Slashdot Mirror

← Back to Stories (view on slashdot.org)

Washington Post: We Were Also Hacked By the Chinese

Posted by Soulskill on from the they-just-want-to-fit-in dept.

tsu doh nimh writes "A sophisticated cyberattack targeted The Washington Post in an operation that resembled intrusions against other major American news organizations and that company officials suspect was the work of Chinese hackers, the publication acknowledged on Friday. The disclosure came just hours after a former Post employee shared information about the break-in with ex-Postie reporter Brian Krebs, and caps a week marked by similar stories from The New York Times and The Wall Street Journal. Krebs cites a former Post tech worker saying that the publication gave one of its hacked servers to the National Security Agency for analysis, a claim that the Post's leadership denies. The story also notes that the Post relied on software from Symantec, the same security software that failed to detect intrusions at The New York Times for many months."

91 of 135 comments (clear)

  1. Yea. Me Too. by Anonymous Coward · · Score: 3, Insightful

    I need some attention too!

    What I have derived form this past weeks revelations.

    1. The Chinese have no problem gaining access to what ever computer networks they wish to.

    2. They seem to be most interested in themselves, kinda like creeping other people's Facebook to see what they say about you.

    3. So far, they haven't found anything worth their time.

    4. Organizations seem to feel that since they discovered something on their networks, they have discovered everything on their networks.

    5. Fail.

    1. Re:Yea. Me Too. by jhoegl · · Score: 3, Funny

      Go back into your bunker...

      NPR had a great story on this yesterday, but since you most news is propaganda, you must ask these ignorant questions.
      Your ignorance breeds unto itself.

    2. Re:Yea. Me Too. by alexander_686 · · Score: 5, Interesting

      These newspapers have been reporting embarrassing things. Like members of the Communist Party and their family members have vast wealth – implying that this wealth is coming from inside contacts and use (or abuse) of official power. The Communist Party would be interested in who is leaking the details.

    3. Re:Yea. Me Too. by flyneye · · Score: 1

      So, why can't they use a stolen credit card number to get to the premium/pay stories?
      Doesn't add up.

      --
      *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
    4. Re:Yea. Me Too. by jhoegl · · Score: 1

      Clearly you understand nothing of your own situation.
      You make excuses for your ignorance by claiming sources are false, when they have repeatedly been proven.
      Instead you let someone else filter your information, forming your opinion for you.
      Lets hope you never make a major life decision that will affect others.

    5. Re:Yea. Me Too. by flyneye · · Score: 2, Insightful

      Well someone said so anyway. I guess you got it from newsclown.
      I've heard enough verifiable bullshit over the years from NPR to see that it's just an ad agency for aging hippies.

      --
      *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
    6. Re:Yea. Me Too. by alexander_686 · · Score: 4, Insightful

      Your missing the point. The fact is that somebody is hacking into the paper to figure out who the journalist's sources are.

      So, it's not the average Chinese citizen trying to read the paper – it's about finding who the journalist are, what their sources are, etc – the stuff a government would need to harasses and shut down the people who are leaking the data.

    7. Re:Yea. Me Too. by Forty+Two+Tenfold · · Score: 1

      U.S. Defense Secretary Warns of a Possible 'Cyber-Pearl Harbor'.

      So, no, it's simple. The USA declared "Cyber War" on the USA so some "attacks" are required to be reported. These don't have to be real though, just reported.

      --
      Upward mobility is a slippery slope - the higher you climb the more you show your ass.
    8. Re:Yea. Me Too. by flyneye · · Score: 1

      Ahh thats better an actual answer rather than the newclown defense league.
      Now it would be funny to find the newspapers hacked China...

      --
      *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
    9. Re:Yea. Me Too. by AmiMoJo · · Score: 2, Insightful

      You are assuming it was the Chinese government. So far I have not seen a shred of evidence to support that. There is some circumstantial evidence that the attacks may have originated from China, possibly.

      It would actually make a lot more sense if it were hackers hired by the politician who has been the subject of these embarrassing stories. Of course it might just be the Chinese equivalent of Anonymous.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    10. Re:Yea. Me Too. by PCM2 · · Score: 3

      You are assuming it was the Chinese government. So far I have not seen a shred of evidence to support that. There is some circumstantial evidence that the attacks may have originated from China, possibly.

