The Sun website was hacked last night with redirects made to the LulzSec Twitter page and a fake homepage claiming the suicide of Rupert Murdoch.
LulzSec, that announced its end of action a month ago, claimed responsibility, saying that it had ‘owned The Sun/News of the World' and told its Twitter followers that this was the first phase of the story and to ‘expect the lulz to flow in coming days'. At around 11pm last night, visitors to The Sun homepage were redirected to a page at new-times.co.uk, a domain that now redirects to News International.
LulzSec said: “The Sun's homepage now redirects to the Murdoch death story on the recently-owned New Times website. Can you spell success, gentlemen?”
Eventually there were so many redirects that the page was unavailable, leading to The Sun homepage redirecting to the LulzSec Twitter feed. LulzSec said: “Within 30 minutes, pages are overloading, things are crashing! We are working our way through the cracks right now. Stay tuned for more.”
It followed this saying: “This is just as fun on the inside. We are battling with The Sun admins right now, I think they are losing.” It later began tweeting usernames, email addresses and passwords, although these appear to have been removed. However one tweet remains containing mobile phone numbers.
LulzSec said: “Arrest us. We dare you. We are the unstoppable hacking generation and you are a wasted old sack of s***, Murdoch. Row row fight the power!
“I know we quit, but we couldn't sit by with our wine watching this walnut-faced Murdoch clowning around.” Hacktivism group Anonymous also claimed that the website for Murdoch-owned broadsheet The Times was taken down, but at the time of writing this was online, as were the websites of The Sun and News International.
John Stock, senior security consultant at Outpost24, said: “Given the huge media frenzy surrounding today's impending Common's committee meeting and News International's fate, this latest breach by LulzSec couldn't have come at a worse time for the beleaguered organisation.
“This is the latest breach by LulzSec of a large organisation, with Sony and Nintendo previous targets. The hacking group has, however, now turned its attention to focus directly on Rupert Murdoch with the sinister warning ‘you are next'.
“For an organisation that has relied on exclusives and scoops, you would have thought that News International would have had tighter security measures in place to protect itself from this latest line of attack. Website hacks are becoming an all too frequent occurrence, and unless organisations start taking this problem more seriously, we will continue to witness the dire consequences of a failure to truly lock down all systems.”
Russell Poole, security director at 2e2, said: “Any organisation whose business is heavily reliant on their websites should be reviewing their security policies and procedures and carrying out further penetration testing to evaluate the potential risks they face.”
Nick Lowe, Check Point's head of sales for Western Europe, said: “Vulnerabilities on web servers can easily be overlooked and remain unpatched, but there also needs to be layers of security behind those web servers to protect content management systems, email archives and other live systems.
“An intrusion prevention system (IPS) would have alerted IT teams and stopped the attack immediately and encryption would protect sensitive content such as emails from being stolen and used by hackers.
“Without these additional security layers, an organisation is completely vulnerable if a malicious party should breach its perimeter defences. If the hackers really have been able to access News International email archives and later release them, the impact could be enormous.”