This doesn't just apply to Kotaku, Gawker and Lifehacker. Their full list of haxed sites is:
* Gawker.com - New York City media and gossip
* Gizmodo - Gadgets and technology
* Kotaku - Video games
* Jalopnik - Cars and automotive culture
* Lifehacker - Productivity tips
* Deadspin - Sports
* Jezebel - Celebrity, Sex, Fashion for women
* io9 - Science fiction
* Fleshbot - Porn
* Gawker.tv
* Cityfile
* Valleywag - San Francisco and Silicon Valley gossip
* Gawker Artists - Contemporary/Rising Art Registry[11]
* Defamer - Hollywood news and gossip[12]
* Sploid - News,Games/Tech
It's all over reddit and torrents... pretty sure more than 500 ppl have it. maybe 5000+. I wish someone could have also gotten the CMS running on a test server just for the fun of it.
1,958 Gawker users’ password was ‘password’. We haven’t finished analyzing the file to determine how many users had 1-2-3-4-5, the combination on my luggage.
0
KwitkoSheriff of Banning (Retired)By the thing near the stuffIcrontian
edited December 2010
Gawker's too big and awesome to let a little thing like outdated encryption ruin their day (and the day of 1.6 million of their peasant friends.)
As shitty as this sounds, couldn't have happened to a better organization.
McDonalds and DeviantArt have also been compromised, though I hear it's just data, not passwords. Not everyone sucks at password hashing as badly as Gawker.
Terrible security and all, isn't it kind of like saying, she had it coming because she wore a short skirt and too much lipstick?
The problem is that cyber criminals rarely get caught, and when they do get punished the geek media glorifies the hackers as a counter culture anti hero. Bottom line is that these guys are criminals and there needs to be a real effort to go after them and prosecute.
Lets say someone hacks Icrontic, I'm not going to look at Prime and Lincoln and say, well you guys should have done better, I am going to say, how do we find the guys that did this and hold them accountable? If it happened, who would you even call? What would you even do? Is there even a legal play-book to follow to get these guys? These are the questions for the digital world we live in.
I am going to say, how do we find the guys that did this and hold them accountable?
If they're any good, you can't and you don't.
If it happened, who would you even call?
Nobody, law enforcement doesn't take these kind of hacks seriously unless serious personal information (read: SSN, Credit Card info, etc.) are leaked. In that case it's usually the company storing the information insecurely that is punished (and rightly so). Sure, punishing the hacker would be great, but if they're any good they erased their footprints. Hacks are stunningly easy to cover up and there are laws about how securely you must store sensitive personal information.
What would you even do? Is there even a legal play-book to follow to get these guys? These are the questions for the digital world we live in.
Restore from backups if anything was defaced, fix your security, move on with your life.
There is no legal playbook, as I said before, law enforcement doesn't take this kind of hack seriously (nor should they, imho; if they did it would bog down law enforcement painfully).
I don't think you realize how many sites are hacked every day Cliff. If law enforcement had to take every one of them seriously, we would need orders of magnitude more law enforcement. It would be a serious burden on the system. This is a case of "oh noes, a site leaked passwords". Get over it. If you're using good login practices (specifically, not using the same PW for every site) then you have nothing to worry about. If they had leaked SSNs, CC #s or something like that, this would be cause for serious concern (and serious lawsuits filed against them for lax security). It's not.
Lets say someone hacks Icrontic, I'm not going to look at Prime and Lincoln and say, well you guys should have done better
It's funny you say that, because Icrontic was hacked in 2003 and a quarter million forum posts were lost because of bad backups.
Notice I say "because of bad backups" and not "because some punk hackers nuked our server"? That's the reality we live in daily as website owners. If you don't have strong security practices and backups, you're a few clicks away from owning nothing.
Nobody, law enforcement doesn't take these kind of hacks seriously unless serious personal information (read: SSN, Credit Card info, etc.) are leaked.
I'm going to refute this with very, very first-hand experience.
If you know your Icrontic and Short-Media history, you'll know that we were the victims of a minor defacement (a combination of script-kiddie BS and social engineering failures). Our server was in Southfield, MI and the Southfield Police took it VERY seriously. The detective that was assigned to our case was a hardass, and contacted the jurisdiction where the perp lived. He said he'd go all the way with us, even extradition if it came to that.