      It would actually make a lot more sense if it were hackers hired by the politician who has been the subject of these embarrassing stories.

      OK, did I just read your whole comment to learn that you think there's not "a shred of evidence" that it was the government, but instead you believe it was hackers hired by the government? I think I can smell my brain dying.

      Of course it might just be the Chinese equivalent of Anonymous.

      Do you have any idea how things work in China? Just think for a minute: Great Firewall of China, ring any bells? Go find some bandwidth statistics and see how hard it is for the Chinese to get access to fast internet connections, compared to places like South Korea or Japan. And if there really were some underground internet hacker movement composed of individuals in China -- and there isn't -- why on Earth would they attack Western newspapers, which mostly tell the truth, and not their own newspapers, which never do?

      --
      Breakfast served all day!
    11. Re:Yea. Me Too. by AmiMoJo · · Score: 1

      OK, did I just read your whole comment to learn that you think there's not "a shred of evidence" that it was the government, but instead you believe it was hackers hired by the government? I think I can smell my brain dying.

      A politician acting for themselves is not the same as the state deciding to sanction something. When a US politician goes to jail that doesn't mean that the government committed a crime or endorsed his behaviour.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    12. Re:Yea. Me Too. by alexander_686 · · Score: 4, Insightful

      This is China - the lines between government, party, industry, and politician are a bit blurred. For example, IIRC, the Army reports to the party - not to the government. Elections are limited and managed. etc.

    13. Re:Yea. Me Too. by PCM2 · · Score: 3

      A politician acting for themselves is not the same as the state deciding to sanction something. When a US politician goes to jail that doesn't mean that the government committed a crime or endorsed his behaviour.

      OK, my guess was right. You really don't understand how things work in China. My recommendation is that you go to the library, grab back issues of some reputable news source (The Economist might be a good place to start) and read up on everything you can find about the last Chinese national election. Along the way you'll learn a lot about how free Chinese politicians are to act independently. (TL;DR - China ain't the US.)

      Also, just think about what you're suggesting. This isn't some politician giving an order to have some hapless old man thrown in prison. That kind of thing happens all the time in China, and nobody ever hears about it. What you're saying, though, is that some lone politician, acting completely independently and on his own initiative, hired hackers to launch an attack on the two largest, most respected newspapers in the United States. Not even the largest companies -- the largest newspapers. Exactly how was this supposed rogue, lone wolf politician planning to cover up what he did?

      --
      Breakfast served all day!
    14. Re:Yea. Me Too. by alexander_686 · · Score: 1

      Define “Hack”. Are not investigative journalist suppose to investigate? Unearth buried and unpleasant truths? Being a “hack” used to be slang for being a journalist. A low class one interested in sensationalist stories, but still...

    15. Re:Yea. Me Too. by blue_teeth · · Score: 1

      The Power of Nightmares

    16. Re:Yea. Me Too. by K.+S.+Kyosuke · · Score: 1

      "the lines between government, party, industry, and politician are a bit blurred"

      That almost sounds like a description of Japan, too!

      --
      Ezekiel 23:20
    17. Re:Yea. Me Too. by K.+S.+Kyosuke · · Score: 1

      Perhaps they tried to edit the name to "Wachinkton Post"?

      --
      Ezekiel 23:20
    18. Re:Yea. Me Too. by cyfer2000 · · Score: 1

      I don't think /.er 84093 can be a 50 Cent party member

      --
      There is a spark in every single flame bait point.
    19. Re:Yea. Me Too. by mbkennel · · Score: 1

      "What could they possibly want with the newspapers?
      They don't control anything of value.
      Most of the news is bullshit and propaganda.(probably less than in China, tho)
      Are they trying to insert their own journalism?( as if anyone would notice)"

      Think.

      They are attempting to find and punish---extremely severely---any sources who gave information to the reporters. They are threatening the reporters. They are threatening the newspapers who publish information critical of the regime's power.

    20. Re:Yea. Me Too. by mjwalshe · · Score: 2

      They want to find the journalists sources so they can be sent to the gulags (if they are lucky).

    21. Re:Yea. Me Too. by flyneye · · Score: 1

      Where can I find this newsclown? Can I get a deposit back on mine?

