Hacking Is Far Too Serious To Just Let It Go.

[watcharacters]

The Wall Street Journal says its computer systems have been infiltrated by Chinese hackers who were trying to monitor the newspaper's coverage of China.

A spokeswoman for Dow Jones & Co., the newspaper's publisher, says the Journal completed a network overhaul to bolster security on Thursday.

• New York Times: Chinese hackers attacked our computers for months
  

The New York Times reported on Thursday that Chinese hackers repeatedly penetrated its computer systems and stole reporters' passwords. The Times said the hackers were hunting for files on an investigation into wealth amassed by the family of a top Chinese leader.

The Journal didn't address how the hacking of its systems occurred, but it said it has faced such threats from China in recent years. It says the hacking was not an attempt to "gain commercial advantage or to misappropriate customer information."

Play Video

Expert says NY Times hacking by Chinese not isolated

In the case of The Times, security experts hired to investigate and plug the breach found that the attacks used tactics similar to ones used in previous hacking incidents traced to China, according to the paper. It said the hackers routed the attacks through computers at U.S. universities, installed a strain of malicious software, or malware, associated with Chinese hackers and initiated the attacks from Chinese university computers previously used by the Chinese military to attack U.S. military contractors.

The attacks, which began in mid-September, coincided with a Times investigation into how the relatives and family of Premier Wen Jiabao built a fortune worth over $2 billion. The report, which was posted online Oct. 25, embarrassed the Communist Party leadership, coming ahead of a fraught transition to new leaders and exposing deep-seated favoritism at a time when many Chinese are upset about a wealth gap.

Over the months of cyber-incursions, the hackers eventually lifted the computer passwords of all Times employees and used them to get into the personal computers of 53 employees.

The report said none of the Times' customer data was compromised and that information about the investigation into the Wen family remained protected, though it left unclear what data or communications the infiltrators accessed.

"Computer security experts found no evidence that sensitive emails or files from the reporting of our articles about the Wen family were accessed, downloaded or copied," the report quoted executive editor Jill Abramson as saying. A Times spokeswoman declined to comment further.

The Chinese foreign and defense ministries called the Times' allegations baseless, and the Defense Ministry denied any involvement by the military.

"Chinese law forbids hacking and any other actions that damage Internet security," the Defense Ministry said in a statement. "The Chinese military has never supported any hacking activities. Cyber-attacks are characterized by being cross-national and anonymous. To accuse the Chinese military of launching cyber-attacks without firm evidence is not professional and also groundless."

China has been accused by the U.S., other foreign governments and computer security experts of mounting a widespread, aggressive cyber-spying campaign for several years, trying to steal classified information and corporate secrets and to intimidate critics. Foreign reporters and news media, including The Associated Press, have been among the targets of attacks intended to uncover the identities of sources for news stories and to stifle critical reports about the Chinese government.

"Attacks on journalists based in China are increasingly aggressive, disruptive and sophisticated," said Greg Walton, a cyber-security researcher who has tracked Chinese hacking campaigns. China's cyber-spying efforts have excelled in part because of the government's "willingness to ignore international norms relating to civil society and media organizations," he said.

The Times reported that executives became concerned just before the publication of the Wen investigation after learning that Chinese officials had warned of unspecified consequences. Soon after the Oct. 25 publication, AT&T, which monitors the Times' computer networks, notified the company about activity consistent with a hacking attack, the report said.

After months of investigation by the computer security firm Mandiant, experts are still unsure how the hackers initially infiltrated the Times' computer systems, the report said.

© 2013 CBS Interactive Inc. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. The Associated Press contributed to this report.

[h90]

"who were trying to monitor the newspaper's coverage of China."

doubt that....they could just read it to find that out.

[Chicog]

You would think organisations with that much money would be able to build a decent firewall, but obviously not.

[Seizhin]

You would think organisations with that much money would be able to build a decent firewall, but obviously not.

Considering Chinese hackers are top of the top, I wonder how much a decent firewall will help.

[Swiss1960]

"who were trying to monitor the newspaper's coverage of China."

doubt that....they could just read it to find that out.

Not if you want to find the (unnamed) sources behind the article / information within the article. For that, you have to break into the mail systems of the newspapers

[Chicog]

You would think organisations with that much money would be able to build a decent firewall, but obviously not.

Considering Chinese hackers are top of the top, I wonder how much a decent firewall will help.

Of course a decent firewall (and by that I mean it in its proper sense, hardware, software, policies and procedures) would keep them out.

I bet this all originated from a crafted phishing email, as most APTs do these days.

Most people are too busy trying to stop stuff coming into their network that they pay little or no attention to what is going out.

Edited February 5, 2013 by Chicog

[manarak]

Most people are too busy trying to stop stuff coming into their network that they pay little or no attention to what is going out.

