Attacks/Breaches
2/1/2013
11:17 AM
Tim Wilson
Tim Wilson
Quick Hits
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Following New York Times Breach, Wall Street Journal Says China Hacked It, Too

FBI says it has been investigating cyberattacks on U.S.-based media outlets for a year

The sophisticated cyberattack launched on The New York Times revealed earlier this week was not the first attack on U.S. media by Chinese entities, officials say.

The New York Times reported an attack targeted at two of its China-based journalists late Wednesday night. According to news reports on the Times attack, entities from China used a combination of spear-phishing and 45 pieces of custom malware to try to obtain the sources of reporters who wrote about the family of Chinese prime minister Wen Jiabao.

The attack, and its subsequent analysis by security firm Mandiant, drew attention from security analysts for its unique level of sophistication. But yesterday officials at The Wall Street Journal said their news bureau in China has also come under fire.

In an article posted Thursday, The Wall Street Journal stated that its system had been "infiltrated by Chinese hackers, apparently to spy on reporters covering Chinea and other issues." Sources at Dow Jones & Co. said the news organization has also been the target of attacks from China.

The U.S. Federal Bureau of Investigation has been probing media-hacking incidents for more than a year and considers the hacking a national-security matter, officials said.

The sophisticated attack on the Times has been cited by some security experts as an indictment of antivirus technology. According to the Mandiant study, the Symantec AV technology used by the Times blocked only one of the 45 pieces of malware used in the exploit.

"Signature-based technologies, such as AV and IPS -- still the cornerstones of many enterprise security strategies -- are actually getting worse at preventing malware infections," says John Prisco, CEO of anti-malware service provider Triumfant.

But Prisco and others note that the shortcomings of AV technology have been known for years. Symantec, itself, issued a statement that indicates that turning on an AV product, by itself, will not completely prevent malware infection.

"Advanced attacks like the ones the New York Times described ... underscore how important it is for companies, countries and consumers to make sure they are using the full capability of security solutions," Symantec said in a public statement. "The advanced capabilities in our endpoint offerings, including our unique reputation-based technology and behavior-based blocking, specifically target sophisticated attacks.

"Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats," the statement says. "We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security. Anti-virus software alone is not enough."

But Rohyt Belani, CEO of security service provider PhishMe and a former Mandiant employee, says all of the attention given to the Times' antivirus solution belies the more serious problem of how to prevent targeted attacks.

Large enterprises like the Times usually have an array of security tools, including email filtering, intrusion prevention, data leak prevention, and more, Belani notes, yet the Chinese attacks circumvented all of them -- as well as the AV applications -- and continued for a period of four months.

"A determined attacker, in a sophisticated attack like this, is going to get through," Belani says. "Companies need to understand that they not only need to develop good technical defenses, but they need to educate their people. If one employee had spotted something out of the ordinary and reported it, this attack might have been stopped a lot sooner."

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
kjhiggins
50%
50%
kjhiggins,
User Rank: Strategist
2/1/2013 | 9:57:11 PM
re: Following New York Times Breach, Wall Street Journal Says China Hacked It, Too
Hopefully, all of the affected the news organizations are sharing their attack intelligence, etc.

Kelly Jackson Higgins, Senior Editor
Dark Reading
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: LOL.
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6213
Published: 2014-04-19
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.

CVE-2013-6214
Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via unknown vectors, aka ZDI-CAN-2042.

CVE-2012-0871
Published: 2014-04-18
The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.

CVE-2012-6646
Published: 2014-04-18
F-Secure Anti-Virus, Safe Anywhere, and PSB Workstation Security before 11500 for Mac OS X allows local users to disable the Mac OS X firewall via unspecified vectors.

CVE-2013-4279
Published: 2014-04-18
imapsync 1.564 and earlier performs a release check by default, which sends sensitive information (imapsync, operating system, and Perl version) to the developer's site.

Best of the Web