Slashdot Mirror
Chinese Hack New York Times
Rick Zeman writes "According to a headline article in the New York Times, they admit to being hacked by the Chinese, and covers the efforts of Mandiant to investigate, and then to eradicate their custom Advanced Persistent Threats (APT). This was alleged to be in reaction to an article which details the sleazy business dealings of the family of Wen Jiabao, China's newest Prime Minister. China's Ministry of National Defense said in denial, 'Chinese laws prohibit any action including hacking that damages Internet security.'" Update: 01/31 15:00 GMT by T : The Times used Symanetic's suite of malware protection software; Symantec has issued a statement that could be taken as slightly snippy about its role in (not) preventing the spyware from taking hold.
Chinese laws prohibit any action including hacking that damages Internet security
Wait...there are laws in China?
Since they already have access, the NYTimes can just outsource the writing to China. This will reduce labor costs and save China the trouble of filtering articles they do not like. Think of all the new potential readers....
Maybe they were just trying to read the many witticisms of David Brooks and Maureen Dowd?
Communists don't attack each other.
Maybe the Chinese hacked Slashdot, that would explain why this story appears here 12 hours after everywhere else?
Okay, shooting people is illegal, but shooting people to protect others from getting shot is not. Compromising internet security is illegal in China, but hacking to "protect" the Chinese people from having their leader's security compromised must be okay, right? Obviously, there is nothing worse than having your leader's integrity challenged, so they are doing everybody a favor by hacking the Times.
Another ungrammatical lead sentence in the summary. Slashdot: news for nerds, stuff that matters, and daily word puzzle.
They Chinese. They play joke.
Okay, shooting people is illegal, but shooting people to protect others from getting shot is not. Compromising internet security is illegal in China, but hacking to "protect" the Chinese people from having their leader's security compromised must be okay, right?
Lethal force is only okay in very specific scenarios -- usually when lethal force is first presented by the attacker. Could you explain what the New York Times did that warranted the use of hacking? Did the New York Times hack the Chinese government? Did the New York Times even threaten to hack the Chinese government?
Obviously, there is nothing worse than having your leader's integrity challenged, so they are doing everybody a favor by hacking the Times.
Actually, I can think of a good deal many things that are worse than having my leader's integrity challenged. Truth be told, I quite enjoy my leader's integrity being challenged -- especially if there is fact behind it. The Western world enjoys this over-scrutiny of our leaders. Here's a worse scenario than your leader's integrity being challenged: your leader actually is corrupt and nobody's able to investigate it!
The only favor they're doing us by hacking the New York Times is showing the world that they believe their control of the media transcends their national borders. By paying petty lip service to their own laws (which are often subjective and which they feel they are above), the Chinese government is telling the foreign presses that they better fall in step with their mouthpieces or they will be hacked.
It's quite sickening and I find no way at all to view this as acceptable. This is an international attack on our constitutional values -- most notably freedom of speech.
My work here is dung.
I think you're missing his sarcasm with the word "obviously."
--
BMO
I think you're missing his sarcasm with the word "obviously."
-- BMO
But the first sentence implies that he's serious.
Everyone knows the hacking threat is made up by the US government, as I am continually reminded every time I try to talk about it.
No, it's not bullshit. I don't know how you draw that conclusion. I look at my family business' firewall logs and see lots of intrusion attempts coming from Chinese IP addresses. It got so bad that I moved the company's website to a VPS and moved our mail server to a cloud-based solution. Now, we just block all foreign IP addresses at the firewall by default.
Chicoms versus the New York Times?
I'm rooting for the Chicoms.
It's been the Commie Times for a while now...
'Governor Jiabao. I should have expected to find you holding General Mingfu's leash. Do you realize the more your hackers attack our free (well mostly free) press, the more we will think you're are carrying on like a pack of spoiled brats unfit to replace America as the world's superpower?' http://www.businessinsider.com/chinese-general-ominously-warns-australia-not-to-side-with-the-us-tiger-2013-1
He's obviously serious. Obviously.
--
BMO
I'm glad to hear I'm not the only person to do this. I block the entire country of China. Their hacking attempts outnumbered legit requests by a factor of 50 to 1.
Why doesn't the great firewall of China work the other way around?
