Govt Gawker users now Payback targets?

Govt Gawker users now Payback targets?

Summary: Australian government agencies are among the victims of an attack on media site Gawker.com in which 1.3 million usernames and passwords, along with sensitive information on the company, were hacked, stolen, and dumped for download on infamous torrent site The Pirate Bay.

SHARE:
TOPICS: Security
0

Employees at Australian government agencies were among the victims of an attack on media site Gawker.com in which 1.3 million usernames and passwords, along with sensitive information on the company, were hacked, stolen and dumped for download on infamous torrent site The Pirate Bay.

Human target

(Target image by Arnod Alam, CC BY-SA 2.0)

The retaliatory attack from a group dubbed Gnosis stole details from readers of Lifehacker, Gizmodo and Kotaku, and also exposed Gawker.com's content management system and Twitter account.

The attack was the latest in a long-running dispute between the publication and 4chan users. Tensions flared after the users famously attacked 11-year-old girl Jessie Slaughter through a series of defamatory online postings and abusive telephone calls. Gawker.com denounced the attacks, prompting 4chan users to launch a failed denial-of-service (DoS) attack against the website.

Gawker.com then labelled 4chan users, some of which form the Gnosis group, as "script kiddies", implying they were novice in their attack.

"Previous attacks against the [Gawker.com] were mocked, so we came along and raised the bar a little. **** you Gawker, hows [sic] this for 'script kids'?" Gnosis wrote in a text file accompanying a Gawker.com BitTorrent file containing the stolen email details.

Now the exposed government contacts may be used for future DoS attacks by members of Anonymous, according to PBS News.

PBS News obtained a transcript of online discussions that implied that any government addresses were parsed separately from the other accounts because of apparent plans to use the details to later compromise government systems.

Usernames, email addresses and Gawker.com passwords were posted for Australian government employees from federal agencies including the Department of Defence, the Department of Immigration, the Department of Education, the Department of Veteran Affairs and ComCare.

Also listed were state government employees from the South Australian and NSW Health departments, the South Australian Attorney-General's Department, the Victorian and Tasmanian education departments, Western Australia's LegalAid, Tourism Tasmania, the Australian Museum, the Powerhouse Museum, as well as NSW's Waverley and Sydney City councils.

These agencies could be compromised if staff have reused their work account passwords as Gawker.com passwords, which have now been exposed, allowing criminals to gain access to systems.

To this end, Gawker.com has warned readers to change their various account passwords.

"Our user databases appear to have been compromised. The passwords were encrypted. But simple ones may be vulnerable to a brute-force attack. You should change your Gawker password and on any other sites on which you've used the same passwords."

Other exposed Gawker.com email addresses pointed to users holding accounts with Australian internet service providers including TPG, iiNet, Internode, Telstra and Optus.

Topic: Security

Darren Pauli

About Darren Pauli

Darren Pauli has been writing about technology for almost five years, he covers a gamut of news with a special focus on security, keeping readers informed about the world of cyber criminals and the safety measures needed to thwart them.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion