Kotaku and Gawker Media hacked

Comments

  • BuddyJBuddyJ Dept. of Propaganda OKC Icrontian
    edited December 2010
    This doesn't just apply to Kotaku, Gawker and Lifehacker. Their full list of haxed sites is:

    * Gawker.com - New York City media and gossip
    * Gizmodo - Gadgets and technology
    * Kotaku - Video games
    * Jalopnik - Cars and automotive culture
    * Lifehacker - Productivity tips
    * Deadspin - Sports
    * Jezebel - Celebrity, Sex, Fashion for women
    * io9 - Science fiction
    * Fleshbot - Porn
    * Gawker.tv
    * Cityfile
    * Valleywag - San Francisco and Silicon Valley gossip
    * Gawker Artists - Contemporary/Rising Art Registry[11]
    * Defamer - Hollywood news and gossip[12]
    * Sploid - News,Games/Tech
  • ThraxThrax 🐌 Austin, TX Icrontian
    edited December 2010
  • BuddyJBuddyJ Dept. of Propaganda OKC Icrontian
    edited December 2010
    Thanks! That's what I was looking for. I got hit, but I think all my passwords are changed and strongly typed.
  • ThraxThrax 🐌 Austin, TX Icrontian
    edited December 2010
    I got hit, too, but on an old email address with a password I know I haven't used in years. I'm good.
  • ThraxThrax 🐌 Austin, TX Icrontian
    edited December 2010
    An excellent article on the hack.
  • MiracleManSMiracleManS Chambersburg, PA Icrontian
    edited December 2010
    I can say for certain I never used any of those sites. Yay me?

    As a side note, talk about bad security practices. Sheesh.
  • Cliff_ForsterCliff_Forster Icrontian
    edited December 2010
    While all our cyber crime experts are trying to figure out how to put an end to pirates on bit torrent....
  • edited December 2010
    It's all over reddit and torrents... pretty sure more than 500 ppl have it. maybe 5000+. I wish someone could have also gotten the CMS running on a test server just for the fun of it.
  • pseudonympseudonym Michigan Icrontian
    edited December 2010
    While all our cyber crime experts are trying to figure out how to put an end to pirates on bit torrent....

    Goooooooo Money!

    Beyond that, Gawker had a huge ego about this sort of thing, they paid for it.
  • the_technocratthe_technocrat IC-MotY1 Indy Icrontian
    edited December 2010
    over 9000 people have this information now
  • ardichokeardichoke Icrontian
    edited December 2010
    Cool story Bradro
  • BandrikBandrik Elkhart, IN Icrontian
    edited December 2010
    Epic facepalm, Gawker. Way to go. You win a nomination for the 2010 Digital Security Derp Award. Using encryption designed back in the 70's? Wow.

    Also, a slight chuckle was the Spaceballs reference from the article...
    1,958 Gawker users’ password was ‘password’. We haven’t finished analyzing the file to determine how many users had 1-2-3-4-5, the combination on my luggage.
  • KwitkoKwitko Sheriff of Banning (Retired) By the thing near the stuff Icrontian
    edited December 2010
    Gawker's too big and awesome to let a little thing like outdated encryption ruin their day (and the day of 1.6 million of their peasant friends.)

    As shitty as this sounds, couldn't have happened to a better organization.
  • LincLinc Owner Detroit Icrontian
    edited December 2010
    McDonalds and DeviantArt have also been compromised, though I hear it's just data, not passwords. Not everyone sucks at password hashing as badly as Gawker.
  • BandrikBandrik Elkhart, IN Icrontian
    edited December 2010
    Oh noes not my DeviantArt! Where else would I go for all my animevideogamecrossoverfanficcomics if they get compromised and all disappear?!
  • Cliff_ForsterCliff_Forster Icrontian
    edited December 2010
    Terrible security and all, isn't it kind of like saying, she had it coming because she wore a short skirt and too much lipstick?

    The problem is that cyber criminals rarely get caught, and when they do get punished the geek media glorifies the hackers as a counter culture anti hero. Bottom line is that these guys are criminals and there needs to be a real effort to go after them and prosecute.

