Over the last 24 hours Gawker Media’s network of sites have been under attack from a group who have identified themselves “Gnosis,” a seemingly mysterious collective of hackers who has been falsely considered part of the 4chan-related group of renegade vigilantes knows as Anonymous. Via several private email exchanges with Mediaite, an individual claiming to represent “Gnosis” has explained both the reasoning and methodology of his actions, which has led to a compromised commenter database and a content management system.

First and foremost, it appears that new Gawker Media passwords are secure, not available to the individual claiming responsibility for the security breach, at least according to Gnosis. As Mediaite reported earlier, when asked why Gawker was being subjected to a cyber-attack, Gnosis cited “arrogance” from management and staff with regard to the hacker community:

We went after Gawker because of their outright arrogance. It took us a few hours to find a way to dump all their source code and a bit longer to find a way into their database. We found an interesting quote in their Campfire logs: Hamilton N.: Nick Denton Says Bring It On 4Chan, Right to My Home Address (After

The Jump) Ryan T.: We Are Not Scared of 4chan Here at 210 Elizabeth St NY NY 10012 I mean if you say things like that, and attack sites like 4chan (Which we are not affiliated to) you must at least have the means to back yourself up. We considered what action we would take, and decided that the Gawkmedia “empire” needs to be brought down a peg or two. Our groups mission? We don’t have one. We will be releasing the full source code dump along with the database at 9PM GMT today. You are the only outlet we have told the release time.

When asked about further explanation about the specific attacks, Gnosis explained:

We cannot provide any more information as to how the attack was carried out, because this could be used against us. We have been cracking the database for about 17 hours and have managed to retrieve 273,789 passwords. If our release schedule wasn’t so tight we could get 500,000+. Included in the dump are passwords linked to accounts from Nasa, about every .gov domain you could imagine and hundreds from banks. One can only pray that they do not use the same password everywhere. The actual database size is 1,247,897 rows, which is 80+% of their database. (Private data redacted) We have had access to all of their emails for a long time as well as most of their infrastructure powering the site. Gawkmedia has possibly the worst security I have ever seen. It is scary how poor it is. Their servers run horribly outdated kernel versions, their site is filled with numerous exploitable code and their database is publicly accessible. We will be releasing the full source code to their site as well as the full database dump later today or tomorrow, when we get enough press to stir up the release. We will also be releasing a text file describing Gawkers numerous security failings. Regards,

~Gnosis

Adding later in a follow up email:

The database is for the media more than anything. Releasing the source code to a site is all very well and will cause a splash, but

only niche users will be interested in viewing it and sharing it, because the average joe won’t really care about Gawkers (rather

interesting) PHP framework. However if we release the source with 1,300,000 emails and with a portion of them cracked it will (We hope) cause a bigger stir. On an interesting side note there are 2650 users in the database using the password “password” or “querty”. Of these users one is registered under a .gov email address, 3 are from a .mil addres and 52 are from .edu addresses.

Finally, when asked if any future attacks were planned, Gnosis offered the following:

Nope, not right now. They didn’t like their frontpage being defaced with that post, so they have locked down pretty tight. We will still work on it for a while. We don’t like being lumped with 4chan though, but I guess it was inevitable. People on twitter are saying “4chan’s Gnosis hacked Gawker”.

The email exchange came to us after our first report was published Saturday afternoon and was conducted with an individual using an untraceable email account. Also, Mediaite has shared some relevant information with Gawker sources to confirm the veracity of the hacker’s allegations, which in hindsight, have all been right on the money.

Have a tip we should know? [email protected]