快猫短视频

Lax security makes it easy to hack News International

Of the things we have learned from the News International hacking scandal, one is how not to choose a password

Of the things we have learned from the News International (NI) hacking scandal, one is how not to choose a password.

Yesterday, the hacking group LulzSec gained access to NI servers and redirected the website of The Sun newspaper to a fake news story claiming proprietor Rupert Murdoch had been found dead. The group also released email and password details for a number of NI staff, including former CEO Rebekah Brooks.

The group gained access to NI servers via new-times.co.uk, a now defunct website that was active when The Times newspaper was moving to its new paywalled site. British newspaper suggests LulzSec used a weakness in this site to upload a 鈥渓ocal file inclusion鈥 script, allowing the hackers to take control of the server and access the NI network. In response, NI blocked its employees from accessing its network remotely, and required them to reset their passwords.

Sabu, the key LulzSec figure interviewed by 快猫短视频, what appear to be the login details for Brooks鈥檚 email account when she was editor of The Sun, and known as Rebekah Wade. The password given was 63000, which is the number of The Sun鈥榮 text message tipline and is prominently displayed on the newspaper鈥檚 website.

LulzSec cracked the passwords because they were poorly encrypted 鈥 stored as an MD5 hash, a cryptographic algorithm that the US Department of Homeland Security has dubbed 鈥渂roken and unsuitable for further use鈥. When encrypting data this is combined with another value, called the salt, which should be random but in this case seems to have been rather easy to guess: 鈥渞ebekah鈥.

Topics: Computer crime / Hacking