Slashdot Mirror

← Back to Stories (view on slashdot.org)

Washington Post: We Were Also Hacked By the Chinese

Posted by Soulskill on from the they-just-want-to-fit-in dept.

tsu doh nimh writes "A sophisticated cyberattack targeted The Washington Post in an operation that resembled intrusions against other major American news organizations and that company officials suspect was the work of Chinese hackers, the publication acknowledged on Friday. The disclosure came just hours after a former Post employee shared information about the break-in with ex-Postie reporter Brian Krebs, and caps a week marked by similar stories from The New York Times and The Wall Street Journal. Krebs cites a former Post tech worker saying that the publication gave one of its hacked servers to the National Security Agency for analysis, a claim that the Post's leadership denies. The story also notes that the Post relied on software from Symantec, the same security software that failed to detect intrusions at The New York Times for many months."

20 of 135 comments (clear)

  1. Yea. Me Too. by Anonymous Coward · · Score: 3, Insightful

    I need some attention too!

    What I have derived form this past weeks revelations.

    1. The Chinese have no problem gaining access to what ever computer networks they wish to.

    2. They seem to be most interested in themselves, kinda like creeping other people's Facebook to see what they say about you.

    3. So far, they haven't found anything worth their time.

    4. Organizations seem to feel that since they discovered something on their networks, they have discovered everything on their networks.

    5. Fail.

    1. Re:Yea. Me Too. by jhoegl · · Score: 3, Funny

      Go back into your bunker...

      NPR had a great story on this yesterday, but since you most news is propaganda, you must ask these ignorant questions.
      Your ignorance breeds unto itself.

    2. Re:Yea. Me Too. by alexander_686 · · Score: 5, Interesting

      These newspapers have been reporting embarrassing things. Like members of the Communist Party and their family members have vast wealth – implying that this wealth is coming from inside contacts and use (or abuse) of official power. The Communist Party would be interested in who is leaking the details.

    3. Re:Yea. Me Too. by alexander_686 · · Score: 4, Insightful

      Your missing the point. The fact is that somebody is hacking into the paper to figure out who the journalist's sources are.

      So, it's not the average Chinese citizen trying to read the paper – it's about finding who the journalist are, what their sources are, etc – the stuff a government would need to harasses and shut down the people who are leaking the data.

    4. Re:Yea. Me Too. by PCM2 · · Score: 3

      You are assuming it was the Chinese government. So far I have not seen a shred of evidence to support that. There is some circumstantial evidence that the attacks may have originated from China, possibly.

      It would actually make a lot more sense if it were hackers hired by the politician who has been the subject of these embarrassing stories.

      OK, did I just read your whole comment to learn that you think there's not "a shred of evidence" that it was the government, but instead you believe it was hackers hired by the government? I think I can smell my brain dying.

      Of course it might just be the Chinese equivalent of Anonymous.

      Do you have any idea how things work in China? Just think for a minute: Great Firewall of China, ring any bells? Go find some bandwidth statistics and see how hard it is for the Chinese to get access to fast internet connections, compared to places like South Korea or Japan. And if there really were some underground internet hacker movement composed of individuals in China -- and there isn't -- why on Earth would they attack Western newspapers, which mostly tell the truth, and not their own newspapers, which never do?

      --
      Breakfast served all day!
    5. Re:Yea. Me Too. by alexander_686 · · Score: 4, Insightful

      This is China - the lines between government, party, industry, and politician are a bit blurred. For example, IIRC, the Army reports to the party - not to the government. Elections are limited and managed. etc.

    6. Re:Yea. Me Too. by PCM2 · · Score: 3

      A politician acting for themselves is not the same as the state deciding to sanction something. When a US politician goes to jail that doesn't mean that the government committed a crime or endorsed his behaviour.

      OK, my guess was right. You really don't understand how things work in China. My recommendation is that you go to the library, grab back issues of some reputable news source (The Economist might be a good place to start) and read up on everything you can find about the last Chinese national election. Along the way you'll learn a lot about how free Chinese politicians are to act independently. (TL;DR - China ain't the US.)

      Also, just think about what you're suggesting. This isn't some politician giving an order to have some hapless old man thrown in prison. That kind of thing happens all the time in China, and nobody ever hears about it. What you're saying, though, is that some lone politician, acting completely independently and on his own initiative, hired hackers to launch an attack on the two largest, most respected newspapers in the United States. Not even the largest companies -- the largest newspapers. Exactly how was this supposed rogue, lone wolf politician planning to cover up what he did?

      --
      Breakfast served all day!
  2. Attack details? by griffjon · · Score: 3, Interesting

    Has anyone seen any details on how to detect this specific method of attack, malware signatures, or similar? Cause that just might be of use, seeing the widespread nature of this.

    Also, who hasn't been attacked? Bueller? Bueller?

    --
    Returned Peace Corps IT Volunteer
    1. Re:Attack details? by astralagos · · Score: 4, Interesting
      APT attacks are well understood, it's just that they're not very technologically complex. They are, fundamentally, con jobs. You research somebody with a public identity, send a forged email with a trojan, and wait for somebody to open it. The success of the attack is dependent on finding a large enough group that somebody will open the mail. If you want an early example of a discussion of this, read Shishir Nagaraja's and Ross Anderson's "Snooping Dragon" paper.

      As for malware signatures, they've been increasingly ineffective for years. Attackers can buy AV as well, and it's easier for them to tweak their software to evade AV then it is for defenders to generate new signatures. AV's very good at protecting you from yesterday's attack. If you don't have a signature though, it usually takes month to identify a subverted host.

    2. Re:Attack details? by Sulphur · · Score: 3, Funny

      I know a newspaper from a small Kansas town that hasn't been attacked. It's produced by a 80 year old man with his mechanical typewriter. Maybe these major American news organizations could learn a thing or two from him.