      --
      *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
    22. Re:Yea. Me Too. by flyneye · · Score: 1

      I'm still waiting for computer saavy newsclowns, they seem to still be stuck on the tubes and pipes thing.

      --
      *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
    23. Re:Yea. Me Too. by flyneye · · Score: 1

      LOL, I defy them to carry out any threats to newsclowns!
      Go on take your best shot! Buncha sissy Chinese hackers! Go on , I dare you!

      --
      *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
    24. Re:Yea. Me Too. by flyneye · · Score: 1

      Hey N.Y.Times and Wash. Post journalists are lucky. Send them! Dunno about the luck of the WSJ guys though, wouldn't they be too rich to be journalists if they were? But fair is fair, send them too!

      --
      *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
    25. Re:Yea. Me Too. by mjwalshe · · Score: 1

      send Murdoch Sr and Jnr First :-)

    26. Re:Yea. Me Too. by flyneye · · Score: 1

      Added Bonus: Exhumed remains of Hearst

      --
      *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
    27. Re:Yea. Me Too. by SourceFrog · · Score: 1

      Devil's Advocate, and tinfoil hat time: How do we know this isn't a sophisticated false flag operation, by our own government? This could be exactly what is needed to try convince the public to support new over-reaching laws giving the government much more control over our Internet. Watch closely any new bills or regulations that follow this.

      --
      My other UID is three digits.
    28. Re:Yea. Me Too. by russotto · · Score: 1

      The Communist Party would be interested in who is leaking the details.

      I'm going to guess they mostly came up empty-handed. I doubt reporters would keep such information on the Post's systems -- either because they're technophobic, or paranoid that someone else at the post would steal their sources, or perhaps in a few cases worried about the US government subpoenaing the information.

    29. Re:Yea. Me Too. by AmiMoJo · · Score: 1

      So by your logic the US got a blowjob in the Oval Office.

      The government is not one man, even in China. If it this did happen and was ever proven he would be forced out at the very least, if not prosecuted, even in China.

      I think you need to do some reading about China. My girlfriend is Chinese as it happens, so I have some interest in this subject. There is corruption and lawbreaking, but the official policy is to clamp down on it. It will be ignored until it can no longer be ignored (because incontrovertible proof is made public), at which point the powers that be will come down hard.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    30. Re:Yea. Me Too. by gmhowell · · Score: 1

      There is corruption and lawbreaking, but the official policy is to clamp down on it.

      Oh, why didn't you tell us? There's a policy against it? Then surely it never happens. /eyeroll

      --
      Jesus was all right but his disciples were thick and ordinary. -John Lennon
    31. Re:Yea. Me Too. by Pros_n_Cons · · Score: 1

      The attacks all seem to begin around 8:00AM in China also. Maybe the scene has changed since my day but h4x0rs were getting ready for bed around that time. seems to me this is sponsored and they're clocking into work.

      --

      -- "of course thats just my opinion, I could be wrong." --Dennis Miller
    32. Re:Yea. Me Too. by PCM2 · · Score: 1

      The government is not one man, even in China. If it this did happen and was ever proven he would be forced out at the very least, if not prosecuted, even in China.

      OK, now I think you're intentionally being thick.

      Let's recap: You are the one suggesting that this was the work of one man, acting alone. I am the one telling you that this is virtually impossible, and an attack of this kind would never be done without official government sanction. So explain to me what your new argument is now, because you sure as hell sound like you're making my point for me.

      I think you need to do some reading about China. My girlfriend is Chinese as it happens, so I have some interest in this subject.

      I bow before the superior intellect, Khan.

      It will be ignored until it can no longer be ignored (because incontrovertible proof is made public), at which point the powers that be will come down hard.

      Yeah? And just when would that proof be made public. You mean the kind of "made public" like when the newspapers you attacked run stories about it and the entire world knows about it?

      I am begging you ... begging you, now. THINK. Use your brain.

      --
      Breakfast served all day!
    33. Re:Yea. Me Too. by AmiMoJo · · Score: 1

      You claim that it is "virtually impossible" is laughable. Apparently you missed all the attacks by small groups of hackers, up to and including the theft of 250,000 Twitter account details a few days ago.

      I bow before the superior intellect, Khan.

      You really are a dick, aren't you?

      You mean the kind of "made public" like when the newspapers you attacked run stories about it and the entire world knows about it?

      So they both have motivation to prevent that happening. What is your point again?

