Slashdot Mirror

← Back to Stories (view on slashdot.org)

Washington Post: We Were Also Hacked By the Chinese

Posted by Soulskill on from the they-just-want-to-fit-in dept.

tsu doh nimh writes "A sophisticated cyberattack targeted The Washington Post in an operation that resembled intrusions against other major American news organizations and that company officials suspect was the work of Chinese hackers, the publication acknowledged on Friday. The disclosure came just hours after a former Post employee shared information about the break-in with ex-Postie reporter Brian Krebs, and caps a week marked by similar stories from The New York Times and The Wall Street Journal. Krebs cites a former Post tech worker saying that the publication gave one of its hacked servers to the National Security Agency for analysis, a claim that the Post's leadership denies. The story also notes that the Post relied on software from Symantec, the same security software that failed to detect intrusions at The New York Times for many months."

135 comments

  1. Yea. Me Too. by Anonymous Coward · · Score: 3, Insightful

    I need some attention too!

    What I have derived form this past weeks revelations.

    1. The Chinese have no problem gaining access to what ever computer networks they wish to.

    2. They seem to be most interested in themselves, kinda like creeping other people's Facebook to see what they say about you.

    3. So far, they haven't found anything worth their time.

    4. Organizations seem to feel that since they discovered something on their networks, they have discovered everything on their networks.

    5. Fail.

    1. Re:Yea. Me Too. by flyneye · · Score: 0

      What could they possibly want with the newspapers?
      They don't control anything of value.
      Most of the news is bullshit and propaganda.(probably less than in China, tho)
      Are they trying to insert their own journalism?( as if anyone would notice)
      Are they trying to edit ours? (as if anyone would notice)
      Trying for free ads?
      Get free delivery?
      Or is it just the Newsclowns turning into bigger attention whores than they already are?
      Something to consider, lack of a good motive on the Chinese part and every bit the M.O. of Newsclowns.

      --
      *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
    2. Re:Yea. Me Too. by jhoegl · · Score: 3, Funny

      Go back into your bunker...

      NPR had a great story on this yesterday, but since you most news is propaganda, you must ask these ignorant questions.
      Your ignorance breeds unto itself.

    3. Re:Yea. Me Too. by alexander_686 · · Score: 5, Interesting

      These newspapers have been reporting embarrassing things. Like members of the Communist Party and their family members have vast wealth – implying that this wealth is coming from inside contacts and use (or abuse) of official power. The Communist Party would be interested in who is leaking the details.

    4. Re:Yea. Me Too. by flyneye · · Score: 1

      So, why can't they use a stolen credit card number to get to the premium/pay stories?
      Doesn't add up.

      --
      *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
    5. Re:Yea. Me Too. by flyneye · · Score: 0, Flamebait

      NPR is no talent propaganda and will probably be the next clowns to claim a hack.

      --
      *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
    6. Re:Yea. Me Too. by jhoegl · · Score: 1

      Clearly you understand nothing of your own situation.
      You make excuses for your ignorance by claiming sources are false, when they have repeatedly been proven.
      Instead you let someone else filter your information, forming your opinion for you.
      Lets hope you never make a major life decision that will affect others.

    7. Re:Yea. Me Too. by flyneye · · Score: 2, Insightful

      Well someone said so anyway. I guess you got it from newsclown.
      I've heard enough verifiable bullshit over the years from NPR to see that it's just an ad agency for aging hippies.

      --
      *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
    8. Re:Yea. Me Too. by alexander_686 · · Score: 4, Insightful

      Your missing the point. The fact is that somebody is hacking into the paper to figure out who the journalist's sources are.

      So, it's not the average Chinese citizen trying to read the paper – it's about finding who the journalist are, what their sources are, etc – the stuff a government would need to harasses and shut down the people who are leaking the data.

    9. Re:Yea. Me Too. by Forty+Two+Tenfold · · Score: 1

      U.S. Defense Secretary Warns of a Possible 'Cyber-Pearl Harbor'.

      So, no, it's simple. The USA declared "Cyber War" on the USA so some "attacks" are required to be reported. These don't have to be real though, just reported.

      --
      Upward mobility is a slippery slope - the higher you climb the more you show your ass.
    10. Re:Yea. Me Too. by flyneye · · Score: 1

      Ahh thats better an actual answer rather than the newclown defense league.
      Now it would be funny to find the newspapers hacked China...

      --
      *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
    11. Re:Yea. Me Too. by AmiMoJo · · Score: 2, Insightful

      You are assuming it was the Chinese government. So far I have not seen a shred of evidence to support that. There is some circumstantial evidence that the attacks may have originated from China, possibly.

      It would actually make a lot more sense if it were hackers hired by the politician who has been the subject of these embarrassing stories. Of course it might just be the Chinese equivalent of Anonymous.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    12. Re:Yea. Me Too. by Anonymous Coward · · Score: 0

      That this is rated Informative should make Slashdotters aware that 50 Cent party members are working on Slashdot.

    13. Re:Yea. Me Too. by PCM2 · · Score: 3

      You are assuming it was the Chinese government. So far I have not seen a shred of evidence to support that. There is some circumstantial evidence that the attacks may have originated from China, possibly.

      It would actually make a lot more sense if it were hackers hired by the politician who has been the subject of these embarrassing stories.

      OK, did I just read your whole comment to learn that you think there's not "a shred of evidence" that it was the government, but instead you believe it was hackers hired by the government? I think I can smell my brain dying.

      Of course it might just be the Chinese equivalent of Anonymous.

      Do you have any idea how things work in China? Just think for a minute: Great Firewall of China, ring any bells? Go find some bandwidth statistics and see how hard it is for the Chinese to get access to fast internet connections, compared to places like South Korea or Japan. And if there really were some underground internet hacker movement composed of individuals in China -- and there isn't -- why on Earth would they attack Western newspapers, which mostly tell the truth, and not their own newspapers, which never do?

