You are currently viewing the printable version of this article, to return to the normal page, please click here.

Gawker site hacked by raider Gnosis

Passwords and messages posted after estimated 200,000 decrypted

- The Washington Times - Monday, December 13, 2010

Gawker Media, the cluster of news blogsites that helped define the emergent era of Internet news, has become the victim of an even more cutting edge Web phenomenon — it was hacked over the weekend, and the passwords of its staff and users and the private communications of its editors were posted online.

"We're deeply sorry for and embarrassed about this breach of security — and of trust," the company said on its website, adding that although user passwords were stored in encrypted form "simple ones may be vulnerable" to being decrypted.

"You should change your Gawker password and on any other sites on which you've used the same password," the company said.

As many as a third of Internet users employ the same password for every site where they have an account, according to a survey last year by Sophos Security, so security specialists expect the effects of the hack — which Monday spread to social networking site Twitter — to ripple out over coming days.

"Previous attacks against the target were mocked, so we came along and raised the bar a little," wrote the hackers, who called themselves Gnosis and used the slogan "Where is your God now?"

Sunday night, Gnosis posted a text file containing more than 200,000 decrypted e-mail addresses and passwords of Gawker registered users, including many from .gov and .mil domains. The hackers said they had downloaded details of about 1.3 million users, but only decrypted about 200,000 of those. "If you want the rest of them cracking, do it your [expletive] self!" they urged.

The hackers also posted transcripts of instant messages between Gawker editors in which they belittled previous attacks on their site and mocked would-be hackers.

"[Expletive] gawker, hows this for 'script kids'?" wrote the hackers in an obscenity-laced, ungrammatical rant at the top of the text file, using to a derisive term for hacker wannabes. "Your empire has been compromised, Your servers, Your database's, Online accounts and source code have all be ripped to shreds!

"You wanted attention, well guess what, You've got it now!" the post concluded.

The members of Gnosis are the latest group of so-called "griefers" — groups of hackers who delight in large-scale displays of anti-social behavior online — to scramble into the spotlight.

The hackers said they had 4 gigabytes of instant message transcripts, which will likely include editors' behind-the-scenes back-and-forth about what stories they will cover and which angles to take.

They also posted the texts of e-mails from last month in which staffers, including founder and CEO Nick Denton, discussed and ultimately dismissed signs of a possible breach of Mr. Denton's account on Campfire — an instant messaging and collaboration service for businesses.

No one at Gawker media responded to requests for comment Monday or Tuesday, but the FBI office in New York said it was aware of the attack "and is looking into it," according to spokesman Richard Kolko. He declined to confirm one report that investigators would meet Tuesday with Mr. Denton. "We do not discuss investigative steps in any investigation," Mr. Kolko told The Washington Times in an e-mail.

The hackers lambasted more than 1,900 Gawker users who used the password "password" and posted their names and e-mails in a separate list. Hundreds more users, again posted separately, used the easily guessable password "qwerty" — the first six letters on the top line of a standard keyboard.

Both lists included users with .gov and .mil domain e-mail addresses, indicating they work for the U.S. government or military.

The hack spilled over Monday to social networking site Twitter, where a rapidly proliferating spam message promoting bogus diet pills was said by Twitter executives to be linked to the Gawker attack.

"It appears users were using the same password on both sites," said Twitter's chief of trust and safety, Del Harvey.

Spammers were able to hack into Twitter users' accounts employing the passwords posted by Gnosis and then used the compromised account to spread their messages.

The spill-over highlighted the danger that the Gawker breach might proliferate to other sites.

Although registered users of a media site do not typically store sensitive personal information on their accounts, the hackers pointed out that many Gawker staff, including Mr. Denton, used the same password for multiple e-mail and other accounts and speculated that registered users might do the same.

The Twitter spam attack suggests they were correct, and that the ripples of the Gawker hack may spread further in coming days. Attacks "may well spread beyond Twitter, as hackers [attempt to access] the social networking, Web-based e-mail and even corporate accounts of registered Gawker users, counting on the fact that the account owner may have reused their Gawker password," said Paul Roberts of computer security firm Kaspersky Labs. "That's a good bet, statistics show," he added.

Aside from generalized anomie, the group's motive for the attack appears to be linked to a series of stories the Gawker site ran in July about griefer attacks on an 11-year old girl, after a video of her crying while her father berated people who had been bullying her online went viral.

The girl's real name, home address and telephone number were circulated online and the family got abusive and prank phone calls.

Gawker ran articles attacking the griefers, and then, when some of them attempted Internet attacks on the Gawker site, mocked the attackers, calling them "sad."

© Copyright 2015 The Washington Times, LLC. Click here for reprint permission.