Point being: It doesn't have to be a "major" hack; if the law is broken, the police have an obligation to take it seriously.
Okay, from what we've seen it's RARE for law enforcement to care about some script kiddie exploiting a site.... and given the number of hacks that we see and the fact that the vast majority of them are due to poor security, bad passwords, out of date software or other webmaster stupidity, I can't say that I blame them.
Terrible security and all, isn't it kind of like saying, she had it coming because she wore a short skirt and too much lipstick?
Because I feel like digging on Cliff some more, no, it's more like Paris Hilton walking, nude, into the middle of a prison riot shouting "GEE, I HOPE I DON'T GET RAPED".
RootWyrm
Icrontian
Comments
* Gawker.com - New York City media and gossip
* Gizmodo - Gadgets and technology
* Kotaku - Video games
* Jalopnik - Cars and automotive culture
* Lifehacker - Productivity tips
* Deadspin - Sports
* Jezebel - Celebrity, Sex, Fashion for women
* io9 - Science fiction
* Fleshbot - Porn
* Gawker.tv
* Cityfile
* Valleywag - San Francisco and Silicon Valley gossip
* Gawker Artists - Contemporary/Rising Art Registry[11]
* Defamer - Hollywood news and gossip[12]
* Sploid - News,Games/Tech
As a side note, talk about bad security practices. Sheesh.
Goooooooo Money!
Beyond that, Gawker had a huge ego about this sort of thing, they paid for it.
Also, a slight chuckle was the Spaceballs reference from the article...
As shitty as this sounds, couldn't have happened to a better organization.
The problem is that cyber criminals rarely get caught, and when they do get punished the geek media glorifies the hackers as a counter culture anti hero. Bottom line is that these guys are criminals and there needs to be a real effort to go after them and prosecute.
Lets say someone hacks Icrontic, I'm not going to look at Prime and Lincoln and say, well you guys should have done better, I am going to say, how do we find the guys that did this and hold them accountable? If it happened, who would you even call? What would you even do? Is there even a legal play-book to follow to get these guys? These are the questions for the digital world we live in.
Nobody, law enforcement doesn't take these kind of hacks seriously unless serious personal information (read: SSN, Credit Card info, etc.) are leaked. In that case it's usually the company storing the information insecurely that is punished (and rightly so). Sure, punishing the hacker would be great, but if they're any good they erased their footprints. Hacks are stunningly easy to cover up and there are laws about how securely you must store sensitive personal information.
Restore from backups if anything was defaced, fix your security, move on with your life.
There is no legal playbook, as I said before, law enforcement doesn't take this kind of hack seriously (nor should they, imho; if they did it would bog down law enforcement painfully).
I don't think you realize how many sites are hacked every day Cliff. If law enforcement had to take every one of them seriously, we would need orders of magnitude more law enforcement. It would be a serious burden on the system. This is a case of "oh noes, a site leaked passwords". Get over it. If you're using good login practices (specifically, not using the same PW for every site) then you have nothing to worry about. If they had leaked SSNs, CC #s or something like that, this would be cause for serious concern (and serious lawsuits filed against them for lax security). It's not.
Notice I say "because of bad backups" and not "because some punk hackers nuked our server"? That's the reality we live in daily as website owners. If you don't have strong security practices and backups, you're a few clicks away from owning nothing.
I'm going to refute this with very, very first-hand experience.
If you know your Icrontic and Short-Media history, you'll know that we were the victims of a minor defacement (a combination of script-kiddie BS and social engineering failures). Our server was in Southfield, MI and the Southfield Police took it VERY seriously. The detective that was assigned to our case was a hardass, and contacted the jurisdiction where the perp lived. He said he'd go all the way with us, even extradition if it came to that.
Point being: It doesn't have to be a "major" hack; if the law is broken, the police have an obligation to take it seriously.
Because I feel like digging on Cliff some more, no, it's more like Paris Hilton walking, nude, into the middle of a prison riot shouting "GEE, I HOPE I DON'T GET RAPED".
Main problem with that argument is that you can't rape the willing. =P