Alternate Reality

Anatomy of the eSarcasm Attack

We talked to the hacker behind the eSarcasm document leak fiasco, and reveal the fiendishly clever tricks he used to expose the award-winning geek humor destination.

By (@tynanwrites)

July 20, 2009

The story you're about to read is not (entirely) true. It is, however, more accurate than most things on network television.

esarcasm world domination 4-croppedThe Web servers at were hacked last week, resulting in the exposure of dozens of confidential eSarcasm documents, eSarcasm has learned.

According to a post on the company’s official blog, a lone hacker gained access to confidential strategy memos, traffic and revenue run rates, meeting agendas, notes on a potential eSarcasm television show, and other documents, which he then distributed to a handful of disreputable news outlets.

To forestall extortion attempts, executives at eSarcasm elected to publish excerpts of the documents, which detail its executives’ obsession with Google’s Marissa Mayer, minutes from meetings with Beyonce and Vladimir Putin, and the company’s lofty ambition to become “the throbbing tumescent organ of the InterWebs.”

We have since been in contact with the attacker, known only by his handle “Mimsy Borogove,” about the techniques used to gain access to eSarcasm’s accounts. We withheld publishing these details until eSarcasm had a chance to plug its security holes, which involved changing a handful of passwords and a lot of juvenile jokes about “plugging holes.”

We will now reveal how the hack happened in painfully tedious detail, knowing that most of you have already stopped reading by now.

natasha3 (1)Using a combination of patience, determination, and a really convincing impersonation of Natasha Fatale from The Bullwinkle and Rocky Show, Mimsy gained access to a frightening number of accounts and services relating to eSarcasm employees, including Twitter, Facebook, WordPress, Bebo, gMail, FriendFeed, Digg, StumbleUpon, Fark, Plurk, Crush or Flush, Hot or Not, Adult Friend Finder, and several sites devoted to sex with ferrets.*

Employing fiendishly clever hackerish techniques, including calling us up and asking us, Mimsy quickly discovered eSarcasm employees use the same password (“RumpyPumpy”) for all of these sites. He then fucked around for a few hours Googling eSarcasm before he got around to actually accessing the company servers and downloading the documents. It was, like, no big deal.

Mimsy emphasized, however, that his hack was in no way related to the Twitter hack that caused all that fuss last week. Similarly, eSarcasm would like to clarify that this story is in no way related to the mind-numbing 3,891-word description of the Twitter hack published by TechCrunch yesterday, which we summarize thusly: Don’t be a dumbass.

* Those are all JR’s, I swear.

Get fresh geek humor delivered daily: RSS | E-Mail | Twitter