We don't live in Shouldland.
It's quite sickening and I find no way at all to view this as acceptable. This is an international attack on our constitutional values -- most notably freedom of speech.
The capitalist dogs' attack on our noble way of life is what is unacceptable. Their slanderous lies constitute an international attack on our cultural values — and they must not be tolerated! Signed, the Chinese government.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Does this mean by ALL of the Chinese? ALL 1,5 billion of them hacked into the NYT site? Does this summary mean that every time the chinese government is hacking into foreign sites we have to blame all the chinese citizens for this?
The article makes no mention of the operating system of the compromised computers. This would be like an article on safety faults in automobiles that did not mention the make and model. Can't we have better security reporting from the grey lady? There is mention of a "domain controller" that was compromised to obtain password hashes and that a rainbow table must have been used to crack passwords. Is there anyone who does not think that it was windows computers that were compromised? I can't help wondering if M$ and the NYT have some sort of agreement about how they report on computer security.
"Mit der Dummheit kaempfen Goetter selbst vergebens." - Schiller
Could you explain what the New York Times did that warranted the use of hacking?
Hired hack writers?
Blank until
I cannot imagine how you drew the conclusion that he drew that conclusion.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Why do we keep putting up with this crap and not fighting back? Let's add a stiff import tariff on Chinese junk which would increase revenues and add jobs to this country.
Everyone knows the hacking threat is made up by the US government, as I am continually reminded every time I try to talk about it.
No, it's not bullshit. I don't know how you draw that conclusion. I look at my family business' firewall logs and see lots of intrusion attempts coming from Chinese IP addresses. It got so bad that I moved the company's website to a VPS and moved our mail server to a cloud-based solution. Now, we just block all foreign IP addresses at the firewall by default.
The US government is spoofing the IPs to make it look like the attacks are coming from China, but in reality it's US hacking., Doh.
After all, removing information damaging to the prime minister improves "internet security", not damages it ;-)
And yet another example of the Chinese Internet War in progress, folks! Yes, the Chinese have millions who surf and leave anti-US posts where ever they can.
These ones are not even sublime.
So that's why all the NY Times Editorials read like commie propaganda!
So the up and coming super power works just like the current one? A shocker, I tell you...
This is called fascism or corporatocracy. Spin the revolving door, baby!
The BBC is reporting that it was windows computers that were compromised. They quote Graham Cluley, a tech consultant at Sophos. All compromised computers were "thrown out and replaced." All passwords were changed. Another article reports that the hackers would begin working at 0800 Beijing time..
"Mit der Dummheit kaempfen Goetter selbst vergebens." - Schiller
It's been the Commie Times for a while now...
Since China has been a totalitarian capitalist state for the last three decades, I think that pretty much rules out any Chinese influence.
Aren't these Communists delicate little flowers? Amazingly thin skinned, even though they block anything even vaguely political from mainland China.
I think they are a bunch of stupid Third World pussies, with stupid Third World attitudes. No wonder they're Pakistan's only friend in the world. It takes a dirty, illiterate loser to know one.
Can't say as I blame them. A friend at Symantec who's been involved in the NYT relationship was saying that they've spent over a year trying to get NYT's IT dept to update to SEP v12 to no avail, despite repeated warnings that v12 would catch malware exactly like this. Given that they turned the intrusion into a big story for their employer instead of getting fired, I'd say NYT's IT department spun it pretty well. Given that it's coming at the expense of Symantec, I'd say they're being quite polite.
I block the entire country of China.
If you read the article, you'll notice that they used hacked machines at US universities as a jumping off point.
Given some of the history of the New York Times (the Pentagon Papers, Wikileaks), I have this funny feeling that they aren't just dealing with foreign governments hacking their systems.
Log in or piss off.
Symentec, who's software didn't identify but one of the 45 pieces of malware installed, tried to imply it was the NY Times fault, saying the anti-virus isn't enough (although once such stuff is installed the antivirus should be able to find and eliminate it...that's what they sell it for, right?) - I wonder if Symentec's software can identify all or even most of the malware now, yet? The average user is just so far out in the woods, its obvious most of the anti-malware software (even the biggies like Symentec) are not remotely successful at catching or preventing such attacks (since they obviously won't just be used by the Chinese govt hackers forever).
