Slashdot Mirror

← Back to Stories (view on slashdot.org)

Confirmed: CBS News Reporter's Computer Compromised

Posted by timothy on from the all-the-cool-kids-have-their-lines-tapped dept.

New submitter RoccamOccam writes "Shortly after the news broke that the Department of Justice had been secretly monitoring the phones and email accounts of Associated Press and Fox News reporters (and the parents of Fox News Correspondent James Rosen), CBS News' Sharyl Attkisson said her computer seemed like it had been compromised. Turns out, it was. 'A cyber security firm hired by CBS News has determined through forensic analysis that Sharyl Attkisson's computer was accessed by an unauthorized, external, unknown party on multiple occasions late in 2012. Evidence suggests this party performed all access remotely using Attkisson's accounts. While no malicious code was found, forensic analysis revealed an intruder had executed commands that appeared to involve search and exfiltration of data.'"

11 of 176 comments (clear)

  1. Better security might help by gweihir · · Score: 4, Insightful

    A good example why reporters (and others) need to care about IT security.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:Better security might help by masdog · · Score: 4, Insightful

      I'm not sure better security would help in this case. It's not like the government has compromised the major OS vendors/projects. In fact, I think there's no such agency dedicated to that task.

      --
      My Sysadmin Blog
    2. Re:Better security might help by gweihir · · Score: 4, Insightful

      While it is known that MS has given vulnerabilities to the NSA before patching them, it is highly doubtful the same is going on with Linux or the free BSDs. The risk of being discovered would just be too big.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    3. Re:Better security might help by gweihir · · Score: 3, Insightful

      When you are talking about local exploits, maybe. But this is about remote exploits. When you have compromised an user account, you do not need privilege escalation to spy on them, you just need to get in as said user. That limits the scope of what needs to be looked at rather dramatically.

      Also, for security critical operation, a vanilla Linux is not a good idea. Use AppArmor or SELinux with custom, restrictive configurations. (Yes, I know that SELinux is from the NSA, but the risk of putting in back-doors is just to big.) Running a server is different. There, the largest risk is from the server software. Things like OpenSSH and Postfix are very secure, Apache2 without modules less so and Apache2 with modules can be a real nightmare, depending on the modules.

      I do agree on the development model though. But you need to take into account that most of the fast development in Linux is the drivers. The rest is done a lot more carefully and with significantly more review.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  2. Welcome to the Botnet by checkitout · · Score: 5, Insightful

    Occam's razor would suggest that she got pwned by a drive-by exploit on some site she visits. In the same way anyone else might. She just happened to be of some level of importance.

  3. Re:Yawn... by Anonymous Coward · · Score: 3, Insightful

    Leave an embassador to die, no one bats an eye.

    Spy on some reporters, everyone looses their minds....

    Yawn....

    The Slashdot audience is either retarded or full of partisan idiots.

    The quoted comment is quite relevant to the level of attention the media and the public pay to seriously important failings based on party politics of the government and of course is modded down.

    While this fluff nonsense gets modded up.

    Maybe they just wanted hot pics of her (Score:2)
    by Spy Handler (822350) on Friday June 14, 2013 @07:19PM (#44012213) Homepage Journal

    She's a nice looking lady... sure she's like 50 now, but around the year 2000 I was unemployed and watching late night TV, and she used to be a regular on CBS late late night news (like past midnight). I remember thinking hey she's really cute.

    I'm sick of it, and reading the comments is a waste of time here. All you libtards can congratulate yourselves on your partisanship and continue doing so as America becomes a banana republic.

    And while you are at it, quit thinking of your selves as the technical elite, you're not, you're more like kiddie Hax0rs competing for attention by being idiot smartasses.

  4. Re:Oddly specific denial by larry+bagina · · Score: 5, Insightful

    When you have an Attorney General who will, under oath in front of Congress, commit perjury, why are any of their other statements considered credible?

    Not posting anonymously because the DOJ and NSA are tracking us either way.

    --
    Do you even lift?

    These aren't the 'roids you're looking for.

  5. Re:Yawn... by gmuslera · · Score: 4, Insightful

    Spy on basically everyone on the planet, no one bats an eye. Spy on a public person, everything is crazy now.

  6. Re:Security begins with Linux by DaHat · · Score: 3, Insightful

    With Linux it should be possible to have a computer which can search the Internet and prepare reports with no open ports for external attack.

    So you are going to read code line by line to determine that no such exploits exist?

    Anytime you run ANYTHING that you did not build AND control yourself... you run that risk... the best we can do is hope we can trust who we get our OS, router or tank from... and perhaps audit them from time to time (if we have that power) to try to make sure.

    --
    Help Brendan pay off his student loans
  7. Re:Oddly specific denial by ShanghaiBill · · Score: 4, Insightful

    well that would explain why they say that Justice Department hasn't done it.

    That is NOT what they said. Read the quote carefully. It simply says that the speaker has no knowledge of the justice dept doing it, not that they didn't do it. This is a classic example of a bureaucratic waffle. It sounds like they are actually saying something meaningful, but if you parse the sentence, it is basically vacuous.

  8. Re:Yawn... by tripleevenfall · · Score: 3, Insightful

    I think /. is showing it's biased, but it's mostly biased on things other than tech issues. On tech issues like online privacy, everyone has the same opinion here.

    On something like Benghazi or Guantanamo Bay or (whatever), for most people it's ok when their guy does it, not ok when the other guy does it.

    We will all be a lot better off if this president's (remaining) defenders admit they were sold a bill of goods.

    (from a 3rd party voter)