    Lets say someone hacks Icrontic, I'm not going to look at Prime and Lincoln and say, well you guys should have done better, I am going to say, how do we find the guys that did this and hold them accountable? If it happened, who would you even call? What would you even do? Is there even a legal play-book to follow to get these guys? These are the questions for the digital world we live in.
  • ardichokeardichoke Icrontian
    edited December 2010
    I am going to say, how do we find the guys that did this and hold them accountable?
    If they're any good, you can't and you don't.
    If it happened, who would you even call?
    Nobody, law enforcement doesn't take these kind of hacks seriously unless serious personal information (read: SSN, Credit Card info, etc.) are leaked. In that case it's usually the company storing the information insecurely that is punished (and rightly so). Sure, punishing the hacker would be great, but if they're any good they erased their footprints. Hacks are stunningly easy to cover up and there are laws about how securely you must store sensitive personal information.
    What would you even do? Is there even a legal play-book to follow to get these guys? These are the questions for the digital world we live in.
    Restore from backups if anything was defaced, fix your security, move on with your life.

    There is no legal playbook, as I said before, law enforcement doesn't take this kind of hack seriously (nor should they, imho; if they did it would bog down law enforcement painfully).

    I don't think you realize how many sites are hacked every day Cliff. If law enforcement had to take every one of them seriously, we would need orders of magnitude more law enforcement. It would be a serious burden on the system. This is a case of "oh noes, a site leaked passwords". Get over it. If you're using good login practices (specifically, not using the same PW for every site) then you have nothing to worry about. If they had leaked SSNs, CC #s or something like that, this would be cause for serious concern (and serious lawsuits filed against them for lax security). It's not.
  • LincLinc Owner Detroit Icrontian
    edited December 2010
    Lets say someone hacks Icrontic, I'm not going to look at Prime and Lincoln and say, well you guys should have done better
    It's funny you say that, because Icrontic was hacked in 2003 and a quarter million forum posts were lost because of bad backups.

    Notice I say "because of bad backups" and not "because some punk hackers nuked our server"? That's the reality we live in daily as website owners. If you don't have strong security practices and backups, you're a few clicks away from owning nothing.
  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited December 2010
    ardichoke wrote:
    Nobody, law enforcement doesn't take these kind of hacks seriously unless serious personal information (read: SSN, Credit Card info, etc.) are leaked.

    I'm going to refute this with very, very first-hand experience.

    If you know your Icrontic and Short-Media history, you'll know that we were the victims of a minor defacement (a combination of script-kiddie BS and social engineering failures). Our server was in Southfield, MI and the Southfield Police took it VERY seriously. The detective that was assigned to our case was a hardass, and contacted the jurisdiction where the perp lived. He said he'd go all the way with us, even extradition if it came to that.

    Point being: It doesn't have to be a "major" hack; if the law is broken, the police have an obligation to take it seriously.
  • LincLinc Owner Detroit Icrontian
    edited December 2010
    So there's two sides to this coin, and we've seen both. :D
  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited December 2010
    lol @ Lincoln and I typing furiously three feet away from each other, answering different posts.
  • ardichokeardichoke Icrontian
    edited December 2010
    Okay, from what we've seen it's RARE for law enforcement to care about some script kiddie exploiting a site.... and given the number of hacks that we see and the fact that the vast majority of them are due to poor security, bad passwords, out of date software or other webmaster stupidity, I can't say that I blame them.
    Terrible security and all, isn't it kind of like saying, she had it coming because she wore a short skirt and too much lipstick?
    Because I feel like digging on Cliff some more, no, it's more like Paris Hilton walking, nude, into the middle of a prison riot shouting "GEE, I HOPE I DON'T GET RAPED".
  • BandrikBandrik Elkhart, IN Icrontian
    edited December 2010
    ardichoke wrote:
    It's more like Paris Hilton walking, nude, into the middle of a prison riot shouting "GEE, I HOPE I DON'T GET RAPED".

    Main problem with that argument is that you can't rape the willing. =P
Sign In or Register to comment.