Feeds

Gawker rooted by anonymous hackers

Passwords, chats, source code aired

Seven Steps to Software Security

A band of anonymous hackers has rooted the servers of Gawker Media – turning the tables on one of the internet's most ruthless gossip rags by leaking half a gigabyte's worth of its private laundry.

Known as Gnosis, the band gave props to 4chan and last week's Operation Payback, which targeted PayPal, MasterCard, Visa, and other companies that severed ties with WikiLeaks. A 20,000-word manifesto available by BitTorrent over the weekend contained email and Twitter log-in credentials for Nick Denton and other top brass at Gawker, not to mention logins for thousands of Gawker's registered readers.

It also included a sharp rebuke of Gawker's security hygiene.

“You would think a site that likes to mock people, such as gawker, would have better security and actually have a clue what they are doing,” wrote the authors, who made repeated references to previous skirmishes between the site and the Anonymous hacking collective.

“You would think someone like Nick Denton who likes to run his mouth and taunts such an unforgiving mass like Anonymous, would use a more secure password than '24862486,'” they write elsewhere. “The sad thing is he probably believes this password is 'secure' because he likes to use it everywhere!”

Gawker's front page on Sunday night contained this warning saying: “Our user databases appear to have been compromised.” It advised readers to consider their accounts compromised across all of Gawker's federation of websites and to change passwords as soon as possible.

“We're deeply embarrassed by this breach,” the advisory stated. “We should not be in the position of relying on the goodwill of the hackers who identified the weakness in our systems. And, yes, the irony is not lost on us.”

The 486 MB file claimed that 1.5 million passwords were protected with DES, or Data Encryption Standard, a feeble enough hashing algorithm that the attackers were able to recover the first eight characters of the corresponding password.

The hackers claim that even after Denton discovered that one of his online accounts may have been compromised, he continued to use the same weak password with other accounts. The download also includes what purports to be Gawker source code, a sneak peek at a Gawker site redesign, and what are said to be passwords for dozens of sensitive Gawker accounts.

Gawker and Anonymous have been at odds since July, when miscreants waged web attacks that intermittently knocked the site offline. Anonymous's fury is said to have been sparked over Gawker's defense of an 11-year-old girl who came in for a fair amount of online harassment.

The miscreants said that instant messaging accounts for numerous employees were accessed and their missive included what were claimed to be chat transcripts to prove the claim. ®

Mobile application security vulnerability report

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.