Tumblr Hacked

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Hacker group GNAA recently targeted Tumblr with a worm designed to deface users' Tumblr pages.

"The self-replicating software that quickly propagated across the site added new Tumblr entries to an untold number of user accounts," writes Computerworld's Joab Jackson. "It also threatened to remove all of a user's content if the offending posts were removed."

"It appears that the worm took advantage of Tumblr's reblogging feature, meaning that anyone who was logged into Tumblr would automatically reblog the infectious post if they visited one of the offending pages," writes Sophos' Graham Cluley.

"A coding tag contained in the post linked to malicious code on another website," writes Ars Technica's Dan Goodin. "The JavaScript exploit, which was included in an iframe tag that pointed to an outside website, used what is known as base-64 encoding. It's a technique that ... uses printable ASCII characters to represent large chunks of binary data and has the benefit of making it harder to know exactly how a script will behave when executed."

"The fake post in question was created by a group that goes by the name Gay N***er Assocation of America (GNAA), which is described by Wikipedia as 'an anti-blogging Internet-trolling organization,'" writes PCMag.com's Chloe Albanesius. "The fake post criticized Tumblr for the 'propagation of the most f**king worthless, contrived, bourgeoisie, self-congratulating and decadent bulls**t the Internet has ever had the misfortune of facilitating.' It goes on to accuse Tumblr users of being unoriginal, among other things, before suggesting that they kill themselves."

"In 2007, the GNAA hacked the Obama campaign's social network and created a parody site that claimed Jewish people were behind 9/11, which CNN erroneously reported as real," writes The Guardian's Amanda Holpuch. "GNAA recently convinced several media outlets that people were organizing looting on Twitter during hurricane Sandy with the hashtag #Sandylootcrew. In November, the group launched an attack on male My Little Pony fans with a "War on Bronies"."

In an e-mail interview with Gawker's Adrian Chen, a GNAA spokesman claimed the group had contacted Tumblr about the exploit two weeks ago. "We used the 'can't find what you're looking for' link at the bottom of the email troubleshooting page," he said. "They never got back to us."