      --
      Breakfast served all day!
    14. Re:Yea. Me Too. by AmiMoJo · · Score: 1

      OK, did I just read your whole comment to learn that you think there's not "a shred of evidence" that it was the government, but instead you believe it was hackers hired by the government? I think I can smell my brain dying.

      A politician acting for themselves is not the same as the state deciding to sanction something. When a US politician goes to jail that doesn't mean that the government committed a crime or endorsed his behaviour.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    15. Re:Yea. Me Too. by Anonymous Coward · · Score: 0

      Well someone said so anyway. I guess you got it from newsclown.
      I've heard enough verifiable bullshit over the years from NPR to see that it's just an ad agency for aging hippies.

      Don't make fun of my newsclown! My newsclown mocks the people and things I disagree with and warns me about threats that may or may not be real. My newsclown will build a city and only the right kind of people will be allowed to live there!
      Also, why would anyone want to age hippies? The ones I know are ripe already!

    16. Re:Yea. Me Too. by alexander_686 · · Score: 4, Insightful

      This is China - the lines between government, party, industry, and politician are a bit blurred. For example, IIRC, the Army reports to the party - not to the government. Elections are limited and managed. etc.

    17. Re:Yea. Me Too. by PCM2 · · Score: 3

      A politician acting for themselves is not the same as the state deciding to sanction something. When a US politician goes to jail that doesn't mean that the government committed a crime or endorsed his behaviour.

      OK, my guess was right. You really don't understand how things work in China. My recommendation is that you go to the library, grab back issues of some reputable news source (The Economist might be a good place to start) and read up on everything you can find about the last Chinese national election. Along the way you'll learn a lot about how free Chinese politicians are to act independently. (TL;DR - China ain't the US.)

      Also, just think about what you're suggesting. This isn't some politician giving an order to have some hapless old man thrown in prison. That kind of thing happens all the time in China, and nobody ever hears about it. What you're saying, though, is that some lone politician, acting completely independently and on his own initiative, hired hackers to launch an attack on the two largest, most respected newspapers in the United States. Not even the largest companies -- the largest newspapers. Exactly how was this supposed rogue, lone wolf politician planning to cover up what he did?

      --
      Breakfast served all day!
    18. Re:Yea. Me Too. by alexander_686 · · Score: 1

      Define “Hack”. Are not investigative journalist suppose to investigate? Unearth buried and unpleasant truths? Being a “hack” used to be slang for being a journalist. A low class one interested in sensationalist stories, but still...

    19. Re:Yea. Me Too. by blue_teeth · · Score: 1

      The Power of Nightmares

    20. Re:Yea. Me Too. by Anonymous Coward · · Score: 0

      How do they know its China?

    21. Re:Yea. Me Too. by K.+S.+Kyosuke · · Score: 1

      "the lines between government, party, industry, and politician are a bit blurred"

      That almost sounds like a description of Japan, too!

      --
      Ezekiel 23:20
    22. Re:Yea. Me Too. by K.+S.+Kyosuke · · Score: 1

      Perhaps they tried to edit the name to "Wachinkton Post"?

      --
      Ezekiel 23:20
    23. Re:Yea. Me Too. by cyfer2000 · · Score: 1

      I don't think /.er 84093 can be a 50 Cent party member

      --
      There is a spark in every single flame bait point.
    24. Re:Yea. Me Too. by mbkennel · · Score: 1

      "What could they possibly want with the newspapers?
      They don't control anything of value.
      Most of the news is bullshit and propaganda.(probably less than in China, tho)
      Are they trying to insert their own journalism?( as if anyone would notice)"

      Think.

      They are attempting to find and punish---extremely severely---any sources who gave information to the reporters. They are threatening the reporters. They are threatening the newspapers who publish information critical of the regime's power.

    25. Re:Yea. Me Too. by mjwalshe · · Score: 2

      They want to find the journalists sources so they can be sent to the gulags (if they are lucky).

    26. Re:Yea. Me Too. by flyneye · · Score: 1

      Where can I find this newsclown? Can I get a deposit back on mine?

      --
      *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
    27. Re:Yea. Me Too. by flyneye · · Score: 1

      I'm still waiting for computer saavy newsclowns, they seem to still be stuck on the tubes and pipes thing.

      --
      *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
    28. Re:Yea. Me Too. by flyneye · · Score: 1

      LOL, I defy them to carry out any threats to newsclowns!
      Go on take your best shot! Buncha sissy Chinese hackers! Go on , I dare you!

      --
      *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
    29. Re:Yea. Me Too. by flyneye · · Score: 1

      Hey N.Y.Times and Wash. Post journalists are lucky. Send them! Dunno about the luck of the WSJ guys though, wouldn't they be too rich to be journalists if they were? But fair is fair, send them too!

      --
      *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
    30. Re:Yea. Me Too. by mjwalshe · · Score: 1

      send Murdoch Sr and Jnr First :-)

    31. Re:Yea. Me Too. by flyneye · · Score: 1

      Added Bonus: Exhumed remains of Hearst

      --
      *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
    32. Re:Yea. Me Too. by SourceFrog · · Score: 1

      Devil's Advocate, and tinfoil hat time: How do we know this isn't a sophisticated false flag operation, by our own government? This could be exactly what is needed to try convince the public to support new over-reaching laws giving the government much more control over our Internet. Watch closely any new bills or regulations that follow this.

      --
      My other UID is three digits.
    33. Re:Yea. Me Too. by russotto · · Score: 1

      The Communist Party would be interested in who is leaking the details.

      I'm going to guess they mostly came up empty-handed. I doubt reporters would keep such information on the Post's systems -- either because they're technophobic, or paranoid that someone else at the post would steal their sources, or perhaps in a few cases worried about the US government subpoenaing the information.

    34. Re:Yea. Me Too. by AmiMoJo · · Score: 1

      So by your logic the US got a blowjob in the Oval Office.

      The government is not one man, even in China. If it this did happen and was ever proven he would be forced out at the very least, if not prosecuted, even in China.

