Log in

log f-list backlog .nfo TRO LLC back back forward forward
Statement on Gawker hack - Andrew Auernheimer
Oðinnsson. Market abuser. Internationally notorious computer criminal.
Statement on Gawker hack
Recently, Gawker.com got seriously hacked by some group calling themselves Gnosis. I saw no small number of media sources implying they deserved it for covering the AT&T information disclosure by Goatse Security. I feel there's a gigantic difference between these two events that needs to be discussed.

Gawker is a media source with a gigantic amount of integrity. Once upon a time, there was a Valleywag story (this was back when Valleywag was a separate website) that wasn't posted on Gawker mainpage. When it was found that incorrect information was contained within a story, they printed the correction on Gawker.com, and it was longer and more prevalently featured than the original story:

This event really stuck with me. Afterwards, I considered Gawker one of the media sources with utmost integrity. When the NYT makes a mistake on the frontpage the correction is in tiny print on page C30. Gawker held itself accountable to a level which few sources do, and I have to respect that. When they do wrong, they apologize.

What Goatse Security did was thought out to multiple degrees:
* The data we gathered was not disclosed publicly (only to Ryan Tate), we wanted to LIMIT the public's exposure to risk, not add to it. I believe we were successful at pursuing that goal.
* When a reporter (I forget whom) asked me if AT&T customers should replace their SIM cards, I answered negatively, as I did not feel that AT&T needed to have a bunch of paranoid customers demanding a new SIM. I felt, however, it was appropriate for some iPad owners (military, government and corporate leadership) to be able to be made aware of the issue that their iPad could be geolocated or have traffic intercepted. I thought that it was fair that the public know that if they did not check their email associated with the iPad ICC-ID, they could not be coaxed into clicking a malicious PDF link that could have allowed an attacker to takeover their iPad. Issues like this are important for people to be able to mitigate.
* I don't know. I said some inappropriate things about AT&T and the iPad, but that was only after AT&T called us malicious (which I did not feel was fair to us). I was defensive and ran my mouth a little too freely in response. I regret that. The comments these kids made in their readme file were straightforwardly mean from the very beginning.

Were some comments at Gawker ill advised and perhaps invited attack? Yes. I have made a lot of ill advised statements myself in the past, and cannot possibly throw a stone at them for that. The fact remains, Gawker is a cool bunch of people and one of the few journalist outlets which truly make a good effort to be fair and still get the bleeding edge of stories. They are a valuable resource to society, and I give them props for that.

The public disclosure of Gawker user emails and passwords is wrong. I feel really bad for them. The people who did this crossed a line into maliciousness that makes me sad. It is terrible, and I feel that they should come forward and apologize.
16 piles of shards / break my glass
hep From: hep Date: December 14th, 2010 09:38 pm (UTC) (link)
*wave walker*
weev From: weev Date: December 14th, 2010 10:00 pm (UTC) (link)
i dont know. i dont think this is a getting old thing. i think i would have felt this way a decade ago, easily.
girlvinyl From: girlvinyl Date: December 14th, 2010 10:45 pm (UTC) (link)
I don't like gawker because they are liars.
masonv From: masonv Date: December 15th, 2010 04:47 am (UTC) (link)
Do you know if this came about from the way Gawker stores user passwords? And if so, has Gawker changed their method for storing passwords?
weev From: weev Date: December 15th, 2010 05:26 am (UTC) (link)
no idea. i havent looked into the details and who knows what gawker is doing.

all i know is that there was like, a full DB dump put out there, wikileaks style. i do not like how that is done. it is unethical.
auntiesiannan From: auntiesiannan Date: December 16th, 2010 02:52 am (UTC) (link)
I like gawker because they stood up to the clams.
From: kirix21 Date: December 16th, 2010 03:54 am (UTC) (link)
This comment is being read by an FBI Agent.
From: fufanux Date: December 17th, 2010 09:22 am (UTC) (link)
Hello domestic surveillance
rfjason From: rfjason Date: December 28th, 2010 05:09 am (UTC) (link)
Oh, I don't know. I think the Gawker hack pointed out two important things:

1. Site security, obviously.
2. The danger of password recycling.

I read that a lot of 3rd party sites verified their userlist against the published gawker list, notified their users of the potential of a breach, and encouraged or required the affected users to update their passwords.

So, with one hack, you get two security improvements. Not bad.
weev From: weev Date: December 29th, 2010 11:22 am (UTC) (link)
1. Site security, obviously.
This appeared to be an extensive assault upon all levels of Gawker security. I don't know a single bank in existence that wouldn't have failed to this level of scrutiny. To imply that gossip blogs should be more secure than where you keep your money is absolutely absurd.

In fact, the level of sophistication of the attack is completely disproportionate to the attack target. I'd be willing to bet this is an FBI COINTELPRO style hit upon Gawker, likely to manufacture the "well, you shouldn't give AT&T's data to Gawker because Gawker isn't secure" line against me in my trial. It is disappointing that the feds are resorting to bankrolling hacks against news sources to try to discredit me, but what can you expect from these assholes? They called in a threat of violence to a synagogue to try to blame it on me previously.

A sane society would line up these federal pieces of shit and shoot them in the street.
yrck From: yrck Date: December 30th, 2010 09:35 pm (UTC) (link)
Thats the fucked thing. None of these bureaus have the checks in place to guarantee they don't pull random stunts. I feel like you give them too much credit. I bet its just some asshole thats jealous expensing sysadmin work but is actually employing hackers.
base3 From: base3 Date: January 21st, 2011 11:52 am (UTC) (link)
From: (Anonymous) Date: December 31st, 2010 04:37 am (UTC) (link)

Weev is a Cyberbully

Hey Weev,

Stop calling me. Stop stalking me. I got that message you put on my bosses' answering machine. You know what? I've spoken to some FBI friends of yours. You are going back to the slammer you little puddle of puke.

Tom Newton
weev From: weev Date: December 31st, 2010 05:49 am (UTC) (link)

Re: Weev is a Cyberbully

Hello sir,

I'm not really that familiar with who you are, but I assure you, I have not ever put a message on your boss' (or anyone's boss') answering machine. I would really like to help you out with this, as that isn't the sort of thing I do. I do not support personal harassment of individuals. If you are being harassed by someone claiming to be me, I assure you that this is a false flag attack. Many times someone will leave messages claiming to be me in an attempt to divert attention from themselves.

Sorry to hear about your troubles, and let me know if there's anything I can do to help!
From: fufanux Date: January 2nd, 2011 10:08 pm (UTC) (link)

Re: Weev is a Cyberbully

chunkems From: chunkems Date: January 9th, 2011 04:29 pm (UTC) (link)
ok if you want to be pals i will add you back if you add me. just needed a break, nothing to do with you. xo.
16 piles of shards / break my glass