      I can tell logic and reading comprehension are not your strong points.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    34. Re:Yea. Me Too. by AmiMoJo · · Score: 1

      Yeah, if I were hacking some foreign state I'd be sure to start bang on 8:00 local time, just in case they didn't get the hint that it was my country doing it.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    35. Re:Yea. Me Too. by Forty+Two+Tenfold · · Score: 1

      Where?

      --
      Upward mobility is a slippery slope - the higher you climb the more you show your ass.
  2. Attack details? by griffjon · · Score: 3, Interesting

    Has anyone seen any details on how to detect this specific method of attack, malware signatures, or similar? Cause that just might be of use, seeing the widespread nature of this.

    Also, who hasn't been attacked? Bueller? Bueller?

    --
    Returned Peace Corps IT Volunteer
    1. Re:Attack details? by Anonymous Coward · · Score: 1

      I know a newspaper from a small Kansas town that hasn't been attacked. It's produced by a 80 year old man with his mechanical typewriter. Maybe these major American news organizations could learn a thing or two from him.

    2. Re:Attack details? by astralagos · · Score: 4, Interesting
      APT attacks are well understood, it's just that they're not very technologically complex. They are, fundamentally, con jobs. You research somebody with a public identity, send a forged email with a trojan, and wait for somebody to open it. The success of the attack is dependent on finding a large enough group that somebody will open the mail. If you want an early example of a discussion of this, read Shishir Nagaraja's and Ross Anderson's "Snooping Dragon" paper.

      As for malware signatures, they've been increasingly ineffective for years. Attackers can buy AV as well, and it's easier for them to tweak their software to evade AV then it is for defenders to generate new signatures. AV's very good at protecting you from yesterday's attack. If you don't have a signature though, it usually takes month to identify a subverted host.

    3. Re:Attack details? by Sulphur · · Score: 3, Funny

      I know a newspaper from a small Kansas town that hasn't been attacked. It's produced by a 80 year old man with his mechanical typewriter. Maybe these major American news organizations could learn a thing or two from him.

      William Allen White?

      --

      Its all Post facto.

    4. Re:Attack details? by guttentag · · Score: 5, Interesting

      Disclosure: I am a former Washington Post employee

      The Post doesn't seem to officially be divulging details. Sure, they're reporting on it now that the word is out through a former employee's blog citing an unnamed former employee (neither of those people are me) as a source, but the article actually has a Post spokesperson denying one of the claims of the article (that the Post handed over one of its servers to the NSA for study). This isn't the paper contradicting itself – it's what ethics look like in practice at a good newspaper. The paper can report on itself even when the top brass don't want to.

      However, in the New York Times story on its own intrusion, it was stated that AT&T "monitors" the company's network and noticed unusual traffic patterns. AT&T alerted athe Times, who asked them to keep an eye on it, and then brought Mandiant in to consult.

      Going back to The Post's story, the company's claim that it did not turn over a server to the NSA casts the issue of China hacking U.S. newspapers in a new light... if you read between the lines. Newspapers (especially The Post and The Times) see themselves as a fiercely-independent check on the government. Watergate-era readers would be as appalled at the idea of The Post handing over servers to the NSA as MacWorld attendees were in the 90s at seeing Bill Gates's face on screen during Job's speech. From a PR perspective, it just looks wrong. China might actually do more to harm these papers by getting them to run into the arms of the U.S. government. It's one thing to think China may have found out you're talking to a reporter... Quite another to think both the U.S. and China may later discover you were the anonymous source for a story they didn't want out. It's unlikely that the NSA is rooting around the server looking for political whistleblowers, but the idea of it has a chilling effect on potential sources who think of The Post as the institution that protected Deep Throat's identity for decades, at great risk to itself.

    5. Re:Attack details? by PCM2 · · Score: 2

      This brand of cynicism is dull, and it creates its own form of self-fulfilling ignorance.

      If nothing you see in the media is true and every journalist is a puppet of either advertisers or the government, then where do you get your news from, exactly?

      There is only one possible answer, and that is: You make it up. You hear what people tell you, decide you're going to believe the opposite, and then you go around railing on the news for not saying what you believe.

      In other words, you are a dolt.