      I think you need to do some reading about China. My girlfriend is Chinese as it happens, so I have some interest in this subject. There is corruption and lawbreaking, but the official policy is to clamp down on it. It will be ignored until it can no longer be ignored (because incontrovertible proof is made public), at which point the powers that be will come down hard.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    35. Re:Yea. Me Too. by Anonymous Coward · · Score: 0

      Failed troll.

    36. Re:Yea. Me Too. by gmhowell · · Score: 1

      There is corruption and lawbreaking, but the official policy is to clamp down on it.

      Oh, why didn't you tell us? There's a policy against it? Then surely it never happens. /eyeroll

      --
      Jesus was all right but his disciples were thick and ordinary. -John Lennon
    37. Re:Yea. Me Too. by Anonymous Coward · · Score: 0

      I hope the owner of the Washington Post gets run over by a truck, cuz he can win some huge injury settlement suing big bad Peterbilt.

    38. Re:Yea. Me Too. by Pros_n_Cons · · Score: 1

      The attacks all seem to begin around 8:00AM in China also. Maybe the scene has changed since my day but h4x0rs were getting ready for bed around that time. seems to me this is sponsored and they're clocking into work.

      --

      -- "of course thats just my opinion, I could be wrong." --Dennis Miller
    39. Re:Yea. Me Too. by PCM2 · · Score: 1

      The government is not one man, even in China. If it this did happen and was ever proven he would be forced out at the very least, if not prosecuted, even in China.

      OK, now I think you're intentionally being thick.

      Let's recap: You are the one suggesting that this was the work of one man, acting alone. I am the one telling you that this is virtually impossible, and an attack of this kind would never be done without official government sanction. So explain to me what your new argument is now, because you sure as hell sound like you're making my point for me.

      I think you need to do some reading about China. My girlfriend is Chinese as it happens, so I have some interest in this subject.

      I bow before the superior intellect, Khan.

      It will be ignored until it can no longer be ignored (because incontrovertible proof is made public), at which point the powers that be will come down hard.

      Yeah? And just when would that proof be made public. You mean the kind of "made public" like when the newspapers you attacked run stories about it and the entire world knows about it?

      I am begging you ... begging you, now. THINK. Use your brain.

      --
      Breakfast served all day!
    40. Re:Yea. Me Too. by AmiMoJo · · Score: 1

      You claim that it is "virtually impossible" is laughable. Apparently you missed all the attacks by small groups of hackers, up to and including the theft of 250,000 Twitter account details a few days ago.

      I bow before the superior intellect, Khan.

      You really are a dick, aren't you?

      You mean the kind of "made public" like when the newspapers you attacked run stories about it and the entire world knows about it?

      So they both have motivation to prevent that happening. What is your point again?

      I can tell logic and reading comprehension are not your strong points.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    41. Re:Yea. Me Too. by AmiMoJo · · Score: 1

      Yeah, if I were hacking some foreign state I'd be sure to start bang on 8:00 local time, just in case they didn't get the hint that it was my country doing it.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    42. Re:Yea. Me Too. by Forty+Two+Tenfold · · Score: 1

      Where?

      --
      Upward mobility is a slippery slope - the higher you climb the more you show your ass.
  2. Attack details? by griffjon · · Score: 3, Interesting

    Has anyone seen any details on how to detect this specific method of attack, malware signatures, or similar? Cause that just might be of use, seeing the widespread nature of this.

    Also, who hasn't been attacked? Bueller? Bueller?

    --
    Returned Peace Corps IT Volunteer
    1. Re:Attack details? by Anonymous Coward · · Score: 1

      I know a newspaper from a small Kansas town that hasn't been attacked. It's produced by a 80 year old man with his mechanical typewriter. Maybe these major American news organizations could learn a thing or two from him.

    2. Re:Attack details? by astralagos · · Score: 4, Interesting
      APT attacks are well understood, it's just that they're not very technologically complex. They are, fundamentally, con jobs. You research somebody with a public identity, send a forged email with a trojan, and wait for somebody to open it. The success of the attack is dependent on finding a large enough group that somebody will open the mail. If you want an early example of a discussion of this, read Shishir Nagaraja's and Ross Anderson's "Snooping Dragon" paper.

      As for malware signatures, they've been increasingly ineffective for years. Attackers can buy AV as well, and it's easier for them to tweak their software to evade AV then it is for defenders to generate new signatures. AV's very good at protecting you from yesterday's attack. If you don't have a signature though, it usually takes month to identify a subverted host.

    3. Re:Attack details? by Sulphur · · Score: 3, Funny

      I know a newspaper from a small Kansas town that hasn't been attacked. It's produced by a 80 year old man with his mechanical typewriter. Maybe these major American news organizations could learn a thing or two from him.

      William Allen White?

      --

      Its all Post facto.

    4. Re:Attack details? by guttentag · · Score: 5, Interesting

      Disclosure: I am a former Washington Post employee

      The Post doesn't seem to officially be divulging details. Sure, they're reporting on it now that the word is out through a former employee's blog citing an unnamed former employee (neither of those people are me) as a source, but the article actually has a Post spokesperson denying one of the claims of the article (that the Post handed over one of its servers to the NSA for study). This isn't the paper contradicting itself – it's what ethics look like in practice at a good newspaper. The paper can report on itself even when the top brass don't want to.

      However, in the New York Times story on its own intrusion, it was stated that AT&T "monitors" the company's network and noticed unusual traffic patterns. AT&T alerted athe Times, who asked them to keep an eye on it, and then brought Mandiant in to consult.

