Hacks hacked: how the Sun reported Murdoch's "death"

Groups such as LulzSec have security teams on the run.

News yesterday that the Sun was hacked by LulzSec is just the latest in a long line of impressive hacks, but it again shows how hard it is to protect sites from such sustained, sophisticated attack.

LulzSec , a group of hackers which describes itself as, "a team of entertainment and security experts that specialise in the production of malicious comedic cybermaterials", managed to redirect visitors to the Sun's website yesterday evening to a hoax page falsely reporting that Rupert Murdoch had been found dead.

It's not the first time a major UK newspaper has been hacked. Last April the Daily Telegraph saw its site hacked, apparently by a group angered by that paper's identification of Romanians as "gypsies" (they added a comment to one of paper's web pages that read, "Guess what, gypsies aren't romanians, morons.")

LulzSec was linked to the hacking of Sony's PlayStation Network, a hack thought to be motivated by Sony's legal action against George Hotz for 'jailbreaking' the PlayStation 3 - bypassing the device's security software in order to enable users to run unauthorised software on it. LulzSec has not accepted responsibility for the PSN hack, but it has taken responsibility for hacking PBS' site and posting a news story saying that deceased rappers Tupac Shakur and Biggie Smalls were actually still alive and living in New Zealand.

Previous LulzSec victims include websites of the Brazilian Government, energy giant Petrobras, Nintendo, Fox.com and even a database of X Factor contestants.

So why are so many websites such easy pickings for groups like LulzSec and Anonymous? There are a number of factors at work. For one, these groups of hackers can draw on just as sophisticated programmers as you will find in the security team at a typical organisation. These are no amateurs.

But the big problem for website security is change. The security systems protecting a website may well be good enough today, but as administrators make changes to the website - adding new features and functionality, disabling old campaigns and so on - they need to be incredibly rigorous about ensuring that the same security technologies, processes and policies remain in place. With large IT teams working on increasingly complicated websites, and often drawing on a mixture of in-house and off-site contactor skills, the potential for an old server or new feature to lack the adequate security mechanisms is high.

It's thought in the case of the Sun's site, LulzSec was able to compromise a "retired" server, which then gave them access to other parts of the News International network. All they had to do then was insert a script into the Sun's homepage that redirected visitors to their hoax page.

It's unlikely this all happened in the space of a few minutes or even hours: it was reported that another hacker group, Anonymous, had been 'rattling the Sun's doorknobs' for at least a week - finding vulnerabilities that could be used in a later exploit.

As I've said before, right now, the bad guys are winning. Their sophisticated, prolonged attacks on carefully-chosen targets are nothing like the one-off, individually-perpetrated and largely opportunistic attacks that we used to see.

As Eric Howes, research manager at security technology lab GFI Labs said recently when I asked if he believes the "bad guys" are winning, "I would have to say the bad guys are doing pretty well for themselves. We hope to be able to turn that around, but I would hesitate to make a prediction as to exactly when."

Jason Stamper is NS technology correspondent and editor of Computer Business Review

Jason Stamper is editor of Computer Business Review

Photo: Getty
Show Hide image

Who will win in Stoke-on-Trent?

Labour are the favourites, but they could fall victim to a shock in the Midlands constituency.  

The resignation of Tristram Hunt as MP for Stoke-on-Central has triggered a by-election in the safe Labour seat of Stoke on Trent Central. That had Westminster speculating about the possibility of a victory for Ukip, which only intensified once Paul Nuttall, the party’s leader, was installed as the candidate.

If Nuttall’s message that the Labour Party has lost touch with its small-town and post-industrial heartlands is going to pay dividends at the ballot box, there can hardly be a better set of circumstances than this: the sitting MP has quit to take up a well-paid job in London, and although  the overwhelming majority of Labour MPs voted to block Brexit, the well-advertised divisions in that party over the vote should help Ukip.

But Labour started with a solid lead – it is always more useful to talk about percentages, not raw vote totals – of 16 points in 2015, with the two parties of the right effectively tied in second and third place. Just 33 votes separated Ukip in second from the third-placed Conservatives.

There was a possible – but narrow – path to victory for Ukip that involved swallowing up the Conservative vote, while Labour shed votes in three directions: to the Liberal Democrats, to Ukip, and to abstention.

But as I wrote at the start of the contest, Ukip were, in my view, overwritten in their chances of winning the seat. We talk a lot about Labour’s problem appealing to “aspirational” voters in Westminster, but less covered, and equally important, is Ukip’s aspiration problem.

For some people, a vote for Ukip is effectively a declaration that you live in a dump. You can have an interesting debate about whether it was particularly sympathetic of Ken Clarke to brand that party’s voters as “elderly male people who have had disappointing lives”, but that view is not just confined to pro-European Conservatives. A great number of people, in Stoke and elsewhere, who are sympathetic to Ukip’s positions on immigration, international development and the European Union also think that voting Ukip is for losers.

That always made making inroads into the Conservative vote harder than it looks. At the risk of looking very, very foolish in six days time, I found it difficult to imagine why Tory voters in Hanley would take the risk of voting Ukip. As I wrote when Nuttall announced his candidacy, the Conservatives were, in my view, a bigger threat to Labour than Ukip.

Under Theresa May, almost every move the party has made has been designed around making inroads into the Ukip vote and that part of the Labour vote that is sympathetic to Ukip. If the polls are to be believed, she’s succeeding nationally, though even on current polling, the Conservatives wouldn’t have enough to take Stoke on Trent Central.

Now Theresa May has made a visit to the constituency. Well, seeing as the government has a comfortable majority in the House of Commons, it’s not as if the Prime Minister needs to find time to visit the seat, particularly when there is another, easier battle down the road in the shape of the West Midlands mayoral election.

But one thing is certain: the Conservatives wouldn’t be sending May down if they thought that they were going to do worse than they did in 2015.

Parties can be wrong of course. The Conservatives knew that they had found a vulnerable spot in the last election as far as a Labour deal with the SNP was concerned. They thought that vulnerable spot was worth 15 to 20 seats. They gained 27 from the Liberal Democrats and a further eight from Labour.  Labour knew they would underperform public expectations and thought they’d end up with around 260 to 280 seats. They ended up with 232.

Nevertheless, Theresa May wouldn’t be coming down to Stoke if CCHQ thought that four days later, her party was going to finish fourth. And if the Conservatives don’t collapse, anyone betting on Ukip is liable to lose their shirt. 

Stephen Bush is special correspondent at the New Statesman. His daily briefing, Morning Call, provides a quick and essential guide to British politics.