      William Allen White?

      --

      Its all Post facto.

    3. Re:Attack details? by guttentag · · Score: 5, Interesting

      Disclosure: I am a former Washington Post employee

      The Post doesn't seem to officially be divulging details. Sure, they're reporting on it now that the word is out through a former employee's blog citing an unnamed former employee (neither of those people are me) as a source, but the article actually has a Post spokesperson denying one of the claims of the article (that the Post handed over one of its servers to the NSA for study). This isn't the paper contradicting itself – it's what ethics look like in practice at a good newspaper. The paper can report on itself even when the top brass don't want to.

      However, in the New York Times story on its own intrusion, it was stated that AT&T "monitors" the company's network and noticed unusual traffic patterns. AT&T alerted athe Times, who asked them to keep an eye on it, and then brought Mandiant in to consult.

      Going back to The Post's story, the company's claim that it did not turn over a server to the NSA casts the issue of China hacking U.S. newspapers in a new light... if you read between the lines. Newspapers (especially The Post and The Times) see themselves as a fiercely-independent check on the government. Watergate-era readers would be as appalled at the idea of The Post handing over servers to the NSA as MacWorld attendees were in the 90s at seeing Bill Gates's face on screen during Job's speech. From a PR perspective, it just looks wrong. China might actually do more to harm these papers by getting them to run into the arms of the U.S. government. It's one thing to think China may have found out you're talking to a reporter... Quite another to think both the U.S. and China may later discover you were the anonymous source for a story they didn't want out. It's unlikely that the NSA is rooting around the server looking for political whistleblowers, but the idea of it has a chilling effect on potential sources who think of The Post as the institution that protected Deep Throat's identity for decades, at great risk to itself.

  3. I figure... by Xenna · · Score: 3, Insightful

    Symantec has probably been hacked by the Chinese too...

  4. Did they also hack Slashdot? by peterindistantland · · Score: 5, Funny

    Is that why I was modded down last time?

  5. How is this not an act of war? by OS24Ever · · Score: 3, Insightful

    I'm curious why repeated attacks "by the Chinese" have invoked no response from the government? It seems odd that we have US Companies being attacked on US soil and there's not even a peep about it.

    I'm not saying bomb people but tis seems.....weird...

    --

    As a rock-in-roll Physicist once said, No matter where you go, there you are.

    1. Re:How is this not an act of war? by mitchaki · · Score: 3, Interesting

      Maybe it has something to do with the large amounts of money the US owes China. It could also have to do with the US government trying to hide the fact that the Dept. of Homeland Security is completely inept and a huge fail when it comes to cybersecurity.

      --
      It seems that everyone who says "I ignore trolls." really means "I ignore you if you disagree with me."
    2. Re:How is this not an act of war? by pushing-robot · · Score: 3, Insightful

      Because...

      (a) We can't be sure the attack originated in China, it could have simply been proxied through there (there are plenty of vulnerable Chinese systems).
      (b) Even if it was, we can't prove it was organized by the Chinese government (there are plenty of non-state hackers in plenty of countries).
      (c) Even if it was, lots of governments engage in low-level espionage (including your own) without significant diplomatic repercussions.

      Gathering intelligence isn't typically considered an "act of war" unless it is seen as a prelude to invasion or otherwise causes physical harm.
      If it was, intelligence agencies would have started World Wars 3 through 17 by now.

      --
      How can I believe you when you tell me what I don't want to hear?
    3. Re:How is this not an act of war? by oodaloop · · Score: 3, Insightful

      (a) We can't be sure the attack originated in China, it could have simply been proxied through there (there are plenty of vulnerable Chinese systems).

      ...which were associated with Chinese military? These weren't random machines. The proxies the Chinese used were random machines in the US, and the attacks were traced back to machines associated with the Chinese govt. This has happened many times in the past, and we know of large Chinese military units engaged in cyber warfare. How many attacks like this have to happen before people realize what kind of war we are in?

      --
      Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
    4. Re:How is this not an act of war? by Anonymous Coward · · Score: 5, Insightful

      Those of us who have traced APT through a few proxies (typically only one) back to a large building owned by various Chinese government agencies can assure you that a very large scale industrial espionage program is underway, with occasional sidelines into attempting to trace methods and sources. There are mountains of evidence, most of it feed into shredders under the instruction of corporate lawyers. And most US corporations are so dependent on deeply flawed Microsoft technologies and caught so deep in political games that most of the time they'd rather bury their head in the sand and ask subordinates to delete all evidence than actually do anything proper about it. IT is a cost center, and you can't demonstrate security ROI in a way that passes modern MBA scrutiny. All corporate divisions exist only to bump the stock price this quarter, which means we have to keep cutting cost and overhead. With few exceptions, investment is basically dead in the US corporate world.

  6. Re:The Chinese, such ingenius hackers by mbkennel · · Score: 3, Insightful

    Why is obscuring the origin of their attacks their intent? Perhaps being tracked to China is one of the points of it.

    It's like poisoning a dissident with polonium: the unmistakable message of "don't fuck with Putin".

  7. Re:Can someone remind me who wrote Stuxnet? by mbkennel · · Score: 3, Insightful

    One is trying to stop a religious dicatorship from making nuclear weapons.

    The other is trying to intimidate people (and imprison them) who look into and talk about the corrupt financial shenanigans of a secular dictatorship.

    If Stuxnet were directed at a German newspaper which printed a story about Dick Cheney's purloined billions, then it would be pretty comparable, but the U.S. government isn't actually going to do something like that, because, believe or not, some of the people in charge of doing the operation might believe it to be immoral.