Absolutely.

Firewall and a local behavioral analysis tool monitoring the processes are the only weapons against hacking - but both are inconvenient to setup and maintain properly, especially the latter, since it requires the computer user to have good knowledge about computers.

[Publicus]

Highly recommended is the current CNBC report at this link, entitled Cyber Espionage: The Chinese Threat: http://www.cnbc.com/id/47962225/Investigations_Inc_Cyber_Espionage

CNBC closely follows Beijing's espionage activities in the United States, against the United States, so I'd also recommend the article at the following link: http://www.cnbc.com/id/100421708. This article includes, among other revelations, that computers made in China are installed with malicious malware during the manfacturing process.

Forumists might also want to check out the U.S. Cyber Command of the U.S. Strategic Command to see what the U.S. military is doing to prevent Beijing hacking the military systems of the United States. President Obama established the U.S. Cyber Command in 2009 and currently is expanding it by several thousand high tech military experts. http://www.washingtonpost.com/opinions/cyberwar-out-of-the-shadows/2013/02/03/a35f9b96-6a4a-11e2-95b3-272d604a10a3_story.html

[manarak]

Highly recommended is the current CNBC report at this link, entitled Cyber Espionage: The Chinese Threat: http://www.cnbc.com/...Cyber_Espionage

CNBC closely follows Beijing's espionage activities in the United States, against the United States, so I'd also recommend the article at the following link: http://www.cnbc.com/id/100421708. This article includes, among other revelations, that computers made in China are installed with malicious malware during the manfacturing process.

Forumists might also want to check out the U.S. Cyber Command of the U.S. Strategic Command to see what the U.S. military is doing to prevent Beijing hacking the military systems of the United States. President Obama established the U.S. Cyber Command in 2009 and currently is expanding it by several thousand high tech military experts. http://www.washingto...10a3_story.html

Everybody does it.

Thousands of experts just for defending?

Echelon?

...

It's a no-brainer that cyberspionage is on the rise for collecting intelligence. There is no limits on what is allowed to do, no dead or captured agents, convenient to do from within the protection of one's own country, plausible deniability, etc.

Blaming "the others" for doing it is par for the course, but let's not be fooled: the US have been spying on the internet and international communications in general for decades.

Edited February 5, 2013 by manarak

[Chicog]

Do you have FinSpy on your phone? Would you even know how to find out?

As for protecting, you can go a long way if you make sure you patch everything, use Application Whitelisting and a few other techniques.

Oh, and on your own computer or smartphone don't open every single email/message and click on every link just out of habit! Most malware requires at least some user intervention to succeed.

Edited February 5, 2013 by Chicog

[manarak]

Do you have FinSpy on your phone? Would you even know how to find out?

As for protecting, you can go a long way if you make sure you patch everything, use Application Whitelisting and a few other techniques.

Oh, and on your own computer or smartphone don't open every single email/message and click on every link just out of habit! Most malware requires at least some user intervention to succeed.

If your post is directed to me: I don't care about finspy.

I use my phone only for phone and SMS, I never setup email on my mobile.

GPS is off, packet data is off, WLAN is off, bluetooth is off, allowed protocol is GSM only.

[Chicog]

Do you have FinSpy on your phone? Would you even know how to find out?

As for protecting, you can go a long way if you make sure you patch everything, use Application Whitelisting and a few other techniques.

Oh, and on your own computer or smartphone don't open every single email/message and click on every link just out of habit! Most malware requires at least some user intervention to succeed.

If your post is directed to me: I don't care about finspy.

I use my phone only for phone and SMS, I never setup email on my mobile.

GPS is off, packet data is off, WLAN is off, bluetooth is off, allowed protocol is GSM only.

No I wasn't aiming it at you Manarak. Just illustrating that most people aren't aware of the threats, and this is the biggest cause of unsafe behaviour.

[NeverSure]

Even at home where I have lots of computers including a lab, my "sensitive data" isn't on a computer with internet access, nor is it networked to any that do have it. It's also encrypted. When I do get something "sensitive," It is immediately transferred to an encrypted vault, and then the file(s) wiped with BC Wipe.

I also have a DMZ in two computers that sit outside my network between my lan and the internet. If I can do it, what's up with the WSJ, or why does the military need "thousands" (read more complexity and chances for error) of people to secure data?

Others posting here are right. It almost takes a spoof email or web page, or tricking an employee in what's called "social hacking" to get into a good network. Still, if there's no sensitive data on that internet enabled network, what's to steal?

[Publicus]

Highly recommended is the current CNBC report at this link, entitled Cyber Espionage: The Chinese Threat: http://www.cnbc.com/...Cyber_Espionage

CNBC closely follows Beijing's espionage activities in the United States, against the United States, so I'd also recommend the article at the following link: http://www.cnbc.com/id/100421708. This article includes, among other revelations, that computers made in China are installed with malicious malware during the manfacturing process.

