Turning Gawker On Itself

In the media world, the episode was met with a mix of hand-rubbing and dread. There was, on the one hand, the view that Gawker was finally getting its karmic payback, having tormented the city and (arguably) violating other people’s privacy for years. These, after all, are the acid-tongued outlets that had in the last year alone questionably obtained a lost iPhone, published a photo of Brett Favre’s genitals, and paid to learn the particulars of a Tea Party Senate candidate’s pubic grooming.

But there was also the very real chance that editors and writers across the city could now be outed publicly for dissing their bosses in private. One Gawker and Jezebel commenter with a Condé Nast email address, for instance, had written in about making up quotes at a women’s magazine; the condition of Anna Wintour’s 60-year-old skin; and her experiences with both circumcised and uncircumcised penises. Twenty-six readers registered with Times email addresses, 21 from Condé Nast, 12 from Time Inc., 18 from Hearst, nine from The Journal, six from the Post and three from the Daily News. An untold number more used harder-to-detect private accounts. But searching for media coworkers–and rivals–became as simple as plugging their personal email addresses into an easily downloadable 72-megabyte text file, a 1.3 million-entry fantasia of byline hunting. Did Jeffrey Toobin really register with the name “ValentinoAgamemnon”?

THE TWEETS FROM Gizmodo’s Twitter account that Saturday afternoon included a boast that 1.5 million commenter accounts had been stolen. Scott Kidder, Gawker’s director of operations, pshaw’d the possibility later that evening via Twitter, noting that the company’s passwords were encrypted.

The hackers then sent proof of what they’d obtained to two news outlets, The Next Web and Mediaite, which had done early reporting on rumors of a Gawker attack. Colby Hall, Mediaite’s managing editor, was in particular out in front of the story. As early as Saturday night and continuing into Sunday afternoon, he repeatedly tried to get the attention of Mr. Denton and Mr. Kidder, to no avail: They did not believe the threat was serious.

At 4:10 p.m. Sunday, the ultimate proof finally came in a post at the top of gawker.com, containing a link to download the raw source code of Gawker’s CMS and the commenter database. It was illustrated with a picture of a young girl with Down syndrome and the words “DERP DERP DERP DERP.”

Early reports about the breach pinned responsibility on 4chan–an anarchic message board that Gawker had done battle with over the summer. The real hackers didn’t like this. They had pantsed the biggest bully on the playground, and someone else was getting the credit.

So at 5:20 p.m., one of them logged in to Gawker’s internal chat room. Using the name and password of Gawker staff writer John Cook, the hacker wrote:

so like

i’m one of the guys

who released this dump

i wouldn’t mind a chat

i’m not some 4chan faggot, and I don’t like being lumped together with them.

The Observer tried to reach Gnosis through Mediaite and The Next Web. A representative for the group sent back word that they would consider making contact later in the week; they did not do so by press time.

For a technology company, Gawker did not handle the attack well. As far back as Nov. 11, according to the hackers, Mr. Denton suspected that his Campfire (internal chat) account had been “hacked,” as he put it. Tech staff at the company assured him that this wasn’t the case. Over the course of this past weekend, Gawker reacted slowly and even in a state of denial to a steady drip-drip-drip of events that indicated that a severe security breach had occurred.

“Fuck you gawker, hows this for ‘script kids’?” the hackers wrote to Mr. Denton Sunday. “Your empire has been compromised, Your servers, Your database’s, Online accounts and source code have all be ripped to shreds!”

Turning Gawker On Itself