sites on which you’ve used the same password,” the company said.

As many as a third of Internet users employ the same password for every site where they have an account, according to a survey last year by Sophos Security, so security specialists expect the effects of the hack — which Monday spread to social networking site Twitter — to ripple out over coming days.

“Previous attacks against the target were mocked, so we came along and raised the bar a little,” wrote the hackers, who called themselves Gnosis and used the slogan “Where is your God now?”

Sunday night, Gnosis posted a text file containing more than 200,000 decrypted e-mail addresses and passwords of Gawker registered users, including many from .gov and .mil domains. The hackers said they had downloaded details of about 1.3 million users, but only decrypted about 200,000 of those. “If you want the rest of them cracking, do it your [expletive] self!” they urged.

The hackers also posted transcripts of instant messages between Gawker editors in which they belittled previous attacks on their site and mocked would-be hackers.

“[Expletive] gawker, hows this for ‘script kids’?” wrote the hackers in an obscenity-laced, ungrammatical rant at the top of the text file, using to a derisive term for hacker wannabes. “Your empire has been compromised, Your servers, Your database’s, Online accounts and source code have all be ripped to shreds!

“You wanted attention, well guess what, You’ve got it now!” the post concluded.

The members of Gnosis are the latest group of so-called “griefers” — groups of hackers who delight in large-scale displays of anti-social behavior online — to scramble into the spotlight.

The hackers said they had 4 gigabytes of instant message transcripts, which will likely include editors’ behind-the-scenes back-and-forth about what stories they will cover and which angles to take.

They also posted the texts of e-mails from last month in which staffers, including founder and CEO Nick Denton, discussed and ultimately dismissed signs of a possible breach of Mr. Denton’s account on Campfire — an instant messaging and collaboration service for businesses.

No one at Gawker media responded to requests for comment Monday or Tuesday, but the FBI office in New York said it was aware of the attack “and is looking into it,” according to spokesman Richard Kolko. He declined to confirm one report that investigators would meet Tuesday with Mr. Denton. “We do not discuss investigative steps in any investigation,” Mr. Kolko told The Washington Times in an e-mail.

The hackers lambasted more than 1,900 Gawker users who used the password “password” and posted their names and e-mails in a separate list. Hundreds more users, again posted separately, used the easily guessable password “qwerty” — the first six letters on the top line of a standard keyboard.

Both lists included users with .gov and .mil domain e-mail addresses, indicating they work for the U.S. government or military.

Story Continues →