Hacks hacked: how the Sun reported Murdoch's "death"

Groups such as LulzSec have security teams on the run.

News yesterday that the Sun was hacked by LulzSec is just the latest in a long line of impressive hacks, but it again shows how hard it is to protect sites from such sustained, sophisticated attack.

LulzSec , a group of hackers which describes itself as, "a team of entertainment and security experts that specialise in the production of malicious comedic cybermaterials", managed to redirect visitors to the Sun's website yesterday evening to a hoax page falsely reporting that Rupert Murdoch had been found dead.

It's not the first time a major UK newspaper has been hacked. Last April the Daily Telegraph saw its site hacked, apparently by a group angered by that paper's identification of Romanians as "gypsies" (they added a comment to one of paper's web pages that read, "Guess what, gypsies aren't romanians, morons.")

LulzSec was linked to the hacking of Sony's PlayStation Network, a hack thought to be motivated by Sony's legal action against George Hotz for 'jailbreaking' the PlayStation 3 - bypassing the device's security software in order to enable users to run unauthorised software on it. LulzSec has not accepted responsibility for the PSN hack, but it has taken responsibility for hacking PBS' site and posting a news story saying that deceased rappers Tupac Shakur and Biggie Smalls were actually still alive and living in New Zealand.

Previous LulzSec victims include websites of the Brazilian Government, energy giant Petrobras, Nintendo, Fox.com and even a database of X Factor contestants.

So why are so many websites such easy pickings for groups like LulzSec and Anonymous? There are a number of factors at work. For one, these groups of hackers can draw on just as sophisticated programmers as you will find in the security team at a typical organisation. These are no amateurs.

But the big problem for website security is change. The security systems protecting a website may well be good enough today, but as administrators make changes to the website - adding new features and functionality, disabling old campaigns and so on - they need to be incredibly rigorous about ensuring that the same security technologies, processes and policies remain in place. With large IT teams working on increasingly complicated websites, and often drawing on a mixture of in-house and off-site contactor skills, the potential for an old server or new feature to lack the adequate security mechanisms is high.

It's thought in the case of the Sun's site, LulzSec was able to compromise a "retired" server, which then gave them access to other parts of the News International network. All they had to do then was insert a script into the Sun's homepage that redirected visitors to their hoax page.

It's unlikely this all happened in the space of a few minutes or even hours: it was reported that another hacker group, Anonymous, had been 'rattling the Sun's doorknobs' for at least a week - finding vulnerabilities that could be used in a later exploit.

As I've said before, right now, the bad guys are winning. Their sophisticated, prolonged attacks on carefully-chosen targets are nothing like the one-off, individually-perpetrated and largely opportunistic attacks that we used to see.

As Eric Howes, research manager at security technology lab GFI Labs said recently when I asked if he believes the "bad guys" are winning, "I would have to say the bad guys are doing pretty well for themselves. We hope to be able to turn that around, but I would hesitate to make a prediction as to exactly when."

Jason Stamper is NS technology correspondent and editor of Computer Business Review

Jason Stamper is editor of Computer Business Review

Show Hide image

It's Gary Lineker 1, the Sun 0

The football hero has found himself at the heart of a Twitter storm over the refugee children debate.

The Mole wonders what sort of topsy-turvy universe we now live in where Gary Lineker is suddenly being called a “political activist” by a Conservative MP? Our favourite big-eared football pundit has found himself in a war of words with the Sun newspaper after wading into the controversy over the age of the refugee children granted entry into Britain from Calais.

Pictures published earlier this week in the right-wing press prompted speculation over the migrants' “true age”, and a Tory MP even went as far as suggesting that these children should have their age verified by dental X-rays. All of which leaves your poor Mole with a deeply furrowed brow. But luckily the British Dental Association was on hand to condemn the idea as unethical, inaccurate and inappropriate. Phew. Thank God for dentists.

Back to old Big Ears, sorry, Saint Gary, who on Wednesday tweeted his outrage over the Murdoch-owned newspaper’s scaremongering coverage of the story. He smacked down the ex-English Defence League leader, Tommy Robinson, in a single tweet, calling him a “racist idiot”, and went on to defend his right to express his opinions freely on his feed.

The Sun hit back in traditional form, calling for Lineker to be ousted from his job as host of the BBC’s Match of the Day. The headline they chose? “Out on his ears”, of course, referring to the sporting hero’s most notable assets. In the article, the tabloid lays into Lineker, branding him a “leftie luvvie” and “jug-eared”. The article attacked him for describing those querying the age of the young migrants as “hideously racist” and suggested he had breached BBC guidelines on impartiality.

All of which has prompted calls for a boycott of the Sun and an outpouring of support for Lineker on Twitter. His fellow football hero Stan Collymore waded in, tweeting that he was on “Team Lineker”. Leading the charge against the Murdoch-owned title was the close ally of Labour leader Jeremy Corbyn and former Channel 4 News economics editor, Paul Mason, who tweeted:

Lineker, who is not accustomed to finding himself at the centre of such highly politicised arguments on social media, responded with typical good humour, saying he had received a bit of a “spanking”.

All of which leaves the Mole with renewed respect for Lineker and an uncharacteristic desire to watch this weekend’s Match of the Day to see if any trace of his new activist persona might surface.


I'm a mole, innit.