It had been such a good week for Nick Denton.
Writers and editors from his network of sites had flown in from around the country and been put up on Gawker’s dime, in preparation for the 2011 relaunch of the site that launched the blogger age. After team dinners and other partying, the bloggers streamed into Gawker’s Elizabeth Street offices for presentations on Freedom of Information Act requests and the use of high-quality photos and video, all key to Gawker’s rethink, expected in the first week of the new year. Mr. Denton, the company’s founder, had laid out his case for the new scoop-based approach in an impressive 3,000-word “manifesto for 2011,” which was still reverberating around the web.
To cap it all off on Friday night, Mr. Denton hosted the company holiday party at Double Crown, a restaurant on the Bowery with Southeast Asian fare by way of the British Empire. Unlike Gawker blowouts in the past, the guest list was strictly limited to current staff and significant others. The Observer was allowed in on two conditions: that we observe some set rules on attribution, and that we leave after two hours, before anyone got too drunk. Mr. Denton, tall and gray, cut through the crowd in a blood-reddish gingham shirt, dark pants and pointy black shoes. There was Secret Santa.
With his CTO, Tom Plunkett, Mr. Denton surveyed the scene at Double Crown. He thought: Great party. Fantastic year for stories and audience. Exciting new layout. Then, Mr. Denton recalled to The Observer, he and Mr. Plunkett turned and said to each other almost simultaneously: Something will go wrong.
The next afternoon, the Twitter account of Gizmodo, a Denton tech site, sent out a very strange tweet. And Mr. Denton’s good week came to an end.
BY THE TIME it was over, a group of unknown hackers operating under the name Gnosis hit Gawker with the biggest security breach of a media site ever. They published the source code of Gawker’s proprietary content management system, making it worthless, and unleashed details on 1.3 million commenter accounts, including 188,279 decrypted passwords. That meant that people who had commented on stories on Gawker sites, thinking their opinions were anonymous, weren’t.
In the media world, the episode was met with a mix of hand-rubbing and dread. There was, on the one hand, the view that Gawker was finally getting its karmic payback, having tormented the city and (arguably) violating other people’s privacy for years. These, after all, are the acid-tongued outlets that had in the last year alone questionably obtained a lost iPhone, published a photo of Brett Favre’s genitals, and paid to learn the particulars of a Tea Party Senate candidate’s pubic grooming.
But there was also the very real chance that editors and writers across the city could now be outed publicly for dissing their bosses in private. One Gawker and Jezebel commenter with a Condé Nast email address, for instance, had written in about making up quotes at a women’s magazine; the condition of Anna Wintour’s 60-year-old skin; and her experiences with both circumcised and uncircumcised penises. Twenty-six readers registered with Times email addresses, 21 from Condé Nast, 12 from Time Inc., 18 from Hearst, nine from The Journal, six from the Post and three from the Daily News. An untold number more used harder-to-detect private accounts. But searching for media coworkers–and rivals–became as simple as plugging their personal email addresses into an easily downloadable 72-megabyte text file, a 1.3 million-entry fantasia of byline hunting. Did Jeffrey Toobin really register with the name “ValentinoAgamemnon”?
THE TWEETS FROM Gizmodo’s Twitter account that Saturday afternoon included a boast that 1.5 million commenter accounts had been stolen. Scott Kidder, Gawker’s director of operations, pshaw’d the possibility later that evening via Twitter, noting that the company’s passwords were encrypted.
The hackers then sent proof of what they’d obtained to two news outlets, The Next Web and Mediaite, which had done early reporting on rumors of a Gawker attack. Colby Hall, Mediaite’s managing editor, was in particular out in front of the story. As early as Saturday night and continuing into Sunday afternoon, he repeatedly tried to get the attention of Mr. Denton and Mr. Kidder, to no avail: They did not believe the threat was serious.
At 4:10 p.m. Sunday, the ultimate proof finally came in a post at the top of gawker.com, containing a link to download the raw source code of Gawker’s CMS and the commenter database. It was illustrated with a picture of a young girl with Down syndrome and the words “DERP DERP DERP DERP.”
Early reports about the breach pinned responsibility on 4chan–an anarchic message board that Gawker had done battle with over the summer. The real hackers didn’t like this. They had pantsed the biggest bully on the playground, and someone else was getting the credit.
So at 5:20 p.m., one of them logged in to Gawker’s internal chat room. Using the name and password of Gawker staff writer John Cook, the hacker wrote:
i’m one of the guys
who released this dump
i wouldn’t mind a chat
i’m not some 4chan faggot, and I don’t like being lumped together with them.
The Observer tried to reach Gnosis through Mediaite and The Next Web. A representative for the group sent back word that they would consider making contact later in the week; they did not do so by press time.
For a technology company, Gawker did not handle the attack well. As far back as Nov. 11, according to the hackers, Mr. Denton suspected that his Campfire (internal chat) account had been “hacked,” as he put it. Tech staff at the company assured him that this wasn’t the case. Over the course of this past weekend, Gawker reacted slowly and even in a state of denial to a steady drip-drip-drip of events that indicated that a severe security breach had occurred.
