This past weekend, Gawker Media was dealt a damaging blow when a group that calls itself Gnosis successfully hacked into Gawker's servers and thereafter released a torrent which contained Gawker's source code and a database containing 1.3 million Gawker commenters' usernames, e-mail addresses, and passwords, about a fifth of which Gnosis decrypted. Considering that many people use the same password for multiple web services, this is bad news; this morning, Twitter said that a wave of acai-related spam had been traced to accounts with emails hit by the Gawker leak. Gnosis also gained access to Gawker's content management system, publishing a taunting post with a link to the torrent on Pirate Bay. (Both the Gawker post and that particular Pirate Bay torrent have since been removed, although the data is out there now.) In the wake of the attack, Gawker has promised to "[bring] in an independent security firm to improve security across our entire infrastructure. Additionally, we will continue to work with independent auditors to ensure we maintain a reliable level of security, as well as the processes necessary to ensure we maintain a safe environment for our commenters." However, the attack has alarmed many of its readers, and should be alarming to most people who have transmitted their personal information over the Web. Perhaps even more alarming than the user database hack is the source code leak: Gawker is built on a proprietary, closed-source framework, which its proprietor Nick Denton says 'underpins his entire empire to this day.' Blogger Felix Salmon writes that Gawker Media is in the process of trying to transform into a technology company; this is a hard thing to do when your source code is thoroughly compromised. Geekosystem got in touch with members of Gnosis and discussed what the attacks meant for Gawker Media, web publishers, and everyone who shares unsecured information on the Internet:
Well, this gives the lie to the theory that Gizmodo's bombshell article about the leaked iPhone 4G a. was an Apple plant and b. would have no legal repercussions. Jason Chen, the Gizmodo editor who authored the piece and took apart the iPhone, which the site claims to have paid $5000 for after an Apple engineer supposedly lost it at a bar, had his house raided by California's Rapid Enforcement Allied Computer Team, who he says seized four of his computers and two servers, made him stand outside of his own house with his hands on his head, and tried to dredge up the source of the leaked iPhone.
The question is: Will Chen get the legal protection afforded to journalists, whose property cannot be confiscated by search warrant, or are bloggers unprotected?