The Register® — Biting the hand that feeds IT

Feeds

Gawker rooted by anonymous hackers

Passwords, chats, source code aired

By Dan Goodin, 13th December 2010
  • print
  • alert

Agentless Backup is Not a Myth

A band of anonymous hackers has rooted the servers of Gawker Media – turning the tables on one of the internet's most ruthless gossip rags by leaking half a gigabyte's worth of its private laundry.

Known as Gnosis, the band gave props to 4chan and last week's Operation Payback, which targeted PayPal, MasterCard, Visa, and other companies that severed ties with WikiLeaks. A 20,000-word manifesto available by BitTorrent over the weekend contained email and Twitter log-in credentials for Nick Denton and other top brass at Gawker, not to mention logins for thousands of Gawker's registered readers.

It also included a sharp rebuke of Gawker's security hygiene.

“You would think a site that likes to mock people, such as gawker, would have better security and actually have a clue what they are doing,” wrote the authors, who made repeated references to previous skirmishes between the site and the Anonymous hacking collective.

“You would think someone like Nick Denton who likes to run his mouth and taunts such an unforgiving mass like Anonymous, would use a more secure password than '24862486,'” they write elsewhere. “The sad thing is he probably believes this password is 'secure' because he likes to use it everywhere!”

Gawker's front page on Sunday night contained this warning saying: “Our user databases appear to have been compromised.” It advised readers to consider their accounts compromised across all of Gawker's federation of websites and to change passwords as soon as possible.

“We're deeply embarrassed by this breach,” the advisory stated. “We should not be in the position of relying on the goodwill of the hackers who identified the weakness in our systems. And, yes, the irony is not lost on us.”

The 486 MB file claimed that 1.5 million passwords were protected with DES, or Data Encryption Standard, a feeble enough hashing algorithm that the attackers were able to recover the first eight characters of the corresponding password.

The hackers claim that even after Denton discovered that one of his online accounts may have been compromised, he continued to use the same weak password with other accounts. The download also includes what purports to be Gawker source code, a sneak peek at a Gawker site redesign, and what are said to be passwords for dozens of sensitive Gawker accounts.

Gawker and Anonymous have been at odds since July, when miscreants waged web attacks that intermittently knocked the site offline. Anonymous's fury is said to have been sparked over Gawker's defense of an 11-year-old girl who came in for a fair amount of online harassment.

The miscreants said that instant messaging accounts for numerous employees were accessed and their missive included what were claimed to be chat transcripts to prove the claim. ®

Steps to Take Before Choosing a Business Continuity Partner

COMMENTS

House Rules Send Corrections
All Reader Comments (36)
Highly Rated
Anonymous Coward
Anonymous Coward

4chan immature babies

4chan would love to convince people they're on some kind of moral crusade. The reality is most of them are just a bunch of immature kiddies using any political / legal issue as a springboard to launch a DDOS attack. It's childish and utterly misguided.

13
2
JimC
Reply Icon

> upvote your own posts

or, bearing in mind that the admins can surely see in the server system who has upvoted their own posts, perhaps they just like laughing at the people who are so sad and so devoid of a life that they would want to do so... Hiding the buttons is good manners because it saves you doing it without thinking.

7
0
boltar

@Anonymous Coward

"The reality is most of them are just a bunch of immature kiddies "

Quite. And while in the past these sorts of kids would have limited their trouble making to a fight in a school playground and ultimately been given a slap by their teacher or parents, they can now cause trouble to major organisations anonymously on the internet backed up by nothing more than the typical teenage mix of self righteousnous, narcissism and naivity with there being little chance of any punishment coming their way for it. By the time they've grown up enough to realise how foolish they've been they'll have caused a huge overeaction by governments and corporations and will have precipitated a massive online crackdown leading to everyones online freedom being curtailed.

Unfortunately the old saying of you can't put an old head on young shoulders has never been more appropriate. When I see what groups like anonymous and the like are doing I just want to weep - they just dont' see the ultimate consequences of their actions.

5
0

More from The Register

breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
136
breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
60
Internet fraud still stings suckers
Australians twice as gullible as Americans
36
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
breaking news
Yahoo! joins! rivals! in! PRISM! data! request! admission!
Keep calm and carry on using American tech firms, folks
41
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17