Hate Group ‘GNAA’ Uses Worm to Deface Tumblr Blogs

An incredibly fast-moving worm has taken down a large number of Tumblr-hosted blogs, including USA Today, Reuters, The Verge and CNET blogs.

A group calling itself GNAA (an acronym for a whole bunch of hateful language; Google it if you want to know) says it took down 8,600 Tumblr blogs. The number hasn’t been independently verified, but it is safe to say the worm hit a large number of sites.

The following image (without the scrubbed-red text) was used to deface all the sites:

The attack moved so fast, according to Sophos’s Naked Security blog, because:

“[T]he worm took advantage of Tumblr’s reblogging feature, meaning that anyone who was logged into Tumblr would automatically reblog the infectious post if they visited one of the offending pages. Each affected post had some malicious code embedded inside them. If you were not logged into Tumblr when your browser visited the url, it would simply redirect you to the standard login page. However, if your computer was logged into Tumblr, it would result in the GNAA content being reblogged on your own Tumblr. It shouldn’t have been possible for someone to post such malicious JavaScript into a Tumblr post – our assumption is that the attackers managed to skirt around Tumblr’s defences by disguising their code through Base 64 encoding and embedding it in a data URI.”

An alleged representative of the group told Gawker the attack was an attempt to alert Tumblr management to what is clearly a significant security problem:

“We contacted Tumblr about this weeks ago and nothing came of it. This was a serious issue that needed to be fixed. Someone would have done a lot worse than just posting a message over and over if they didn’t fix it right away…”

Given the juvenile name of the group it is difficult to think this action really stemmed from a desire to do good. If it weren’t for all the hate, I would almost appreciate the crazed, anarchic language in the GNAA post

“YOU EMO, SELF-INSISTING, SELF-DEPRECATING, SELF-INDULGENT EMPTY HUSKS OF HUMAN BEINGS. REPEAT AFTER ME: I WISH I WAS PROFOUND, BUT I’M NOT! I WISH I WAS ORIGINAL, BUT I’M NOT!”

There’s definitely room for some good, free-form, peculiar, ad hominem street-theater type attacks on the Internet. Unfortunately, GNAA skipped the “good” part.