      Going back to The Post's story, the company's claim that it did not turn over a server to the NSA casts the issue of China hacking U.S. newspapers in a new light... if you read between the lines. Newspapers (especially The Post and The Times) see themselves as a fiercely-independent check on the government. Watergate-era readers would be as appalled at the idea of The Post handing over servers to the NSA as MacWorld attendees were in the 90s at seeing Bill Gates's face on screen during Job's speech. From a PR perspective, it just looks wrong. China might actually do more to harm these papers by getting them to run into the arms of the U.S. government. It's one thing to think China may have found out you're talking to a reporter... Quite another to think both the U.S. and China may later discover you were the anonymous source for a story they didn't want out. It's unlikely that the NSA is rooting around the server looking for political whistleblowers, but the idea of it has a chilling effect on potential sources who think of The Post as the institution that protected Deep Throat's identity for decades, at great risk to itself.

    5. Re:Attack details? by Anonymous Coward · · Score: 0

      Newspapers (especially The Post and The Times) see themselves as a fiercely-independent check on the government.

      Uh, I'd hate to tell you this, but while they might see themselves as "fiercely independent", no one else does.

      Now, mind you, most people will agree that newspapers and the media in general aren't independent of the government per se, but no one seriously believes that they are independent of the political parties. Newspapers like the Post and the Times both worked overtime to reelect Obama, turning Hurricane Sandy into a case for Obama and completely ignoring the horrors of Benghazi. (But "what difference does it make," right? You'd think the media would report on that, but, nope.)

      Newspapers might be "independent of the government" but that doesn't make them any less the mouthpieces of the political parties at best.

      At worst, I'll just note you said they view themselves as "fiercely independent of the government", but NOT "fiercely independent of their advertisers". Because there's a whole other way that the media biases the information that they report, and it has nothing to do with getting Democrats elected.

    6. Re:Attack details? by PCM2 · · Score: 2

      This brand of cynicism is dull, and it creates its own form of self-fulfilling ignorance.

      If nothing you see in the media is true and every journalist is a puppet of either advertisers or the government, then where do you get your news from, exactly?

      There is only one possible answer, and that is: You make it up. You hear what people tell you, decide you're going to believe the opposite, and then you go around railing on the news for not saying what you believe.

      In other words, you are a dolt.

      --
      Breakfast served all day!
    7. Re:Attack details? by Anonymous Coward · · Score: 1

      Two consulate attacks happened on the same day, one by a protesting mob and one by ex-rebel fighters with all qaeda ties. This is in addition to many other mobs that gathered to protest the anti-islam video produced in the US. The attack was quick and I don't believe any of them identified themselves to allow it to be radioed back. There was confusion I'm sure, and the special mission in Benghazi and elsewhere should have had more security. It's a story, but I'm not sure it's as big as you've made it out to be. It also doesn't necessarily paint Obama in a negative light, as the private sector security they had guarding the place sounds more like a republican answer than a democratic one. A bill had also failed in congress that would have appropriated more security to these places.

      I think generally the people harping on the issue are delusional. US intelligence isn't omnipotent, and the only reason Benghazi was a hot topic is because of the election. The NYT is a distinguished publication even despite their problems, and I contest that they worked to get Obama elected. They didn't harp on there not being any WMD in Iraq, or that the Bush administration didn't heed a report warning of the 9/11 attacks.

    8. Re: Attack details? by Tablizer · · Score: 1

      Hillary was talking about the immediate aftermath, not categorization in general.

      --
      Table-ized A.I.
  3. In other news, ... by Anonymous Coward · · Score: 1

    Let's just list the companies that have been verified not to have been attacked by the Chinese.

  4. I figure... by Xenna · · Score: 3, Insightful

    Symantec has probably been hacked by the Chinese too...

  5. Conspiracy theory by TheRealMindChild · · Score: 0

    Someone at Anonymous works for Symantec

    --

    "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
    1. Re:Conspiracy theory by Anonymous Coward · · Score: 0

      Someone at Anonymous works for Symantec

      Anonyous IS Symantec

    2. Re:Conspiracy theory by Anonymous Coward · · Score: 0

      Symantec did it for the lulz.

  6. nobody cares by Anonymous Coward · · Score: 0

    we have all been attacked by chinks; who cares

  7. The Chinese, such ingenius hackers by Anonymous Coward · · Score: 0

    And yet so dumb as to not obscure the origins of their attacks so that they could claim plausible deniability. Hmm... Coincidence that news of these hacks occurred shortly after the announcements of the US expanding its "cyber" warf.. er, defense programs?

    1. Re:The Chinese, such ingenius hackers by Anonymous Coward · · Score: 0

      After Stuxnet, first posts on /. jumped at the chance to blame the US.
      After these intrusions, first posts on /. jump at the chance to exonerate China.

    2. Re:The Chinese, such ingenius hackers by mbkennel · · Score: 3, Insightful

      Why is obscuring the origin of their attacks their intent? Perhaps being tracked to China is one of the points of it.

      It's like poisoning a dissident with polonium: the unmistakable message of "don't fuck with Putin".

    3. Re:The Chinese, such ingenius hackers by Anonymous Coward · · Score: 0

      Can you answer the question? Why would the Chinese use sophisticated attacks to break into systems, yet not take steps to hide their tracks?

  8. IP blocks by Anonymous Coward · · Score: 0

    I assume they can blame China because all the IPs of the hackers are in Chinese blocks.

    So... why the fuck do these American news journals need China to have access in the first place? Why do these businesses need to route traffic to/from China? Are they using Huawei routers or something asstarded?

  9. Did they also hack Slashdot? by peterindistantland · · Score: 5, Funny

    Is that why I was modded down last time?

    1. Re:Did they also hack Slashdot? by Anonymous Coward · · Score: 0

      Is that why I was modded down last time?

      Nah, that's just because we don't like you. Next time, try NOT to run over CowboyNeal's dog.

  10. How is this not an act of war? by OS24Ever · · Score: 3, Insightful

    I'm curious why repeated attacks "by the Chinese" have invoked no response from the government? It seems odd that we have US Companies being attacked on US soil and there's not even a peep about it.

    I'm not saying bomb people but tis seems.....weird...

    --

    As a rock-in-roll Physicist once said, No matter where you go, there you are.

