Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

7/19/2011
02:45 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Murdoch's Sun Newspaper Hacked In The Name Of LulzSec

FBI, meanwhile, arrests 14 'Anonymous' hacker suspects as LulzSec comes out of 'retirement'

They're baaack, although they never really left: The LulzSec spin-off of the hacking group Anonymous has claimed responsibility for a high-profile hack of the website of Rupert Murdoch's tabloid newspaper "The Sun." LulzSec also promised to post online emails it stole from News International.

Late yesterday, LulzSec declared via its Twitter account that it had "owned Sun/News of the World," with the website displaying a phony front page story on The Sun's website that read, "Media moguls body discovered." The group also redirected the site's visitors to its Twitter feed and leaked the mobile phone numbers of three News International officials.

Meanwhile, the FBI today announced that it has arrested 14 suspected members of Anonymous from Alabama, Arizona, California, Colorado, the District of Columbia, Florida, Massachusetts, Nevada, New Mexico, and Ohio, in hacking allegations against PayPal's website. The distributed denial-of-service (DDoS) attacks on PayPal were waged by Anonymous in the wake of the WikiLeaks scandal.

The FBI also arrested two other individuals for other hacking charges, and conducted raids at the homes of three suspects in New York.

The agents removed a laptop from the home of Giordani Jordan in Baldwin, N.Y., and then raided homes in Long Island and Brooklyn, according to an earlier report by Fox. According to the report, Jordan's computer had allegedly been used in DDoS attacks against multiple companies.

But given the loose affiliations and multiple splinter and spin-off groups of Anonymous, the reported arrests won't likely stop the hacktivist attacks anytime soon, security experts say. "The larger question is whether the ideas and tactics will continue fresh in the mind of other aspiring “hacktivists”, or whether this will have a cooling off effect on this, and other efforts," said Cameron Camp, an ESET researcher today in a blog post.

And experts say the busts are likely lower-level participants in Anonymous. "It is likely that the suspected Anonymous members were no more than foot soldiers in the larger Anonymous battle," says Andrew Herlands, director of security strategy for Application Security Inc. "It’s likely that the people arrested are merely pawns, and while they may be made an example of, their arrest will likely have little to no short term impact on the hacktivist attacks."

LulzSec late last month said it was signing off after 50 days of publicly wreaking havoc on a wide range of victims, from Sony to the CIA. The group then basically joined forces under the AntiSec umbrella with Anonymous and its other spin-off hacking groups. Researchers say it's the same hackers, swapping different banners.

"This was the work of Lulz Security, dear media. We would like to give a shout-out to our bros at @AnonymousIRC though, we love those guys!" LulzSec tweeted yesterday in the wake of The Sun website hack.

According to a report today in The Guardian, the hackers discovered a hole in a Solaris server for News International's smaller or less-important articles. They then exploited a local file inclusion flaw to take over the server, the article said.

News International, the British subsidiary of News Corp., is embroiled in a phone hacking scandal at its now-defunct News of The World newspaper. The case spans Murdoch's businesses, police officials, and politicians.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Where Are the 'Great Exits' in the Data Security Market?
Dave Cole, Cofounder and CEO, Open Raven,  10/13/2020
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
US Counterintelligence Director & Fmr. Europol Leader Talk Election Security
Kelly Sheridan, Staff Editor, Dark Reading,  10/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4564
PUBLISHED: 2020-10-20
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 and IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea...
CVE-2020-4748
PUBLISHED: 2020-10-20
IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188517.
CVE-2020-4749
PUBLISHED: 2020-10-20
IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link ...
CVE-2020-4755
PUBLISHED: 2020-10-20
IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188595.
CVE-2020-4756
PUBLISHED: 2020-10-20
IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. IBM X-For...