      --
      Breakfast served all day!
    6. Re:Attack details? by Anonymous Coward · · Score: 1

      Two consulate attacks happened on the same day, one by a protesting mob and one by ex-rebel fighters with all qaeda ties. This is in addition to many other mobs that gathered to protest the anti-islam video produced in the US. The attack was quick and I don't believe any of them identified themselves to allow it to be radioed back. There was confusion I'm sure, and the special mission in Benghazi and elsewhere should have had more security. It's a story, but I'm not sure it's as big as you've made it out to be. It also doesn't necessarily paint Obama in a negative light, as the private sector security they had guarding the place sounds more like a republican answer than a democratic one. A bill had also failed in congress that would have appropriated more security to these places.

      I think generally the people harping on the issue are delusional. US intelligence isn't omnipotent, and the only reason Benghazi was a hot topic is because of the election. The NYT is a distinguished publication even despite their problems, and I contest that they worked to get Obama elected. They didn't harp on there not being any WMD in Iraq, or that the Bush administration didn't heed a report warning of the 9/11 attacks.

    7. Re: Attack details? by Tablizer · · Score: 1

      Hillary was talking about the immediate aftermath, not categorization in general.

      --
      Table-ized A.I.
  3. In other news, ... by Anonymous Coward · · Score: 1

    Let's just list the companies that have been verified not to have been attacked by the Chinese.

  4. I figure... by Xenna · · Score: 3, Insightful

    Symantec has probably been hacked by the Chinese too...

  5. Did they also hack Slashdot? by peterindistantland · · Score: 5, Funny

    Is that why I was modded down last time?

  6. How is this not an act of war? by OS24Ever · · Score: 3, Insightful

    I'm curious why repeated attacks "by the Chinese" have invoked no response from the government? It seems odd that we have US Companies being attacked on US soil and there's not even a peep about it.

    I'm not saying bomb people but tis seems.....weird...

    --

    As a rock-in-roll Physicist once said, No matter where you go, there you are.

    1. Re:How is this not an act of war? by mitchaki · · Score: 3, Interesting

      Maybe it has something to do with the large amounts of money the US owes China. It could also have to do with the US government trying to hide the fact that the Dept. of Homeland Security is completely inept and a huge fail when it comes to cybersecurity.

      --
      It seems that everyone who says "I ignore trolls." really means "I ignore you if you disagree with me."
    2. Re:How is this not an act of war? by pushing-robot · · Score: 3, Insightful

      Because...

      (a) We can't be sure the attack originated in China, it could have simply been proxied through there (there are plenty of vulnerable Chinese systems).
      (b) Even if it was, we can't prove it was organized by the Chinese government (there are plenty of non-state hackers in plenty of countries).
      (c) Even if it was, lots of governments engage in low-level espionage (including your own) without significant diplomatic repercussions.

      Gathering intelligence isn't typically considered an "act of war" unless it is seen as a prelude to invasion or otherwise causes physical harm.
      If it was, intelligence agencies would have started World Wars 3 through 17 by now.

      --
      How can I believe you when you tell me what I don't want to hear?
    3. Re:How is this not an act of war? by __aaltlg1547 · · Score: 1

      What are you on about? The government talks about this all the time.

    4. Re:How is this not an act of war? by Anonymous Coward · · Score: 1

      You forgot about the part where the current administration tends to minimize most things that would be considered "egg on the face" of any other administration. Most people will never know about this, and they definitely should.

      They've got the media in their pockets, and they know it.

      They've got most of *you* in their pocket, and we know it.

      Let the illogical defending begin. Always fun to watch on slashdot.

    5. Re:How is this not an act of war? by Anonymous Coward · · Score: 1

      No citations but let's assume you're right.
      When the US does that, Slashdotters never say "Well [somebody else] does it too. This is a non-story." Rather, most of us are righteously indignant and critical of such actions. Now, When [somebody else] indeed has done it, it seems the general consensus is "The US does it too. This is a non-story"

      How about some consistency in standards?

    6. Re:How is this not an act of war? by oodaloop · · Score: 2

      What do you want the DHS to do? Go into every company and tell them how to set up their networks?

      --
      Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
    7. Re:How is this not an act of war? by oodaloop · · Score: 3, Insightful

      (a) We can't be sure the attack originated in China, it could have simply been proxied through there (there are plenty of vulnerable Chinese systems).

