The Guardian has the lowdown on how LulzSec’s primetime hack of the UK Sun went down. It happened in two phases: one was discovering an exploit in the “contact us” section. The other was the discovery of a retired server.
The email vulnerability is thought to have been discovered by LulzSec hackers as early as 2009. That gave them access to large swaths of The Sun‘s email database. Then there’s the discovery of the server:
The hacker used that and then ran a “local file inclusion” program to gain access to the server – meaning they had extensive control over it.
That then gave them access across large parts of the News International network, possibly including the archived emails, and to the Sun’s “content management system” (CMS) – which formats news onto pages. That will have included the code for the “breaking news” element of the Sun’s main webpage; changing the entire content on the page would be too obvious.
By including a line of Javascript in the “breaking news” element, the hackers were able to ensure that anyone visiting the Sun’s home page would, as the ticker was automatically refreshed, they would be redirected to anywhere that the hackers chose.
Once that happened, the news of the hack went public, which involved redirects to the fake Murdoch death story, as well as the redirect to the LulzSec twitter. And now News Corp is left to pick up the pieces. [Guardian]