Hacks hacked: how the Sun reported Murdoch's "death"

Groups such as LulzSec have security teams on the run.

News yesterday that the Sun was hacked by LulzSec is just the latest in a long line of impressive hacks, but it again shows how hard it is to protect sites from such sustained, sophisticated attack.

LulzSec , a group of hackers which describes itself as, "a team of entertainment and security experts that specialise in the production of malicious comedic cybermaterials", managed to redirect visitors to the Sun's website yesterday evening to a hoax page falsely reporting that Rupert Murdoch had been found dead.

It's not the first time a major UK newspaper has been hacked. Last April the Daily Telegraph saw its site hacked, apparently by a group angered by that paper's identification of Romanians as "gypsies" (they added a comment to one of paper's web pages that read, "Guess what, gypsies aren't romanians, morons.")

LulzSec was linked to the hacking of Sony's PlayStation Network, a hack thought to be motivated by Sony's legal action against George Hotz for 'jailbreaking' the PlayStation 3 - bypassing the device's security software in order to enable users to run unauthorised software on it. LulzSec has not accepted responsibility for the PSN hack, but it has taken responsibility for hacking PBS' site and posting a news story saying that deceased rappers Tupac Shakur and Biggie Smalls were actually still alive and living in New Zealand.

Previous LulzSec victims include websites of the Brazilian Government, energy giant Petrobras, Nintendo, Fox.com and even a database of X Factor contestants.

So why are so many websites such easy pickings for groups like LulzSec and Anonymous? There are a number of factors at work. For one, these groups of hackers can draw on just as sophisticated programmers as you will find in the security team at a typical organisation. These are no amateurs.

But the big problem for website security is change. The security systems protecting a website may well be good enough today, but as administrators make changes to the website - adding new features and functionality, disabling old campaigns and so on - they need to be incredibly rigorous about ensuring that the same security technologies, processes and policies remain in place. With large IT teams working on increasingly complicated websites, and often drawing on a mixture of in-house and off-site contactor skills, the potential for an old server or new feature to lack the adequate security mechanisms is high.

It's thought in the case of the Sun's site, LulzSec was able to compromise a "retired" server, which then gave them access to other parts of the News International network. All they had to do then was insert a script into the Sun's homepage that redirected visitors to their hoax page.

It's unlikely this all happened in the space of a few minutes or even hours: it was reported that another hacker group, Anonymous, had been 'rattling the Sun's doorknobs' for at least a week - finding vulnerabilities that could be used in a later exploit.

As I've said before, right now, the bad guys are winning. Their sophisticated, prolonged attacks on carefully-chosen targets are nothing like the one-off, individually-perpetrated and largely opportunistic attacks that we used to see.

As Eric Howes, research manager at security technology lab GFI Labs said recently when I asked if he believes the "bad guys" are winning, "I would have to say the bad guys are doing pretty well for themselves. We hope to be able to turn that around, but I would hesitate to make a prediction as to exactly when."

Jason Stamper is NS technology correspondent and editor of Computer Business Review

Jason Stamper is editor of Computer Business Review

Getty
Show Hide image

A new German law wants to force mothers to reveal their child’s biological father

The so-called “milkmen’s kids law” would seek protection for men who feel they have been duped into raising children they believe are not biologically theirs – at the expense of women’s rights.

The German press call them “Kuckuckskinder”, which translates literally as “cuckoo children” – parasite offspring being raised by an unsuspecting innocent, alien creatures growing fat at the expense of the host species’ own kind. The British press have opted for the more Benny Hill-esque “milkmen’s kids”, prompting images of bored Seventies housewives answering the door in negligées before inviting Robin Asquith lookalikes up to their suburban boudoirs. Nine months later their henpecked husbands are presented with bawling brats and the poor sods remain none the wiser.

Neither image is particularly flattering to the children involved, but then who cares about them? This is a story about men, women and the redressing of a legal – or is it biological? – injustice. The children are incidental.