      ...which were associated with Chinese military? These weren't random machines. The proxies the Chinese used were random machines in the US, and the attacks were traced back to machines associated with the Chinese govt. This has happened many times in the past, and we know of large Chinese military units engaged in cyber warfare. How many attacks like this have to happen before people realize what kind of war we are in?

      --
      Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
    8. Re:How is this not an act of war? by guttentag · · Score: 1

      I'm curious why repeated attacks "by the Chinese" have invoked no response from the government? It seems odd that we have US Companies being attacked on US soil and there's not even a peep about it.

      I have three simple answers for you:

      • When the U.S. military conducts a "cyber" strike on another country, they're not going to tell you. Not even a peep. No one died, no maimed vets missing legs, so no one needs to know. The odds are they were already "at war" with China in "cyberspace" before this happened.
      • These intrusions are not worth risking a real war.
      • The U.S. government is just as interested in knowing who reporters are talking to as the Chinese are. Why would they want to stop this when China is pushing the newspapers into the arms of the FBI and NSA?
    9. Re:How is this not an act of war? by Anonymous Coward · · Score: 5, Insightful

      Those of us who have traced APT through a few proxies (typically only one) back to a large building owned by various Chinese government agencies can assure you that a very large scale industrial espionage program is underway, with occasional sidelines into attempting to trace methods and sources. There are mountains of evidence, most of it feed into shredders under the instruction of corporate lawyers. And most US corporations are so dependent on deeply flawed Microsoft technologies and caught so deep in political games that most of the time they'd rather bury their head in the sand and ask subordinates to delete all evidence than actually do anything proper about it. IT is a cost center, and you can't demonstrate security ROI in a way that passes modern MBA scrutiny. All corporate divisions exist only to bump the stock price this quarter, which means we have to keep cutting cost and overhead. With few exceptions, investment is basically dead in the US corporate world.

    10. Re:How is this not an act of war? by MikeMo · · Score: 2

      I'm curious why repeated attacks "by the Chinese" have invoked no response from the government? It seems odd that we have US Companies being attacked on US soil and there's not even a peep about it.

      How do you know we're not doing anything about it?

    11. Re:How is this not an act of war? by dkleinsc · · Score: 2

      How many attacks like this have to happen before people realize what kind of war we are in?

      One in which nobody's died?

      --
      I am officially gone from /. Long live http://www.soylentnews.com/
    12. Re:How is this not an act of war? by oodaloop · · Score: 1

      Good idea. Let's do nothing and wait until it's too late to save lives. Skate to where the puck's gonna be. Our power grid is going smart, meaning more and more things are connected to the internet, including all of our critical infrastructure. The internet of things is growing, with things like stoves and coffee pots hooked up to home networks (highly secure, I'm sure). China, Russia, Iran, and even North Korea (believe it or not) all have robust cyber offensive capabilities. This is where the next war will be fought, and the nerds here seem to want to make every excuse to avoid believing it.

      --
      Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
    13. Re:How is this not an act of war? by mjwalshe · · Score: 1

      Do you think any response has to be overt - there is more than one way to apply pressure as FDR said sneaking softly sometimes means you don't have to use the big stick.

    14. Re:How is this not an act of war? by ahabswhale · · Score: 1

      If "IT is a cost center" then you're not doing it right.

      --
      Are agnostics skeptical of unicorns too?
    15. Re:How is this not an act of war? by c0lo · · Score: 1

      How many attacks like this have to happen before people realize what kind of war we are in?

      You don't feel good you don't define a situation as being "at war", don't you?

      --
      Questions raise, answers kill. Raise questions to stay alive.
    16. Re:How is this not an act of war? by DNS-and-BIND · · Score: 1

      China, due to the Great Firewall, is slow as shit, lossy, and the worst place on the planet to route your traffic through. Not when there are Botswana, Russia, Belarus, etc. However if you're with the Chinese government, you get an unblocked clean line that is just as good as 1000mbps DSL in Korea.

      --
      Shutting down free speech with violence isn't fighting fascism. It IS fascism!
    17. Re:How is this not an act of war? by oodaloop · · Score: 1

      I don't know if I don't understand what you're trying to say, don't I.