Steve Bennett - is that you? Don't spread rumours anonymously.
And how did they hack into those machines? Magic? Maybe from China?
Sure, you can wake up in New York - sleeping under a bridge, because you're only number 27,498,278. You can be on the top of the list down at the shelter, next time New York has a deep freeze.
Mayor Buttlicker is numero uno, and don't you forget it!
AC troll vs. Mod Two go in, Only one comes out.
"I have downloaded hundreds and hundreds of records, why would I care if somebody downloads ours?" Robin Pecknold
Everyone knows the hacking threat is made up by the US government, as I am continually reminded every time I try to talk about it.
No, it's not bullshit. I don't know how you draw that conclusion. I look at my family business' firewall logs and see lots of intrusion attempts coming from Chinese IP addresses. It got so bad that I moved the company's website to a VPS and moved our mail server to a cloud-based solution. Now, we just block all foreign IP addresses at the firewall by default.
And like the typical idiot admin you assume that the IP you see hitting your firewall is the actual source. It's standard practice to bounce any attacks aimed at US, etc. targets off a compromised system sitting in China, Russia, or some other country which was not likely to cooperate with a foreign investigation. While blocking may indeed cut down on log spam, those are just random headless scans. Any dedicated intrusion attempt is going to hit you with a "slow" scan over the course of many weeks, and use a variety of relays especially ones coming from address space you are not likely going to be able to afford to block en mass.
How did they know it was China doing the hacking then? A friend read the article and said something about it being in the virus signature. Is it impossible to copy things over the Internet these days and use them from different countries? Attribution is almost impossible to get right on something like the internet.
Hacked by chinese
Dang, Symantec has really been improving their products lately. That's much better than I've gotten out of them.
so did they try sending themselves some PDF documents about the chinese leaders business dealings, under the email alias of some of the chinese prime ministers friends..? loaded with a few customized malware of their own, or not. after all you just sent it to yourself, right?
It's painfully, obviously obvious.
The Times detailed its assertions in a long article posted to the front of its Website Jan. 30. The attacks apparently began in early September, as the probe into Wen’s family approached its conclusion. While the hackers could have “wrecked havoc on our systems,” according to Times CIO Marc Frons, they focused on infiltrating dozens of employee computers.
Unfortunately, they wreaked havoc on their grammar and spelling.
The New York Times wrote a GREAT article disclosing in full, with technical detail, how they were compromised.
Kudos to them for this in-depth transparency.
The article described in detail how targeted malware attacks were brought against NYT employees. Those were launched from compromised university computers within the US. From there, the custom malware allowed them to hack a Windows AD Domain Controller, and obtain the NTLM hashes. They ran the NTLM hashes against a rainbow table and got 56 user passwords that they used for VPN access.
From there, they were tracked by a security consulting company using an intrusion detection system. They employed a great strategy of not knee-jerk kicking the hackers out, but of watching their moves and determining the scope of compromise. They used forensics hard drive analysis to recover logs and figure out exactly what data was being accessed.
Sounds like what I would do if I was called in for incident response. Except, NONE of my clients would ever allow a story of this detail to be published!!!
Hats off to the NYT for this level of transparency.
This sounds a lot like US laws.
“The United States is a nation of laws, badly written and randomly enforced.”
- Frank Zappa
Momentarily, the need for the construction of new light will no longer exist.
No kidding.. I took down the firewall on my router (comcast connection) to test some VPN stuff.. instead of doing a port forward etc.
I was doing this from the in-laws house to my house, and within just a couple minutes I saw attempts from china on the SSH and IPsec/L2TP ports (linux box's firewall was set so you couldn't access the L2TP outside of an IPsec tunnel).
Even after turning the firewall back on, they must have somehow (automated?) realized there was a machine they could access but not log into yet.. and port scanned, because my auth.log was showing SSH attempts on the alternate port my router was forward to SSH... (I disabled password login, just use a 512 bit ECDES key, but the fact they somehow found the alternate port which was in the 16xx range in under an hour was interesting, and so was the fact it wasn't a constant stream of failed log ins.. there'd be 10 to 20 attempts over the course of a couple minutes, then a 30 minute or so gap.. rinse and repeat)
With Thomas Friedman alway writing how wonderful China the Chinese government is, I'm shocked to learn they didn't just call him up to get the information. Maybe one department didn't get the memo from the other.
