News International sites taken down in LulzSec attack

The hacker group LulzSec launched a major attack on the web properties of News International on Monday night, redirecting visitors to a fake story about Rupert Murdoch's death and bringing down high-profile sites.

The hacker group LulzSec launched a major attack on the web properties of News International on Monday night, redirecting visitors to a fake story about Rupert Murdoch's death. Screenshot: ZDNet.com

The attack first surfaced when people trying to visit the website of the company's biggest UK tabloid, The Sun, found a mock-up of the site incorrectly reporting the death by palladium ingestion of Murdoch, the chief executive of News International's parent company, News Corporation. LulzSec, which said less than a month ago that it had disbanded, swiftly claimed responsibility on its Twitter feed.

We have owned Sun/News of the World — that story is simply phase 1 — expect the lulz to flow in coming days.

– LulzSec

Once visitors to The Sun's site had seen the fake Murdoch story, they were then redirected to the LulzSec Twitter feed. Among subsequent posts on that feed, the hacker group claimed to have brought down News International's DNS servers and 1,024 web addresses. At the time of writing on Tuesday morning, the websites of The Sun, The Times and The Sunday Times appeared to be back up and running.

"We have owned Sun/News of the World — that story is simply phase 1 — expect the lulz to flow in coming days," another of LulzSec's tweets read. Meanwhile, Sabu — a member of LulzSec and of partner hacking group Anonymous — tweeted that the hackers had also managed to get News International "emails" during the attack.

It is not clear whether the hackers have the emails themselves or just email account details, as Sabu also tweeted old account details for Rebekah Brooks, the former editor of both The Sun and the News of the World, the paper at the heart of the recent phone-hacking scandal. Brooks resigned as News International chief executive on Friday, before being arrested and bailed on Sunday over alleged phone-hacking and illicit payments to police officers.

It has been noted that the password for the email account of Rebekah Wade, as she was known at the time, appears to have been 63000 — the phone number of The Sun's news tip phone line.

The vector for the attack appears to have been a server hosting the new-times.co.uk website, which News International uses as a repository for statements and microsites. According to Alex Bond, a US security researcher, the hackers managed to insert JavaScript code into The Sun's breaking news ticker, which sent visitors to LulzSec's Twitter feed via the fake news page.

Code purporting to be that used in the attack has been anonymously uploaded to Pastebin, although its provenance cannot be verified.

LulzSec started off by attacking entertainment companies such as Sony, saying that the hacks were intended to highlight lax security in such corporations. However, in its 50-day campaign during June and July, LulzSec also moved on to law enforcement agencies and other official targets. The campaign culminated in an attack on the UK's Serious Organised Crime Agency (Soca), carried out in conjunction with Anonymous under the 'AntiSec' banner.

At that point, police arrested an Essex teenager named Ryan Cleary, who has been charged with involvement in the Soca attack and others claimed by Anonymous. After Cleary's arrest, LulzSec used Twitter to chide The Sun for its coverage of the case.