      --
      Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
    18. Re:How is this not an act of war? by c0lo · · Score: 1

      (perhaps I should have replied to the OS24Ever OP) I'm a bit sick of the "being at war" ethos. In which:
      * every attack is categorized as "being at war", disregarding how harmless or serious the attack actually is (I'd see Aaron Swartz as a victim of such a mentality: from where else the need "to make an example of him"?)
      * "war on concepts" are no longer just metaphors

      Without being a symptom that's unique and defining the "disease", it is highly consistent with "former giants about to fall": inability to control any longer the "great destiny that once was" and the unwillingness to rationally accept this situation; a combination mostly manifesting itself as an aggressive pride.

      (I'd suggest a change in you signature. I feel the "The land of the repossessed home. Free of the brave" describe more accurate the situation).

      --
      Questions raise, answers kill. Raise questions to stay alive.
    19. Re:How is this not an act of war? by c0lo · · Score: 1

      I'm curious why repeated attacks "by the Chinese" have invoked no response from the government? It seems odd that we have US Companies being attacked on US soil and there's not even a peep about it.

      "Citizen, you want to be safe of intrusion? Well, it's mandatory everybody releases to us their private encryption key..."

      Would you still want govt to step in?

      --
      Questions raise, answers kill. Raise questions to stay alive.
    20. Re:How is this not an act of war? by Maudib · · Score: 1

      Saying something and doing something are not the same thing. If the government is doing something, talking about it would quite likely be very dumb.

    21. Re:How is this not an act of war? by gmhowell · · Score: 1

      Do you think any response has to be overt - there is more than one way to apply pressure as FDR said sneaking softly sometimes means you don't have to use the big stick.

      Wrong Roosevelt.

      --
      Jesus was all right but his disciples were thick and ordinary. -John Lennon
    22. Re:How is this not an act of war? by mjwalshe · · Score: 1

      oops it sit corrected

    23. Re:How is this not an act of war? by mitchaki · · Score: 1

      Haha..of course not, I have no trust in them when they can't even defend their own .gov domains. Is there any other insights that you can offer? Or do you just ask silly questions?

      --
      It seems that everyone who says "I ignore trolls." really means "I ignore you if you disagree with me."
  7. Kinda strange... by Anonymous Coward · · Score: 1

    So do those people really think that the Chinese are the first to hack into their servers?

    Something tells me they don't actually reveal that Americans have been hacking into their servers for years aswell, because they want to hype up the entire cyber-terrorism and warfare thing. You know, makes it easier for politicians to push through even more bills that kill off the internet.

  8. Attack Vector(s)? by SirBitBucket · · Score: 1

    Has this info been made public?

  9. What, Security? by 10101001+10101001 · · Score: 1

    "The story also notes that the Post relied on software from Symantec, the same security software that failed to detect intrusions at The New York Times for many months."

    Golly, it's almost as if relying upon detection after the fact or at entry point is no real protection. Oh, but you say, defense in depth! Well, defense in depth is great. But, intrusion detection of the sort is like tissue paper when you might get thousands of attacks daily. The only real defense is actually having software that isn't exploitable. And that means having (a) open software you can analyze, (b) developers/vendors of that software who will quickly address problems, (c) open disclosure so you don't have to wait months to find out you might already be being hacked--giving you the option to simply stop using software if it's hackable--, (d) multiple servers running multiple software stacks so you have something to switch to for (c), and (e) having a strong push for possible problems so you don't have to rely upon (b) because (b) is just a bad hack to the truth that no software is perfect--as that's a broken record if it's said all the time, as it's meant to explain the *occasional* security bug.

    Oh, and I think this also highlights the whole point that treating security as a joke shows the joke's on you. The real thing to worry about is just how bad the US Government's security score is. If you at all believe that government is generally worse than private industry--not something I particularly believe given just how bad private industry is--, then the US as a whole is fucked at least as far as any concerns for keeping US Government held data private from the Chinese or other hackers. All things considered, it makes one wonder if the data China has--not necessarily even their government--would put Wikileaks to shame.

    --
    Eurohacker European paranoia, gun rights, and h
    1. Re:What, Security? by colfer · · Score: 1

      Symantec, I wonder what goes on there. Hope the engineering is better than the fairly ridiculous adventure I had with customer service. I was reporting a bug in the "Verified" seals for my paying client: the web wizard generates the wrong seals because the product matrix has not kept up with the threeway conversion of Verisign, Symantec and Norton. On the fourth customer service rep I finally had someone who knew what he was talking about. Refreshingly, he was blunt and did not end by asking me if I had any other issues, but just signed off! He sent me the code I needed, but I'm not sure he reported the bug.