    1. Re:How is this not an act of war? by Anonymous Coward · · Score: 0

      Because the US gov has been doing the same to companies in every other country for even longer?

    2. Re:How is this not an act of war? by mitchaki · · Score: 3, Interesting

      Maybe it has something to do with the large amounts of money the US owes China. It could also have to do with the US government trying to hide the fact that the Dept. of Homeland Security is completely inept and a huge fail when it comes to cybersecurity.

      --
      It seems that everyone who says "I ignore trolls." really means "I ignore you if you disagree with me."
    3. Re:How is this not an act of war? by pushing-robot · · Score: 3, Insightful

      Because...

      (a) We can't be sure the attack originated in China, it could have simply been proxied through there (there are plenty of vulnerable Chinese systems).
      (b) Even if it was, we can't prove it was organized by the Chinese government (there are plenty of non-state hackers in plenty of countries).
      (c) Even if it was, lots of governments engage in low-level espionage (including your own) without significant diplomatic repercussions.

      Gathering intelligence isn't typically considered an "act of war" unless it is seen as a prelude to invasion or otherwise causes physical harm.
      If it was, intelligence agencies would have started World Wars 3 through 17 by now.

      --
      How can I believe you when you tell me what I don't want to hear?
    4. Re:How is this not an act of war? by __aaltlg1547 · · Score: 1

      What are you on about? The government talks about this all the time.

    5. Re:How is this not an act of war? by Anonymous Coward · · Score: 1

      You forgot about the part where the current administration tends to minimize most things that would be considered "egg on the face" of any other administration. Most people will never know about this, and they definitely should.

      They've got the media in their pockets, and they know it.

      They've got most of *you* in their pocket, and we know it.

      Let the illogical defending begin. Always fun to watch on slashdot.

    6. Re:How is this not an act of war? by Anonymous Coward · · Score: 1

      No citations but let's assume you're right.
      When the US does that, Slashdotters never say "Well [somebody else] does it too. This is a non-story." Rather, most of us are righteously indignant and critical of such actions. Now, When [somebody else] indeed has done it, it seems the general consensus is "The US does it too. This is a non-story"

      How about some consistency in standards?

    7. Re:How is this not an act of war? by oodaloop · · Score: 2

      What do you want the DHS to do? Go into every company and tell them how to set up their networks?

      --
      Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
    8. Re:How is this not an act of war? by oodaloop · · Score: 3, Insightful

      (a) We can't be sure the attack originated in China, it could have simply been proxied through there (there are plenty of vulnerable Chinese systems).

      ...which were associated with Chinese military? These weren't random machines. The proxies the Chinese used were random machines in the US, and the attacks were traced back to machines associated with the Chinese govt. This has happened many times in the past, and we know of large Chinese military units engaged in cyber warfare. How many attacks like this have to happen before people realize what kind of war we are in?

      --
      Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
    9. Re:How is this not an act of war? by Anonymous Coward · · Score: 0

      (a) We can't be sure Stuxnet originated in the US. A government official claiming US responsibility could just as well be a cover to shield an allied nation who actually bears responsibility.

      Yet /. is comfortable with accepting that Stuxnet was US made.

      (b) Even if it was, we can't prove Stuxnet was organized by the US government (there are rogue actors within government and without)

      Yet /. is comfortable with accepting that Stuxnet was US made.

      (c) Even if it was, lots of governments engage in low-level espionage (including your own) without significant diplomatic repercussions.

      Yet /. never dared to use the "well others do it too" excuse in any Stuxnet discussion.

      Now, imagine another country reported on the Bush/Cheney family fortune and their petropolitical connections. Then, the US government hacks into that country's media establishments in order to identify the whistleblowers. How would Slashdot react? With waving of the hand as you have, or with indignation and condemnation?

    10. Re:How is this not an act of war? by guttentag · · Score: 1

      I'm curious why repeated attacks "by the Chinese" have invoked no response from the government? It seems odd that we have US Companies being attacked on US soil and there's not even a peep about it.

      I have three simple answers for you:

      • When the U.S. military conducts a "cyber" strike on another country, they're not going to tell you. Not even a peep. No one died, no maimed vets missing legs, so no one needs to know. The odds are they were already "at war" with China in "cyberspace" before this happened.
      • These intrusions are not worth risking a real war.
      • The U.S. government is just as interested in knowing who reporters are talking to as the Chinese are. Why would they want to stop this when China is pushing the newspapers into the arms of the FBI and NSA?
    11. Re:How is this not an act of war? by Anonymous Coward · · Score: 5, Insightful

      Those of us who have traced APT through a few proxies (typically only one) back to a large building owned by various Chinese government agencies can assure you that a very large scale industrial espionage program is underway, with occasional sidelines into attempting to trace methods and sources. There are mountains of evidence, most of it feed into shredders under the instruction of corporate lawyers. And most US corporations are so dependent on deeply flawed Microsoft technologies and caught so deep in political games that most of the time they'd rather bury their head in the sand and ask subordinates to delete all evidence than actually do anything proper about it. IT is a cost center, and you can't demonstrate security ROI in a way that passes modern MBA scrutiny. All corporate divisions exist only to bump the stock price this quarter, which means we have to keep cutting cost and overhead. With few exceptions, investment is basically dead in the US corporate world.

    12. Re:How is this not an act of war? by MikeMo · · Score: 2

      I'm curious why repeated attacks "by the Chinese" have invoked no response from the government? It seems odd that we have US Companies being attacked on US soil and there's not even a peep about it.

      How do you know we're not doing anything about it?

    13. Re:How is this not an act of war? by dkleinsc · · Score: 2

      How many attacks like this have to happen before people realize what kind of war we are in?

      One in which nobody's died?

