While the website Gawker has been telling the world + dog that it discovered that its content management system was hacked for few days, sources close to the hackers say that it was more like six months.
Gawker hit the headlines when millions of personal details and passwords were leaked to hackers and spammers.
At the time Thomas Plunkett, Gawker’s chief technology officer, in which he suggested that the hackers only had access “briefly” to the site.
According to the Guardian, Gawker chief Nick Denton had the same password for Gawker and for other sites such as Campfire, used by his company to coordinate its work. Guessing that one allowed them to access those sites and find sensitive details including chats between members of the company.
The Guardian has been chatting to members of the hacking group Gnosis, which carried out the attack. They said they broke into Gawker’s server by using a “local file inclusion” (LFI) weakness.
The flaw was found six months ago, and Campfire access came after the administrator database for the CMS was cracked.
Gawker Media was hit because Denton and the staff miffed 4Chan. Gnosis has links to 4Chan and the Anonymous group.
The Guardian seems to think that the Gnosis attack was not short-term and took a while. They had full access for at least a month.
This makes Gawker’s initial public statement that it was not compromised look a bit shaky. Either they were lying or they were had not spotted Gnosis members and their tools sitting in the system.
Once inside, they examined the files, including the “Ganja” software that runs the content management system and raided the password file.
After auditing and finding exploits in Ganja they were able to achieve remote SSH access to Gawker’s servers, which were promptly backdoored. Then the whole lot belonged to them.
They cracked more than 250,000 of the passwords, which had been encrypted using a system called MD5 DES thanks to the fact that most people used daft passwords.