This week German Justice Minister Heiko Maas introduced a proposal aimed at to providing greater legal protection for “Scheinväter” – men who are duped into raising children whom they falsely believe to be biologically theirs. This is in response to a 2015 case in which Germany’s highest court ruled that a woman who had told her ex-husband that her child may have been conceived with another man could not be compelled to name the latter. This would, the court decided, be an infringement of the woman’s right to privacy. Nonetheless, the decision was seen to highlight the need for further legislation to clarify and strengthen the position of the Scheinvater.

Maas’ proposal, announced on Monday, examines the problem carefully and sensitively before merrily throwing a woman’s right to privacy out of the window. It would compel a woman to name every man she had sexual intercourse with during the time when her child may have been conceived. She would only have the right to remain silent in cases should there be serious reasons for her not to name the biological father (it would be for the court to decide whether a woman’s reasons were serious enough). It is not yet clear what form of punishment a woman would face were she not to name names (I’m thinking a scarlet letter would be in keeping with the classy, retro “man who was present at the moment of conception” wording). In cases where it did transpire that another man was a child’s biological father, he would be obliged to pay compensation to the man “duped” into supporting the child for up to two years.

It is not clear what happens thereafter. Perhaps the two men shake hands, pat each other on the back, maybe even share a beer or two. It is, after all, a kind of gentlemen’s agreement, a transaction which takes place over the heads of both mother and child once the latter’s paternity has been established. The “true” father compensates the “false” one for having maintained his property in his absence. In some cases there may be bitterness and resentment but perhaps in others one will witness a kind of honourable partnership. You can’t trust women, but DNA tests, money and your fellow man won’t let you down.

Even if it achieves nothing else, this proposal brings us right back to the heart of what patriarchy is all about: paternity and ownership. In April this year a German court ruled that men cannot be forced to take paternity tests by children who suspect them of being their fathers. It has to be their decision. Women, meanwhile, can only access abortion on demand in the first trimester of pregnancy, and even then counselling is mandatory (thereafter the approval of two doctors is required, similar to in the UK). One class of people can be forced to gestate and give birth; another can’t even be forced to take a DNA test. One class of people can be compelled to name any man whose sperm may have ventured beyond their cervix; another is allowed to have a body whose business is entirely its own. And yes, one can argue that forcing men to pay money for the raising of children evens up the score. Men have always argued that, but they’re wrong.

Individual men (sometimes) pay for the raising of individual children because the system we call patriarchy has chosen to make fatherhood about individual ownership. Women have little choice but to go along with this as long as men exploit our labour, restrict our access to material resources and threaten us with violence. We live in a world in which it is almost universally assumed that women “owe” individual men the reassurance that it was their precious sperm that impregnated us, lest we put ourselves and our offspring at risk of poverty and isolation. Rarely do any of us dare to protest. We pretend it is a fair deal, even that reproductive differences barely affect our lives at all. But the sex binary – the fact that sperm is not egg and egg is not sperm – affects all of us.

The original 2015 ruling got it right. The male demand for reassurance regarding paternity is an infringement of a woman’s right to privacy. Moreover, it is important to see this in the context of all the other ways in which men have sought to limit women’s sexual activity, freedom of movement and financial independence in order to ensure that children are truly “theirs”.  Anxiety over paternity is fundamentally linked to anxiety over female sexuality and women’s access to public space. Yet unless all women are kept under lock and key at all times, men will never, ever have the reassurance they crave. Even then, the abstract knowledge that you are the only person to have had the opportunity to impregnate a particular woman cannot rival the physical knowledge of gestation.

We have had millennia of pandering to men’s existential anxieties and treating all matters related to human reproduction, from sex to childbirth, as exceptional cases meaning women cannot have full human rights. Isn’t it about time we tried something new? How about understanding fatherhood not as winning gold in an Olympic sperm race, but as a contract endlessly renewed?

What each of us receives when a child is born is not a biological entity to do with as we choose. It is a relationship, with all of its complexities and risks. It is something worth contributing to and fighting for. Truly, if a man cannot understand that, then any money wasted on a Kuckuckskind – a living, breathing child he could get to know – has got to be the least of his worries. 

Glosswitch is a feminist mother of three who works in publishing.