The Gawker Has Become the Gawkee
Hackers wormed their way into blog network Gawker's systems, snapping up a multitude of user names and passwords, among other information. Now the media company is warning its users to change not only their passwords on Gawker, but also those on any site for which they use the same username/password combination.
Dec 13, 2010 11:52 AM PT
Hackers struck at the Gawker blog network's servers over the weekend, stealing more than 1 million rows of data, including cracked passwords.
Gawker has been scurrying to revamp security on its servers as a result, and has put up an FAQ page on this issue.
Meanwhile, Twitter has been hit with a wave of spam attacks that it blames on the Gawker hack.
The hacker or hackers who struck at Gawker go by the name of "Gnosis" and say their attack is retaliation for the blog consortium's mocking of previous attacks.
The Taking of Gawker 1-2-3
Gawker said Gnosis had claimed responsibility for the hack.
The hacker or hackers claimed they had been working on cracking Gawker's database for about 17 hours, according to a report on Mediaite.
Gnosis dumped a database with more than 1.3 million rows of data, source code information, an upcoming redesign of the Gawker site, a text file containing background information and passwords, and a list of Gawker server kernel versions.
These were then released on The Pirate Bay site.
The Pirate Bay is a Swedish website that indexes BitTorrent files. It has been battling the entertainment industry and people associated with the site have been charged with or convicted of aiding copyright infringement.
In an exchange of emails with Mediaite, Gnosis said it had retrieved 273,789 passwords and that tight deadlines prevented it from getting more than 500,000. The passwords included those linked to email accounts within organizations like NASA, banks and several government domains, Gnosis' emails said. It claimed to have had access to all Gawker's emails for a long time, and also to have access to most of the infrastructure powering Gawker's site.
Gnosis said Gawker's servers run outdated kernel versions, its site is filled with lots of exploitable code, and its database is publicly accessible.
The hacker or hackers said they wouldn't explain how they got into Gawker's servers because that information could be used against them. Gnosis said it isn't involved with 4Chan.
Hackers associated with the site 4Chan broke into Gawker's site in July, triggering a challenge from Gawker publisher Nick Denton and his staff. This apparently angered the people behind Gnosis, who launched their attack in retaliation.
Revenge of the Hackers
Gnosis said it found notes from Denton and other Gawker staff in Gawker's Campfire logs that made light of a previous hacking attempt.
Campfire is a Web-based team collaboration site with real time-chat. It's one of several Web-based collaboration products from 37signals.
Gawker publisher Nick Denton apparently uses the same username and password for all his accounts. This let the hackers get into Gawker's Campfire chat room.
"They got hold of what appears to Nick's email account and password," David Hansson, a partner at 37signals, told TechNewsWorld. "Once you have access to someone's email account, every Web application out there allows you to reset the password. However, Campfire wasn't breached."
Denton did not respond to a request for comment by press time.
Once More Into the Breach, Gawker
In an FAQ page about the hack, Gawker, said its properties -- Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin and Fleshbot -- had been breached.
Gawker said it's working around the clock to ensure its security and that of commenters on its sites. It's notifying those whose accounts who might have been breached.
In addition, Gawker's bringing in an independent security firm to consult on infrastructure security. It will work with independent auditors to ensure it maintains a high level of security.
The passwords of subscribers who logged into Gawker's site using Facebook Connect weren't compromised because these aren't stored, Gawker said. Those who linked their Twitter accounts with their Gawker Media account are safe so long as they didn't use the same password for both accounts.
Subscribers who use the same passwords for their accounts on Gawker Media and other sites, including Twitter, should change their passwords, Gawker advised. It also promised to implement an option that would let subscribers delete their Gawker Media accounts..
Berry Bad Fallout for Twitter
Hundreds of thousands of Twitter subscribers began getting hit by a massive spam campaign offering the Acai Berry diet after the Gawker servers had been hacked.
That prompted Twitter security head Delbius Harvey to tweet a message to Twitter users urging them to change their Twitter passwords if they share these with their Gawker Media accounts.
Safety Practices for Gawker Subscribers
Subscribers to Gawker Media's properties should use different passwords for every website they log on to, Graham Cluley, senior technology consultant at Sophos, told TechNewsWorld.
Selecting different passwords for different websites won't prevent them from being stolen when the websites are hacked, Cluley said. However, it will contain the security breach to just the site that is hacked.
Users should get password management software to store all their different usernames and passwords, Cluley advised. Such software includes LastPass, KeePass and 1Password, and they can remember all a user's passwords. These packages can also suggest strong passwords that are difficult to crack.