      --
      I am officially gone from /. Long live http://www.soylentnews.com/
    14. Re:How is this not an act of war? by oodaloop · · Score: 1

      Good idea. Let's do nothing and wait until it's too late to save lives. Skate to where the puck's gonna be. Our power grid is going smart, meaning more and more things are connected to the internet, including all of our critical infrastructure. The internet of things is growing, with things like stoves and coffee pots hooked up to home networks (highly secure, I'm sure). China, Russia, Iran, and even North Korea (believe it or not) all have robust cyber offensive capabilities. This is where the next war will be fought, and the nerds here seem to want to make every excuse to avoid believing it.

      --
      Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
    15. Re:How is this not an act of war? by mjwalshe · · Score: 1

      Do you think any response has to be overt - there is more than one way to apply pressure as FDR said sneaking softly sometimes means you don't have to use the big stick.

    16. Re:How is this not an act of war? by ahabswhale · · Score: 1

      If "IT is a cost center" then you're not doing it right.

      --
      Are agnostics skeptical of unicorns too?
    17. Re:How is this not an act of war? by c0lo · · Score: 1

      How many attacks like this have to happen before people realize what kind of war we are in?

      You don't feel good you don't define a situation as being "at war", don't you?

      --
      Questions raise, answers kill. Raise questions to stay alive.
    18. Re:How is this not an act of war? by DNS-and-BIND · · Score: 1

      China, due to the Great Firewall, is slow as shit, lossy, and the worst place on the planet to route your traffic through. Not when there are Botswana, Russia, Belarus, etc. However if you're with the Chinese government, you get an unblocked clean line that is just as good as 1000mbps DSL in Korea.

      --
      Shutting down free speech with violence isn't fighting fascism. It IS fascism!
    19. Re:How is this not an act of war? by Anonymous Coward · · Score: 0

      The answer is obvious... /. is filled with pinkos.

    20. Re:How is this not an act of war? by oodaloop · · Score: 1

      I don't know if I don't understand what you're trying to say, don't I.

      --
      Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
    21. Re:How is this not an act of war? by c0lo · · Score: 1

      (perhaps I should have replied to the OS24Ever OP) I'm a bit sick of the "being at war" ethos. In which:
      * every attack is categorized as "being at war", disregarding how harmless or serious the attack actually is (I'd see Aaron Swartz as a victim of such a mentality: from where else the need "to make an example of him"?)
      * "war on concepts" are no longer just metaphors

      Without being a symptom that's unique and defining the "disease", it is highly consistent with "former giants about to fall": inability to control any longer the "great destiny that once was" and the unwillingness to rationally accept this situation; a combination mostly manifesting itself as an aggressive pride.

      (I'd suggest a change in you signature. I feel the "The land of the repossessed home. Free of the brave" describe more accurate the situation).

      --
      Questions raise, answers kill. Raise questions to stay alive.
    22. Re:How is this not an act of war? by c0lo · · Score: 1

      I'm curious why repeated attacks "by the Chinese" have invoked no response from the government? It seems odd that we have US Companies being attacked on US soil and there's not even a peep about it.

      "Citizen, you want to be safe of intrusion? Well, it's mandatory everybody releases to us their private encryption key..."

      Would you still want govt to step in?

      --
      Questions raise, answers kill. Raise questions to stay alive.
    23. Re:How is this not an act of war? by Maudib · · Score: 1

      Saying something and doing something are not the same thing. If the government is doing something, talking about it would quite likely be very dumb.

    24. Re:How is this not an act of war? by gmhowell · · Score: 1

      Do you think any response has to be overt - there is more than one way to apply pressure as FDR said sneaking softly sometimes means you don't have to use the big stick.

      Wrong Roosevelt.

      --
      Jesus was all right but his disciples were thick and ordinary. -John Lennon
    25. Re:How is this not an act of war? by mjwalshe · · Score: 1

      oops it sit corrected

    26. Re:How is this not an act of war? by mitchaki · · Score: 1

      Haha..of course not, I have no trust in them when they can't even defend their own .gov domains. Is there any other insights that you can offer? Or do you just ask silly questions?

      --
      It seems that everyone who says "I ignore trolls." really means "I ignore you if you disagree with me."
  11. Probability by SpaghettiPattern · · Score: 0

    I'm sure a myriad of complot theories are being concocted as we speak. Based on the world population, the probability of Chinese hacking anyone are roughly 1 in 6. Considering that, China scores much higher than almost any other country.

    --

    I hadn't the slightest objection to his spending his time planning massacres for the bourgeoisie... (P.G. Wodehouse)
    1. Re:Probability by oodaloop · · Score: 2

      I guess that might make even the slightest amount of sense if a Norwegian farmer and a Zimbabwean goat herder had the same likelihood of using a computer owned by the Chinese military.

      --
      Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
  12. Kinda strange... by Anonymous Coward · · Score: 1

    So do those people really think that the Chinese are the first to hack into their servers?

    Something tells me they don't actually reveal that Americans have been hacking into their servers for years aswell, because they want to hype up the entire cyber-terrorism and warfare thing. You know, makes it easier for politicians to push through even more bills that kill off the internet.

    1. Re:Kinda strange... by Anonymous Coward · · Score: 0

      US government hacking into Chinese journalists' servers to identify whistle-blowers who implicate family of Obama/Biden in potential nepotism.

      proof?

  13. Where is Symantec mentioned? by Anonymous Coward · · Score: 0

    I see no mention that Symantec is mentioned.

  14. Another third rate burglary attempt by Anonymous Coward · · Score: 0

    This time against the paper that brought down the Nixon administration. The Watergate scandal began with the arrest of the E. Howard Hunt and other lowlife security types at the Democratic National Headquarters in Washington DC. "A third rate burglary attempt" commented Nixon's press secretary Ron Zieglar. But the Post kept following the money as the administration scrambled to cover up the White House's role in numerous illegal operations against political opponents. An anonymous administration official (since identified as the FBI's Mark Felt, who revealed himself just before he died) began tipping the Post's Bob Woodward. At the height of the scandal, Woodward and Carl Bernstein prepared a bombshell story about US Attorney General John Mitchell's role in the Watergate coverup. Mitchell was reached by phone late in the evening for his reaction, and he reportedly screamed "JEEEEEEEEE-SUSS! (Washington Post publisher) Katie Graham is going to get her tit caught in a big fat wringer if you print that."

