Hacks hacked: how the Sun reported Murdoch's "death"

Groups such as LulzSec have security teams on the run.

News yesterday that the Sun was hacked by LulzSec is just the latest in a long line of impressive hacks, but it again shows how hard it is to protect sites from such sustained, sophisticated attack.

LulzSec , a group of hackers which describes itself as, "a team of entertainment and security experts that specialise in the production of malicious comedic cybermaterials", managed to redirect visitors to the Sun's website yesterday evening to a hoax page falsely reporting that Rupert Murdoch had been found dead.

It's not the first time a major UK newspaper has been hacked. Last April the Daily Telegraph saw its site hacked, apparently by a group angered by that paper's identification of Romanians as "gypsies" (they added a comment to one of paper's web pages that read, "Guess what, gypsies aren't romanians, morons.")

LulzSec was linked to the hacking of Sony's PlayStation Network, a hack thought to be motivated by Sony's legal action against George Hotz for 'jailbreaking' the PlayStation 3 - bypassing the device's security software in order to enable users to run unauthorised software on it. LulzSec has not accepted responsibility for the PSN hack, but it has taken responsibility for hacking PBS' site and posting a news story saying that deceased rappers Tupac Shakur and Biggie Smalls were actually still alive and living in New Zealand.

Previous LulzSec victims include websites of the Brazilian Government, energy giant Petrobras, Nintendo, Fox.com and even a database of X Factor contestants.

So why are so many websites such easy pickings for groups like LulzSec and Anonymous? There are a number of factors at work. For one, these groups of hackers can draw on just as sophisticated programmers as you will find in the security team at a typical organisation. These are no amateurs.

But the big problem for website security is change. The security systems protecting a website may well be good enough today, but as administrators make changes to the website - adding new features and functionality, disabling old campaigns and so on - they need to be incredibly rigorous about ensuring that the same security technologies, processes and policies remain in place. With large IT teams working on increasingly complicated websites, and often drawing on a mixture of in-house and off-site contactor skills, the potential for an old server or new feature to lack the adequate security mechanisms is high.

It's thought in the case of the Sun's site, LulzSec was able to compromise a "retired" server, which then gave them access to other parts of the News International network. All they had to do then was insert a script into the Sun's homepage that redirected visitors to their hoax page.

It's unlikely this all happened in the space of a few minutes or even hours: it was reported that another hacker group, Anonymous, had been 'rattling the Sun's doorknobs' for at least a week - finding vulnerabilities that could be used in a later exploit.

As I've said before, right now, the bad guys are winning. Their sophisticated, prolonged attacks on carefully-chosen targets are nothing like the one-off, individually-perpetrated and largely opportunistic attacks that we used to see.

As Eric Howes, research manager at security technology lab GFI Labs said recently when I asked if he believes the "bad guys" are winning, "I would have to say the bad guys are doing pretty well for themselves. We hope to be able to turn that around, but I would hesitate to make a prediction as to exactly when."

Jason Stamper is NS technology correspondent and editor of Computer Business Review

Jason Stamper is editor of Computer Business Review

Getty
Show Hide image

BHS is Theresa May’s big chance to reform capitalism – she’d better take it

Almost everyone is disgusted by the tale of BHS. 

Back in 2013, Theresa May gave a speech that might yet prove significant. In it, she declared: “Believing in free markets doesn’t mean we believe that anything goes.”

Capitalism wasn’t perfect, she continued: 

“Where it’s manifestly failing, where it’s losing public support, where it’s not helping to provide opportunity for all, we have to reform it.”

Three years on and just days into her premiership, May has the chance to be a reformist, thanks to one hell of an example of failing capitalism – BHS. 

The report from the Work and Pensions select committee was damning. Philip Green, the business tycoon, bought BHS and took more out than he put in. In a difficult environment, and without new investment, it began to bleed money. Green’s prize became a liability, and by 2014 he was desperate to get rid of it. He found a willing buyer, Paul Sutton, but the buyer had previously been convicted of fraud. So he sold it to Sutton’s former driver instead, for a quid. Yes, you read that right. He sold it to a crook’s driver for a quid.

This might all sound like a ludicrous but entertaining deal, if it wasn’t for the thousands of hapless BHS workers involved. One year later, the business collapsed, along with their job prospects. Not only that, but Green’s lack of attention to the pension fund meant their dreams of a comfortable retirement were now in jeopardy. 

The report called BHS “the unacceptable face of capitalism”. It concluded: 

"The truth is that a large proportion of those who have got rich or richer off the back of BHS are to blame. Sir Philip Green, Dominic Chappell and their respective directors, advisers and hangers-on are all culpable. 

“The tragedy is that those who have lost out are the ordinary employees and pensioners.”

May appears to agree. Her spokeswoman told journalists the PM would “look carefully” at policies to tackle “corporate irresponsibility”. 

She should take the opportunity.

Attempts to reshape capitalism are almost always blunted in practice. Corporations can make threats of their own. Think of Google’s sweetheart tax deals, banks’ excessive pay. Each time politicians tried to clamp down, there were threats of moving overseas. If the economy weakens in response to Brexit, the power to call the shots should tip more towards these companies. 

But this time, there will be few defenders of the BHS approach.

Firstly, the report's revelations about corporate governance damage many well-known brands, which are tarnished by association. Financial services firms will be just as keen as the public to avoid another BHS. Simon Walker, director general of the Institute of Directors, said that the circumstances of the collapse of BHS were “a blight on the reputation of British business”.

Secondly, the pensions issue will not go away. Neglected by Green until it was too late, the £571m hole in the BHS pension finances is extreme. But Tom McPhail from pensions firm Hargreaves Lansdown has warned there are thousands of other defined benefit schemes struggling with deficits. In the light of BHS, May has an opportunity to take an otherwise dusty issue – protections for workplace pensions - and place it top of the agenda. 

Thirdly, the BHS scandal is wreathed in the kind of opaque company structures loathed by voters on the left and right alike. The report found the Green family used private, offshore companies to direct the flow of money away from BHS, which made it in turn hard to investigate. The report stated: “These arrangements were designed to reduce tax bills. They have also had the effect of reducing levels of corporate transparency.”

BHS may have failed as a company, but its demise has succeeded in uniting the left and right. Trade unionists want more protection for workers; City boys are worried about their reputation; patriots mourn the death of a proud British company. May has a mandate to clean up capitalism - she should seize it.