Forumists might also want to check out the U.S. Cyber Command of the U.S. Strategic Command to see what the U.S. military is doing to prevent Beijing hacking the military systems of the United States. President Obama established the U.S. Cyber Command in 2009 and currently is expanding it by several thousand high tech military experts. http://www.washingto...10a3_story.html

Everybody does it.

Thousands of experts just for defending?

Echelon?

...

It's a no-brainer that cyberspionage is on the rise for collecting intelligence. There is no limits on what is allowed to do, no dead or captured agents, convenient to do from within the protection of one's own country, plausible deniability, etc.

Blaming "the others" for doing it is par for the course, but let's not be fooled: the US have been spying on the internet and international communications in general for decades.

Yes, everyone is doing it - or at least any government with the super high tech capabilities.

The bad guys do it; the good guys do it. For the record, the fascist Chinese are the bad guys; we are the good guys.

Making vital distinctions concerning who's doing cyberwarfare and cyberespionage and for what nefarious purpose and evil end is required in the interest of self preservation, national security and other things along these lines.

[Swiss1960]

Some interesting thoughts and posts, but unfortunately, not all of them correct, as I can tell you from my experience as IT Security Manager in the financial industry:

Of course a decent firewall (and by that I mean it in its proper sense, hardware, software, policies and procedures) would keep them out.

Not fully true... I agree about the importance of lifecycle management (latest SW version), patching (latest fixes installed) and hardening (passwords, protocols etc), BUT a firewall is designed to ENABLE communication to the outside world on well defined protocols and ports (i.e. http on port 80). Thus, hackers DO have access through the network, that is why there must be a number of other security applications around the firewall like IDS/IPS (detecting and stopping suspicious traffic), web application firewalls (detecting and stopping stuff like CSS, SQL injection etc.) and anti-virus on all vulnerable devices.

It's a no-brainer that cyberspionage is on the rise for collecting intelligence. There is no limits on what is allowed to do, no dead or captured agents, convenient to do from within the protection of one's own country, plausible deniability, etc.

Very true. Most governments have their own malware which they use to spy on their citizens... whether USA, Germany or Switzerland. The Germans call their malware “Bundestrojaner” and it was developed by a German security company for the German government... of course, the governments are the good guys and only spy on you for the sake of the security of their countries... the Swiss government by the way used the same security company for the development of their own spy malware.

Even at home where I have lots of computers including a lab, my "sensitive data" isn't on a computer with internet access, nor is it networked to any that do have it. It's also encrypted. When I do get something "sensitive," It is immediately transferred to an encrypted vault, and then the file(s) wiped with BC Wipe.

I also have a DMZ in two computers that sit outside my network between my lan and the internet. If I can do it, what's up with the WSJ, or why does the military need "thousands" (read more complexity and chances for error) of people to secure data?

You miss the important point… if nobody needs to access YOUR sensitive data, then of course you can do what you describe. But the Wall Street Journal has thousands of journalists worldwide that need to share reports with each other in order to correlate them into one story...Thus, this information is on internal networks with (hopefully) well defined access rights (role based access control) on well protected servers (hardened, strong authentication, encrypted etc.). with up-to-date anti-virus SW.

By the way: The Chinese are not really interested in the reports themselves (as one poster said, they will read it in the newspaper), but they are interested in WHO sent the reports to the journals... so that they can arrest and prosecute those people if they reside inside China.

Guys: IF security would be that simple, then neither Sony nor RSA (security company...) or DigiNotar (Netherland Internet Certification Authority... now out of business after hack) would have been hacked. Unfortunately, Browsers, JAVA, Flash Players, ActiveX components or even insecure protocols like FTP are needed for certain applications and therefore, all your systems DO have security holes that sometimes can’t be fixed for weeks... that is why the thousands of security engineers are needed to build secondary lines of defence. Unfortunately, there are ALWAYS users that download SW or have week passwords (worst kind of users in my experience are the admins...) and that is why the thousands of security operation guys have to check the systems on a daily basis...

I like to close with a real nice quote that I heard on a cyber security conference:

There is no such thing as a secure IT system... it just has not yet been hacked...

[Chicog]

BUT a firewall is designed to ENABLE communication to the outside world on well defined protocols and ports (i.e. http on port 80).

No it isn't. It's designed to protect a secure network from an insecure one (in most cases, the Internet).

I like to close with a real nice quote that I heard on a cyber security conference:

There is no such thing as a secure IT system... it just has not yet been hacked...

Or to paraphrase Robert Mueller: "There are two types of companies in the world, those that have been hacked and those that will be".