    They edited "her tit" out Mitchell's quote from the story that came out the next morning.

    1. Re:Another third rate burglary attempt by Anonymous Coward · · Score: 0

      What do you mean low lifes?
      Liddy is pretty damn cool.
      Hunt is a sissy little squealer.
      Democrats are nothing of value.
      Wow! So maybe it's Liddy hacking the papers. They've brought Frankenixon back to life and even now he stalks Obama.
      Stop the Press! We got a new headline. Beijing Ding-a-ling Has Fruity Fling, Democrats Named and Blamed, Obama claims "I am not a crook"

  15. Chinese Hackers by Anonymous Coward · · Score: 0

    I now remember, I was also hacked by the Chinese.

  16. Attack Vector(s)? by SirBitBucket · · Score: 1

    Has this info been made public?

  17. I would love to see by Anonymous Coward · · Score: 0

    I'd love to see a full study on how much Microsofts lack of security for the last 15 years has cost the American people in lost secrets to foreign agencies. I'm sure its significant, problem is the person doing the study will probably die in a car crash or get cancer before its finished.

  18. What, Security? by 10101001+10101001 · · Score: 1

    "The story also notes that the Post relied on software from Symantec, the same security software that failed to detect intrusions at The New York Times for many months."

    Golly, it's almost as if relying upon detection after the fact or at entry point is no real protection. Oh, but you say, defense in depth! Well, defense in depth is great. But, intrusion detection of the sort is like tissue paper when you might get thousands of attacks daily. The only real defense is actually having software that isn't exploitable. And that means having (a) open software you can analyze, (b) developers/vendors of that software who will quickly address problems, (c) open disclosure so you don't have to wait months to find out you might already be being hacked--giving you the option to simply stop using software if it's hackable--, (d) multiple servers running multiple software stacks so you have something to switch to for (c), and (e) having a strong push for possible problems so you don't have to rely upon (b) because (b) is just a bad hack to the truth that no software is perfect--as that's a broken record if it's said all the time, as it's meant to explain the *occasional* security bug.

    Oh, and I think this also highlights the whole point that treating security as a joke shows the joke's on you. The real thing to worry about is just how bad the US Government's security score is. If you at all believe that government is generally worse than private industry--not something I particularly believe given just how bad private industry is--, then the US as a whole is fucked at least as far as any concerns for keeping US Government held data private from the Chinese or other hackers. All things considered, it makes one wonder if the data China has--not necessarily even their government--would put Wikileaks to shame.

    --
    Eurohacker European paranoia, gun rights, and h
    1. Re:What, Security? by colfer · · Score: 1

      Symantec, I wonder what goes on there. Hope the engineering is better than the fairly ridiculous adventure I had with customer service. I was reporting a bug in the "Verified" seals for my paying client: the web wizard generates the wrong seals because the product matrix has not kept up with the threeway conversion of Verisign, Symantec and Norton. On the fourth customer service rep I finally had someone who knew what he was talking about. Refreshingly, he was blunt and did not end by asking me if I had any other issues, but just signed off! He sent me the code I needed, but I'm not sure he reported the bug.

      Let's hope that means the server security and SSL cert teams are no-nonsense engineers, not bereft souls in a chaotic marketing enterprise.

  19. Blame the software? by Murdoch5 · · Score: 1

    What is the point on the IT department if your going to blame off the shelf software. The software is a rough first stop but in no way a completely solution for prevention. Before you blame the software also blame the IT department.

  20. Lie factory by tendentious · · Score: 0, Troll

    The Washington Post is a company that sells propaganda to suckers. They lie for a living. Why should anyone believe them now?

    1. Re:Lie factory by guttentag · · Score: 1

      The Washington Post is a company that sells propaganda to suckers. They lie for a living. Why should anyone believe them now?

      Citation please.

    2. Re:Lie factory by 93+Escort+Wagon · · Score: 1

      Thank you for sharing your opinion, Mr. Liddy.

      --
      #DeleteChrome
    3. Re:Lie factory by Anonymous Coward · · Score: 0

      For sure your facts can be backed up by Fox News.

  21. THE CHINESE by Anonymous Coward · · Score: 1

    That monolithic entity known only as THE CHINESE.

    Odd that when Anonymous deface a bank's website we don't say THE AMERICANS hacked it.

    1. Re:THE CHINESE by edibobb · · Score: 1

      I suspect the Mongoliad.

    2. Re:THE CHINESE by Anonymous Coward · · Score: 0

      You know very well we've always been at war with Eastasia.

  22. Sophisticated? by edibobb · · Score: 2

    Of course it's a sophisticated attack. It happened to a big company, and they cannot be held responsible. If it happened to me on my home PC or at a small business, it would be my own fault for having inadequate security.

    1. Re:Sophisticated? by Anonymous Coward · · Score: 0

      The NYT and WSJ were also hacked, apparently in the same way. Apply Occam's Razor - three of top five newspapers all were negligent security at the same time, and were irresponsibly vulnerable to ordinary hacks. Or the attackers were considerably more sophisticated than average.

  23. This could cause some confusing headlines by istartedi · · Score: 1

    If the main story on the front pages is "Hacked by Chinese", was that supposed to be the main story or is it just script kiddies bragging?

    --
    For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
  24. Looks like Bad Things DO Happen in Fours by ohnocitizen · · Score: 1
    http://it.slashdot.org/story/13/02/02/0340220/twitter-hacked

    Looks like bad things do happen in threes — Twitter's report comes on the heels of disclosures of hacking attacks on the WSJ and NY Times.

    Can we please get rid of that ridiculous expression?

  25. quit running windows, if you care. by Anonymous Coward · · Score: 0

    These companies deserve to be hacked. They obviously have no concern about security, or they would run a decent OS, not a POS.