“Fuck you gawker, hows this for ‘script kids’?” the hackers wrote to Mr. Denton Sunday. “Your empire has been compromised, Your servers, Your database’s, Online accounts and source code have all be ripped to shreds!”
THE BREACH OF trust–and the logistical nightmare of contacting 1.5 million users–is humiliating and harmful to Gawker in the short term, but not fatal. Ditto for the possibility that the hackers have up to four gigabytes of the Gawker newsroom’s internal chat logs. Staffers said those conversations would be embarrassing if made public, but few if any great secrets are traded there.
What truly terrifies the Gawker staff is that Sunday’s data dump was only the beginning of a WikiLeaks-style flood. In a juvenile and taunting timeline of their break-in, the intruders implied that they have had access to Mr. Denton’s email for more than a month, and it follows that any staffers who used the same password for both the Gawker blogging and email platforms have had their in-boxes monitored, too–and possibly even downloaded in their entirety. These are emails that contain stories in progress, the identities of anonymous sources and God knows what else.
“I’m confident they have his entire email,” one Gawker Media insider said of Mr. Denton. “I’m fairly confident they have my email.” For a journalist, it is a horrifying prospect.
“I’m focused on the vulnerability of commenters’ passwords,” Mr. Denton told The Observer. Humbled, he spent Monday in the Gawker commenting trenches, taking abuse from angry readers and explaining what the company was doing to fix the situation; he logged some 101 comments across the various Gawker sites by midnight.
The hack came just as Mr. Denton seemed to be transitioning from his flame-throwing years to more of a grown-up industry statesman role–though he would deny it–complete with a mainstream-certifying profile in The New Yorker.
“It’s a little hard to mellow the dark lord of the Internet,” said Jalopnik editor Ray Wert a few days before the hack, when The Observer asked how Mr. Denton had changed. “But Nick’s smiling a lot more. Meaning at least once a week.”
Something is different about Gawker Media’s writers, too. In late November, in a contemplative mood, Mr. Denton took to his Facebook page one Saturday afternoon in an attempt to capture this–in his way.
“The current cohort of Gawker Media writers seem much less conflicted than the Sicha-Lisanti-Cox-Leitch generation,” he mused. “Why is that? For the kids, maybe the literary or magazine career never seemed a possibility. For them, the New York intellectual life is a fading artifact rather than a personal dream that was painfully dashed.”
His Facebook friends had some thoughts.
“I can attest to this,” wrote Cody Brown. “When I started NYU Local, most students we interviewed for the site day-fantasized about a career at The New York Times or Vanity Fair after graduation. Oh, how this has changed in the past few years…”
“Maybe you’ve become a gentle, benign boss?” asked Sam Loewenberg, a freelance journalist.
“Or all the new Gawker writers work out their personal shit on Tumblr,” wrote Nick Douglas, a longtime Denton ankle-biter.
“Is this even accurate?” dot-com gadfly Rex Sorgatz wrote. “Foster and Pareene and nearly everyone from Jezebel seem counter-examples.”
“The decrease in lashings has helped,” wrote Richard Lawson, a staffer. “Food rations are up. We get to see sunlight for ten minutes every few blogging-modules.”
“I think it’s just nice to have a livable salary typing nonsense about politics,” wrote Jim Newell.
Mr. Newell is a second-time employee at Gawker–like Jezebel editor in chief Jessica Coen, Mr. Lawson and Mr. Cook. It’s true that others have left and returned to Gawker in the past (including Choire Sicha and Doree Shafrir), but there is a feeling among staff that the high-churn era is over–no more overnight firings, and even stay pay for staffers who get job offers from rival publications. Mr. Denton crows that many of his writers have spurned the employment advances of Rupert Murdoch’s iPad newspaper and other suitors; even the notoriously deep-pocketed Bloomberg News was unable to match the pay of one Gawker Media features editor.
Mr. Wert remembers years ago walking into the company’s old offices on Crosby Street for the first time and asking a young assistant what to do with some receipts he had. What was the reimbursement policy?
“The day in which we have an expense policy,” Mr. Kidder said in reply, “is the day in which we are dead.”
“Now, he was obviously kidding,” Mr. Wert remembered. “But it’s funny, because that was my first experience with Gawker on the ground, and now we have an expense policy, we have a leave policy, we have a travel policy, we have a gifts policy.”
Mr. Wert has even suggested to Mr. Denton the most unthinkable prospect of all: retirement.
“This was the big start of the push for the 401(k) plan,” Mr. Wert said. “I said, ‘Look, Nick, I’m willing to continue working here, but if you want me to see this as a place where I could retire from, then you’ve got to be able to put things in place that are going to allow us to have that opportunity.’”
Did Mr. Wert remember Mr. Denton’s reaction? Was he stricken? Aghast?
“Shocked. Stunned. Just sort of like–he’d never thought of that. But it’s not just me. I think there are others in the company who think of it the same way; they just might not be willing to express it.”
email@example.com | @nicksumm
Follow Nick Summers via RSS.