THE NINJA PIRATE HACKTIVIST GROUP Lulzsec planned its attack against The Sun and News International for the past two weeks, during which time its members searched for a point of entry into the company's network.
The Guardian reports that hackers associated with Anonymous and Lulzsec began probing News International's web sites for vulnerabilities around two weeks ago.
Lulzsec likely launched the hacking operation after news broke that News of the World (NOTW) reporters hacked into the voicemail of murder victims and their family members.
The hacker group apparently had two goals - to gain access to the now defunct tabloid's email archives and to post a fake story on The Sun web site, which eventually it did.
According to The Guardian, a blind SQL injection vulnerability that had been patched on The Sun web site back in 2009 was identified on www.new-times.co.uk, one of News International's older web sites.
The theory that the hackers had been working towards this compromise for a while is partially supported by Lulzsec's comments on Twitter. "So remember that secret pastebin operation... well... new-times.co.uk/sun/ This is only the beginning," the hackers wrote.
This was actually the group's first comment about the hack and it pointed people to a web page that mimicked The Sun website and contained a fake story about Rupert Murdoch's death.
The hackers later obtained access to the server hosting the actual Sun website by exploiting a local file inclusion vulnerability. Rogue Javascript code was then injected into The Sun's home page in order to redirect visitors to the fake story at new-times.co.uk.
After the compromised New Times web site was taken down by News International's webmasters, Lulzsec modified the rogue code to redirect visitors to its own Twitter feed.
The hacking outfit warned that its hacking campaign against News International is not over. "We have owned Sun/News of the World - that story is simply phase 1 - expect the lulz to flow in coming days," the hackers said.
This warning might be connected to the operation's second goal of exposing the company's internal emails. Various Anonymous members, including alleged Lulzsec leader Sabu, posted the email addresses and hashed passwords of several News International employees on Twitter.
The MD5 hashes are salted - a technique meant to increase their strength - but the hackers also published the secret words used as 'salts'. This makes it trivial to recover the passwords.
In the case of Rebekah Brooks, the former News International CEO who resigned last Friday and was subsequently arrested on Sunday in connection with the News of the World phone hacking probe, the hackers published her password directly in plain text. British programmer and IT entrepreneur John Graham-Cumming points out on his blog that the password is actually the phone number for The Sun's news tip line.
"Of course, it's possible that she didn't pick the password and that someone set it for her. But whether it was her, or an administrator it's a stunningly bad password if this release by LulzSec is real," Graham-Cumming said.
Lulzsec also exposed the hashed password and corresponding salt of former News of the World managing editor Bill Akass. Sabu calls out "real journalists" to prove themselves and expose "Murdoch's corrupt and crumbling empire". This is possibly a hint that Lulzsec plans to release more material for them to sift through soon.
0 comments:
Post a Comment