  26. Let's get this over with quickly by Anonymous Coward · · Score: 0

    Who has not been hacked (successfully or not) by Chinese over the years, newspaper, TV, not just the media and government, any body with a server connected to the internet ? And who has not been hacked by the Russians ? I suspect there will be few answers.

  27. Re:Looks like Bad Things DO Happen in Fives by dkleinsc · · Score: 1

    Not only have 4 other bad things happened, we've also failed to get rid of that ridiculous expression!

    --
    I am officially gone from /. Long live http://www.soylentnews.com/
  28. Can someone remind me who wrote Stuxnet? by jools33 · · Score: 1

    Can someone remind me who wrote Stuxnet? - and how is this any worse?

    1. Re:Can someone remind me who wrote Stuxnet? by mbkennel · · Score: 3, Insightful

      One is trying to stop a religious dicatorship from making nuclear weapons.

      The other is trying to intimidate people (and imprison them) who look into and talk about the corrupt financial shenanigans of a secular dictatorship.

      If Stuxnet were directed at a German newspaper which printed a story about Dick Cheney's purloined billions, then it would be pretty comparable, but the U.S. government isn't actually going to do something like that, because, believe or not, some of the people in charge of doing the operation might believe it to be immoral.

    2. Re:Can someone remind me who wrote Stuxnet? by Anonymous Coward · · Score: 0

      Yeah Saddam Hussein did also have a whole crapload of "deubeulyooohemdees".

      And Ossama Bin Laden was hiding in Afghani mountains.

      So do Iranians try to build a bomb, not provide their country with the cheap nuclear energy we all benefit from in "developed" countries.

      This is all not arguable, the world knows.

  29. The Onion says Me Too, too! by billstewart · · Score: 2

    The Onion, America's Finest News Source, recently posted an article saying they'd also given all their passwords to the Chinese.

    --

    Bill Stewart
    New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
  30. cyberattack deterrence by real world retaliation? by Anonymous Coward · · Score: 0

    It seems that the US is quite far behind the curve in protecting itself from so-called cyberattacks. By 'the US', I mean to include the government, private industry, and basically anyone in the US with internet connectivity. Well, OK, maybe not the crew at the NSA, but aside from them there seems to be an endlessly big attack surface and a dearth of the resources and will needed to deal with the problem.

    It also seems that China is the worst of the APTs by far. Certainly not the only one, but the one that's at least 75% probable to be behind many of the significant attacks we've seen surface in the media recently.

    I wonder if some heavy operant conditioning in the real world could moderate China's propensity for bad cyber behavior? For example, suppose the US government were certain that China was behind a serious intrusion (think the RSA spearphishing attack and the consequent defense systems information bleeds from the likes of LockMart et al.). Perhaps if one of China's few nuclear submarines unaccountably failed to report in after each such major cyber attack, they might change their behavior.

    We are still far enough ahead of China in terms of submarine stealth to make that happen in a manner that would leave the Chinese extremely uncertain as to what happened (hostility or accident?) and who, if anyone, did it. What are they going to do, nuke us on suspicion? Doubt it very much. Retaliate against our submarines? China still can't find them. Retaliate against our surface fleet? We have the space assets to ID sources of surface and air attacks, and the SOSUS arrays and other underwater assets have everything China runs under the surface tagged in realtime. At the moment, we enjoy a highly assymetric circumstance: we can hurt them in an important part of real milspace with complete deniability, and they can't do that to us. And they care about serious economic losses that compromise military preparedness.

    Right now, China incurs no cost for successful cyber attacks. If it cost them a billion dollars in real-world, slow-to-replace military equipment each time they did significant damage to us in cyberspace, maybe they would dial it back a bit.

  31. Newspapers arrogant and bad at security? by gelfling · · Score: 1

    Next thing you'll be telling me sometimes the government lies.

  32. Maybe a dumb question... by Anonymous Coward · · Score: 0

    This might be a dumb question but: guys, how do we know it's "the Chinese" ?

    Also the official guy predicting an "internet 9/11 is imminent" like 24h before the first news of a hack got published here seemed really enlightened :)

  33. Thats alot.. by Anonymous Coward · · Score: 0

    of people in one country hacking one website or did your idiot ass mean selected people in the PRC?

  34. Sophisticated cyberattack? by Anonymous Coward · · Score: 0

    An email containing attachments or malicious URLs that compromise Microsoft Windows desktops ...

  35. Handland by Anonymous Coward · · Score: 0

    "Cookie jar? What cookie jar?" (hands continue grabbing cookies)

    "You're paranoid, besides you make bad cookies. Who would want them?" (more hands appear)

    "Yes," says a chorus of one hundred voices singing in perfect unison, "there are no hands. The cookies are bad. Besides, everyone steals cookies, so why get upset?" (more hands appear, grabbing at cookies)

    Thousands of voices chime in, "Correct! No cookies! The hands could be hallucinations! Can you prove they're not a plot to discredit Handland?" (hands withdraw)

    "Anybody want to buy some excellent cookies? Very inexpensive! Home baked cookies! Cookies for sale!"

  36. Not using the right tool for the job by Anonymous Coward · · Score: 0

    Symantec does not make intrusion detection software. They make virus scanning software. These two things are different. It's like not being able to turn a screw with a hammer. Well duh!. You need to have host based intrusion detection as well as network intrusion detection. These are all in addition to virus scanning. And keep in mind that virus scanning is basically security theater BS anyway.

  37. Wen Jiarbo has $2 billion? by iMactheKnife · · Score: 1

    The Premiere of the PRC managed to sock away $2 billion in various banks, including the US banks, in violation of anti-corruption laws in China and the US. All the while, the average rural Chin family cannot afford medical care or education and still works for coolie wages in this Communist paradise. Do you think this might be embarrassing to the Communist Party? They are not hacking to fix the problem. They are hacking to find out who squealed.