The Sun Newspaper – Hacked?

According to a tweet by “AnonymouSabu” – apparently a hacker collective on twitter – the website of the Sun news paper has been hacked. The slightly more famous hacker collective called LulzSec have also tweeted the news and at the moment it isnt clear who is responsible.

Currently, when you visit the the Sun’s website – http://www.thesun.co.uk/sol/homepage/– triggers an automatic redirect to a mockup page at http://www.new-times.co.uk/sun/ which has a banner headline reading “Media moguls body discovered” and an apparently made up article claiming Rupert Murdoch has been found dead.

Several high profile hacker groups have declared what is effectively open season on Rupert Murdoch and News International following the uncovering of the activities of its journalists and, apparently, how easily it managed to subvert members of the police and government to assist them.

This is a screenshot of the redirect page:

Screenshot of the site the Sun homepage redirects to.
Screenshot of the site the Sun homepage redirects to at 2140hrs (GMT) today.

This seems to be the result of some fairly simple exploits and it is a shame that the Sun / News Corp security hadnt anticipated the effects of their raised profile.

*EDIT – UPDATE*

As at 2215hrs (GMT) the Sun’s home page now redirects to LulzSec’s twitter stream. Based on the available information it appears that LulzSec took advantage of a vulnerability in the server operating system hosting the Sun’s website and inserted a bit of code to redirect the pages. The previous site (www.new-times.co.uk) appears to have been reconfigured by the admins to stop hosting the defaced pages.

This kind of implies that LulzSec still have access to whatever hole they have exploited to create the redirect but no longer have control over the original target site.

Halkyn Security

Halkyn Security Consultants.