Slashdot Mirror
Chinese Hack New York Times
Rick Zeman writes "According to a headline article in the New York Times, they admit to being hacked by the Chinese, and covers the efforts of Mandiant to investigate, and then to eradicate their custom Advanced Persistent Threats (APT). This was alleged to be in reaction to an article which details the sleazy business dealings of the family of Wen Jiabao, China's newest Prime Minister. China's Ministry of National Defense said in denial, 'Chinese laws prohibit any action including hacking that damages Internet security.'" Update: 01/31 15:00 GMT by T : The Times used Symanetic's suite of malware protection software; Symantec has issued a statement that could be taken as slightly snippy about its role in (not) preventing the spyware from taking hold.
Since they already have access, the NYTimes can just outsource the writing to China. This will reduce labor costs and save China the trouble of filtering articles they do not like. Think of all the new potential readers....
Maybe they were just trying to read the many witticisms of David Brooks and Maureen Dowd?
Okay, shooting people is illegal, but shooting people to protect others from getting shot is not. Compromising internet security is illegal in China, but hacking to "protect" the Chinese people from having their leader's security compromised must be okay, right?
Lethal force is only okay in very specific scenarios -- usually when lethal force is first presented by the attacker. Could you explain what the New York Times did that warranted the use of hacking? Did the New York Times hack the Chinese government? Did the New York Times even threaten to hack the Chinese government?
Obviously, there is nothing worse than having your leader's integrity challenged, so they are doing everybody a favor by hacking the Times.
Actually, I can think of a good deal many things that are worse than having my leader's integrity challenged. Truth be told, I quite enjoy my leader's integrity being challenged -- especially if there is fact behind it. The Western world enjoys this over-scrutiny of our leaders. Here's a worse scenario than your leader's integrity being challenged: your leader actually is corrupt and nobody's able to investigate it!
The only favor they're doing us by hacking the New York Times is showing the world that they believe their control of the media transcends their national borders. By paying petty lip service to their own laws (which are often subjective and which they feel they are above), the Chinese government is telling the foreign presses that they better fall in step with their mouthpieces or they will be hacked.
It's quite sickening and I find no way at all to view this as acceptable. This is an international attack on our constitutional values -- most notably freedom of speech.
My work here is dung.
Everyone knows the hacking threat is made up by the US government, as I am continually reminded every time I try to talk about it.
No, it's not bullshit. I don't know how you draw that conclusion. I look at my family business' firewall logs and see lots of intrusion attempts coming from Chinese IP addresses. It got so bad that I moved the company's website to a VPS and moved our mail server to a cloud-based solution. Now, we just block all foreign IP addresses at the firewall by default.
This sounds a lot like US laws.
I block the entire country of China.
If you read the article, you'll notice that they used hacked machines at US universities as a jumping off point.
The article makes no mention of the operating system of the compromised computers. This would be like an article on safety faults in automobiles that did not mention the make and model. Can't we have better security reporting from the grey lady? There is mention of a "domain controller" that was compromised to obtain password hashes and that a rainbow table must have been used to crack passwords. Is there anyone who does not think that it was windows computers that were compromised? I can't help wondering if M$ and the NYT have some sort of agreement about how they report on computer security.
The articles make it pretty clear that the vulnerabilities that were exploited was (A) social engineering and (B) excessive user privileges, not an OS or application flaw. It was nothing but a targeted email worm. This kind of thing could have easily been prevented on Windows with proper policies, and would have happened just as easily on a similarly (mis-)configured Mac or Linux machine.
In other words, the weak link is what they always were: the users.
The New York Times wrote a GREAT article disclosing in full, with technical detail, how they were compromised.
Kudos to them for this in-depth transparency.
The article described in detail how targeted malware attacks were brought against NYT employees. Those were launched from compromised university computers within the US. From there, the custom malware allowed them to hack a Windows AD Domain Controller, and obtain the NTLM hashes. They ran the NTLM hashes against a rainbow table and got 56 user passwords that they used for VPN access.
From there, they were tracked by a security consulting company using an intrusion detection system. They employed a great strategy of not knee-jerk kicking the hackers out, but of watching their moves and determining the scope of compromise. They used forensics hard drive analysis to recover logs and figure out exactly what data was being accessed.
Sounds like what I would do if I was called in for incident response. Except, NONE of my clients would ever allow a story of this detail to be published!!!
Hats off to the NYT for this level of transparency.