I block the entire country of China.
If you read the article, you'll notice that they used hacked machines at US universities as a jumping off point.
If you get rid of more of the obvious noise/script kiddies, you can concentrate on the more dangerous folks.
If USU is any indication, China constantly attacks universities. China accounts for at least 1/2 of all attack that arrives at the USU border. See: https://it.wiki.usu.edu/20120301_ScanSummary
Many of these attack appear to require favorable quality of service packet delivery. We frequently see flawless packet delivery in high speed Chinese scans and Chinese vulnerability assessments. Currently, we are receiving a comprehensive Chinese vulnerability assessment every 5 days. It would be a great service if we had paid for it. And if they would share the results with us :) See: https://it.wiki.usu.edu/20120101_China_Test
Miles
"I wonder if Symentec's software can identify all or even most of the malware now, yet?"
Nobody Seems To Notice and Nobody Seems To Care - Government & Stealth Malware
In Response To Slashdot Article: Former Pentagon Analyst: China Has Backdoors To 80% of Telecoms 87
How many rootkits does the US[2] use officially or unofficially?
How much of the free but proprietary software in the US spies on you?
Which software would that be?
Visit any of the top freeware sites in the US, count the number of thousands or millions of downloads of free but proprietary software, much of it works, again on a proprietary Operating System, with files stored or in transit.
How many free but proprietary programs have you downloaded and scanned entire hard drives, flash drives, and other media? Do you realize you are giving these types of proprietary programs complete access to all of your computer's files on the basis of faith alone?
If you are an atheist, the comparison is that you believe in code you cannot see to detect and contain malware on the basis of faith! So you do believe in something invisible to you, don't you?
I'm now going to touch on a subject most anti-malware, commercial or free, developers will DELETE on most of their forums or mailing lists:
APT malware infecting and remaining in BIOS, on PCI and AGP devices, in firmware, your router (many routers are forced to place backdoors in their firmware for their government) your NIC, and many other devices.
Where are the commercial or free anti-malware organizations and individual's products which hash and compare in the cloud and scan for malware for these vectors? If you post on mailing lists or forums of most anti-malware organizations about this threat, one of the following actions will apply: your post will be deleted and/or moved to a hard to find or 'deleted/junk posts' forum section, someone or a team of individuals will mock you in various forms 'tin foil hat', 'conspiracy nut', and my favorite, 'where is the proof of these infections?' One only needs to search Google for these threats and they will open your malware world view to a much larger arena of malware on devices not scanned/supported by the scanners from these freeware sites. This point assumed you're using the proprietary Microsoft Windows OS. Now, let's move on to Linux.
The rootkit scanners for Linux are few and poor. If you're lucky, you'll know how to use chkrootkit (but you can use strings and other tools for analysis) and show the strings of binaries on your installation, but the results are dependent on your capability of deciphering the output and performing further analysis with various tools or in an environment such as Remnux Linux. None of these free scanners scan the earlier mentioned areas of your PC, either! Nor do they detect many of the hundreds of trojans and rootkits easily available on popular websites and the dark/deep web.
Compromised defenders of Linux will look down their nose at you (unless they are into reverse engineering malware/bad binaries, Google for this and Linux and begin a valuable education!) and respond with a similar tone, if they don't call you a noob or point to verifying/downloading packages in a signed repo/original/secure source or checking hashes, they will jump to conspiracy type labels, ignore you, lock and/or shuffle the thread, or otherwise lead you astray from learning how to examine bad binaries. The world of Linux is funny in this way, and I've been a part of it for many years. The majority of Linux users, like the Windows users, will go out of their way to lead you and say anything other than pointing you to information readily available on detailed binary file analysis.
Don't let them get you down, the information is plenty and out there, some from some well known publishers of Linux/Unix books. Search, learn, and share the information on detecting and picking through bad binaries. But this still will not touch the void of the APT malware described above which will surv
They could launch their attacks from China, through Europe / Japan / Korea / South America / Africa / etc... and then to the US. Would blocking China IP addresses be useful?
w00t
First thing I thought of as I read TFA was: The Cuckoo's Egg