      Let's hope that means the server security and SSL cert teams are no-nonsense engineers, not bereft souls in a chaotic marketing enterprise.

  10. Blame the software? by Murdoch5 · · Score: 1

    What is the point on the IT department if your going to blame off the shelf software. The software is a rough first stop but in no way a completely solution for prevention. Before you blame the software also blame the IT department.

  11. Re:Probability by oodaloop · · Score: 2

    I guess that might make even the slightest amount of sense if a Norwegian farmer and a Zimbabwean goat herder had the same likelihood of using a computer owned by the Chinese military.

    --
    Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
  12. THE CHINESE by Anonymous Coward · · Score: 1

    That monolithic entity known only as THE CHINESE.

    Odd that when Anonymous deface a bank's website we don't say THE AMERICANS hacked it.

    1. Re:THE CHINESE by edibobb · · Score: 1

      I suspect the Mongoliad.

  13. Sophisticated? by edibobb · · Score: 2

    Of course it's a sophisticated attack. It happened to a big company, and they cannot be held responsible. If it happened to me on my home PC or at a small business, it would be my own fault for having inadequate security.

  14. Re:Lie factory by guttentag · · Score: 1

    The Washington Post is a company that sells propaganda to suckers. They lie for a living. Why should anyone believe them now?

    Citation please.

  15. This could cause some confusing headlines by istartedi · · Score: 1

    If the main story on the front pages is "Hacked by Chinese", was that supposed to be the main story or is it just script kiddies bragging?

    --
    For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
  16. Re:Lie factory by 93+Escort+Wagon · · Score: 1

    Thank you for sharing your opinion, Mr. Liddy.

    --
    #DeleteChrome
  17. Looks like Bad Things DO Happen in Fours by ohnocitizen · · Score: 1
    http://it.slashdot.org/story/13/02/02/0340220/twitter-hacked

    Looks like bad things do happen in threes — Twitter's report comes on the heels of disclosures of hacking attacks on the WSJ and NY Times.

    Can we please get rid of that ridiculous expression?

  18. Re:Looks like Bad Things DO Happen in Fives by dkleinsc · · Score: 1

    Not only have 4 other bad things happened, we've also failed to get rid of that ridiculous expression!

    --
    I am officially gone from /. Long live http://www.soylentnews.com/
  19. Can someone remind me who wrote Stuxnet? by jools33 · · Score: 1

    Can someone remind me who wrote Stuxnet? - and how is this any worse?

    1. Re:Can someone remind me who wrote Stuxnet? by mbkennel · · Score: 3, Insightful

      One is trying to stop a religious dicatorship from making nuclear weapons.

      The other is trying to intimidate people (and imprison them) who look into and talk about the corrupt financial shenanigans of a secular dictatorship.

      If Stuxnet were directed at a German newspaper which printed a story about Dick Cheney's purloined billions, then it would be pretty comparable, but the U.S. government isn't actually going to do something like that, because, believe or not, some of the people in charge of doing the operation might believe it to be immoral.

  20. The Onion says Me Too, too! by billstewart · · Score: 2

    The Onion, America's Finest News Source, recently posted an article saying they'd also given all their passwords to the Chinese.

    --

    Bill Stewart
    New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
  21. Re:The Chinese, such ingenius hackers by mbkennel · · Score: 3, Insightful

    Why is obscuring the origin of their attacks their intent? Perhaps being tracked to China is one of the points of it.

    It's like poisoning a dissident with polonium: the unmistakable message of "don't fuck with Putin".

  22. Newspapers arrogant and bad at security? by gelfling · · Score: 1

    Next thing you'll be telling me sometimes the government lies.

  23. Wen Jiarbo has $2 billion? by iMactheKnife · · Score: 1

    The Premiere of the PRC managed to sock away $2 billion in various banks, including the US banks, in violation of anti-corruption laws in China and the US. All the while, the average rural Chin family cannot afford medical care or education and still works for coolie wages in this Communist paradise. Do you think this might be embarrassing to the Communist Party? They are not hacking to fix the problem. They are hacking to find out who squealed.