news The Australian division of global media giant News Corporation has warned its staff to beware of attempts of external attackers who are seeking to “hack” into the company’s network.
The internal affairs of News Corp have been constantly in the global media spotlight over the past year, due to allegations of phone hacking carried out on behalf of journalists working for the company’s News of the World newspaper in the United Kingdom with the aim of sourcing private information about individuals such as celebrities. The allegations ultimately resulted in the closure of the newspaper and intense interest in the case from the UK Parliament.
A separate division of News Corp also made headlines in March this year, when Australian newspaper the Financial Review published the results of a four-year investigation alleging that a secretive News Corp unit had instructed hackers to hacking the smart cards of rival broadcasters, in a move that would aid News Corp in controlling Australia’s pay TV market. News Corp has denied the claims, and other media outlets such as the Global Mail have published stories displaying the complexity of the case.
However, according to an internal email sent by the technology chief of the company’s Australian division and seen by Delimiter, News Limited, the organisation is suffering its own problems with hackers. “Today a number of News Limited staff have received the below email which purports to be from our IT helpdesk,” the company’s chief information officer John Pittard wrote in a mass email to News Limited staff this morning. “This is a ‘phishing’ exercise by an external source who seeks to hack into our network.”
Phishing is the name given by the IT security industry to a technique by hackers attempting to acquire information such as usernames, passwords and credit card details through email. Typically the attacker will attempt to fool the recipient into thinking their email asking for details is a legitimate communication from, for example, their bank, or, in this case involving News Limited, the organisation’s internal IT helpdesk.
The email example forwarded by Pittard to News Ltd’s staff informs recipients that their account “is in the process of being upgraded to a newest of Windows-based servers”, including an “enhanced online email interface inline with internet infrastructure maintenance” and better anti-spam and anti-virus functions.
“To ensure that your account is not intermittently disrupted but active during and after this upgrade, you are required to kindly confirm your account by stating the details below,” it states, before asking for the recipient’s username and password. If recipients don’t respond with the details, the email claims that a “temporal deactivation” of their account from the “database” might occur.
Pittard told News Ltd staff who received the mail to contact the organisation’s National IT Service Centre (its IT helpdesk) who will assist with the issue. “News Limited will never ask you to divulge your password either by email or on the phone, so you should refuse to do so if you are ever asked,” the CIO wrote in his email.
It is unclear who has attempted to break into News Limited, but the generic nature of the phishing email — which contains several grammatical errors and does not mention News Limited specifically — suggests that that it may be part of a broader campaign targeting a number of organisations and not News Limited alone. A more targeted approach would be known as “spear phishing” and would target a specific organisation or a small number of individuals with a more detailed and personalised email fraud campaign.
However, it’s not the first time that hackers have attempted to target News Corp. In July 2011, the Internet hacking groups known as Anonymous and LulzSec released email login details of several former News of the World editors. That followed an earlier attack by LulzSec on the website of News Corp-owned The Sun, which saw the attackers plan a false story on the death of News Corp chief executive Rupert Murdoch. Denial of service attacks have also attempted to take down News Corp infrastructure such as web sites.
Image credit: World Economic Forum, Creative Commons
Phishing? 2000s just called and want its attack back…
You may have heard of phishing before, but why bother actually hacking into someone’s network when people will just give you their login details? Phishing is remarkably effective.
PhishIng has been the initial entry point for almost every successful data breach over the past several years, this is why it’s continuously important to educate users about the risk and how they should respond to targeted spear phishing attacks. Activating your human sensors dramatically decreases the chance that they will fall prey to phishing attacks and increases the probability that users who fall prey quickly report the incident allowing for a swifter incident response.
Comments are closed.