Hacks hacked: how the Sun reported Murdoch's "death"

Groups such as LulzSec have security teams on the run.

News yesterday that the Sun was hacked by LulzSec is just the latest in a long line of impressive hacks, but it again shows how hard it is to protect sites from such sustained, sophisticated attack.

LulzSec , a group of hackers which describes itself as, "a team of entertainment and security experts that specialise in the production of malicious comedic cybermaterials", managed to redirect visitors to the Sun's website yesterday evening to a hoax page falsely reporting that Rupert Murdoch had been found dead.

It's not the first time a major UK newspaper has been hacked. Last April the Daily Telegraph saw its site hacked, apparently by a group angered by that paper's identification of Romanians as "gypsies" (they added a comment to one of paper's web pages that read, "Guess what, gypsies aren't romanians, morons.")

LulzSec was linked to the hacking of Sony's PlayStation Network, a hack thought to be motivated by Sony's legal action against George Hotz for 'jailbreaking' the PlayStation 3 - bypassing the device's security software in order to enable users to run unauthorised software on it. LulzSec has not accepted responsibility for the PSN hack, but it has taken responsibility for hacking PBS' site and posting a news story saying that deceased rappers Tupac Shakur and Biggie Smalls were actually still alive and living in New Zealand.

Previous LulzSec victims include websites of the Brazilian Government, energy giant Petrobras, Nintendo, Fox.com and even a database of X Factor contestants.

So why are so many websites such easy pickings for groups like LulzSec and Anonymous? There are a number of factors at work. For one, these groups of hackers can draw on just as sophisticated programmers as you will find in the security team at a typical organisation. These are no amateurs.

But the big problem for website security is change. The security systems protecting a website may well be good enough today, but as administrators make changes to the website - adding new features and functionality, disabling old campaigns and so on - they need to be incredibly rigorous about ensuring that the same security technologies, processes and policies remain in place. With large IT teams working on increasingly complicated websites, and often drawing on a mixture of in-house and off-site contactor skills, the potential for an old server or new feature to lack the adequate security mechanisms is high.

It's thought in the case of the Sun's site, LulzSec was able to compromise a "retired" server, which then gave them access to other parts of the News International network. All they had to do then was insert a script into the Sun's homepage that redirected visitors to their hoax page.

It's unlikely this all happened in the space of a few minutes or even hours: it was reported that another hacker group, Anonymous, had been 'rattling the Sun's doorknobs' for at least a week - finding vulnerabilities that could be used in a later exploit.

As I've said before, right now, the bad guys are winning. Their sophisticated, prolonged attacks on carefully-chosen targets are nothing like the one-off, individually-perpetrated and largely opportunistic attacks that we used to see.

As Eric Howes, research manager at security technology lab GFI Labs said recently when I asked if he believes the "bad guys" are winning, "I would have to say the bad guys are doing pretty well for themselves. We hope to be able to turn that around, but I would hesitate to make a prediction as to exactly when."

Jason Stamper is NS technology correspondent and editor of Computer Business Review

Jason Stamper is editor of Computer Business Review

Photo:Getty
Show Hide image

Labour is a pioneer in fighting sexism. That doesn't mean there's no sexism in Labour

While we campaign against misogyny, we must not fall into the trap of thinking Labour is above it; doing so lets women members down and puts the party in danger of not taking them seriously when they report incidents. 

I’m in the Labour party to fight for equality. I cheered when Labour announced that one of its three Budget tests was ensuring the burden of cuts didn’t fall on women. I celebrated the party’s record of winning rights for women on International Women’s Day. And I marched with Labour women to end male violence against women and girls.

I’m proud of the work we’re doing for women across the country. But, as the Labour party fights for me to feel safer in society, I still feel unsafe in the Labour party.

These problems are not unique to the Labour party; misogyny is everywhere in politics. You just have to look on Twitter to see women MPs – and any woman who speaks out – receiving rape and death threats. Women at political events are subject to threatening behaviour and sexual harassment. Sexism and violence against women at its heart is about power and control. And, as we all know, nowhere is power more highly-prized and sought-after than in politics.

While we campaign against misogyny, we must not fall into the trap of thinking Labour is above it; doing so lets women members down and puts the party in danger of not taking them seriously when they report incidents. 

The House of Commons’ women and equalities committee recently stated that political parties should have robust procedures in place to prevent intimidation, bullying or sexual harassment. The committee looked at this thanks to the work of Gavin Shuker, who has helped in taking up this issue since we first started highlighting it. Labour should follow this advice, put its values into action and change its structures and culture if we are to make our party safe for women.

We need thorough and enforced codes of conduct: online, offline and at all levels of the party, from branches to the parliamentary Labour party. These should be made clear to everyone upon joining, include reminders at the start of meetings and be up in every campaign office in the country.

Too many members – particularly new and young members – say they don’t know how to report incidents or what will happen if they do. This information should be given to all members, made easily available on the website and circulated to all local parties.

Too many people – including MPs and local party leaders – still say they wouldn’t know what to do if a local member told them they had been sexually harassed. All staff members and people in positions of responsibility should be given training, so they can support members and feel comfortable responding to issues.

Having a third party organisation or individual to deal with complaints of this nature would be a huge help too. Their contact details should be easy to find on the website. This organisation should, crucially, be independent of influence from elsewhere in the party. This would allow them to perform their role without political pressures or bias. We need a system that gives members confidence that they will be treated fairly, not one where members are worried about reporting incidents because the man in question holds power, has certain political allies or is a friend or colleague of the person you are supposed to complain to.

Giving this third party the resources and access they need to identify issues within our party and recommend further changes to the NEC would help to begin a continuous process of improving both our structures and culture.

Labour should champion a more open culture, where people feel able to report incidents and don't have to worry about ruining their career or facing political repercussions if they do so. Problems should not be brushed under the carpet. It takes bravery to admit your faults. But, until these problems are faced head-on, they will not go away.

Being the party of equality does not mean Labour is immune to misogyny and sexual harassment, but it does mean it should lead the way on tackling it.

Now is the time for Labour to practice what it preaches and prove it is serious about women’s equality.

Bex Bailey was on Labour’s national executive committee from 2014 to 2016.