Slashdot Mirror

← Back to Stories (view on slashdot.org)

Confirmed: CBS News Reporter's Computer Compromised

Posted by timothy on from the all-the-cool-kids-have-their-lines-tapped dept.

New submitter RoccamOccam writes "Shortly after the news broke that the Department of Justice had been secretly monitoring the phones and email accounts of Associated Press and Fox News reporters (and the parents of Fox News Correspondent James Rosen), CBS News' Sharyl Attkisson said her computer seemed like it had been compromised. Turns out, it was. 'A cyber security firm hired by CBS News has determined through forensic analysis that Sharyl Attkisson's computer was accessed by an unauthorized, external, unknown party on multiple occasions late in 2012. Evidence suggests this party performed all access remotely using Attkisson's accounts. While no malicious code was found, forensic analysis revealed an intruder had executed commands that appeared to involve search and exfiltration of data.'"

23 of 176 comments (clear)

  1. Better security might help by gweihir · · Score: 4, Insightful

    A good example why reporters (and others) need to care about IT security.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:Better security might help by masdog · · Score: 4, Insightful

      I'm not sure better security would help in this case. It's not like the government has compromised the major OS vendors/projects. In fact, I think there's no such agency dedicated to that task.

      --
      My Sysadmin Blog
    2. Re:Better security might help by gweihir · · Score: 4, Insightful

      While it is known that MS has given vulnerabilities to the NSA before patching them, it is highly doubtful the same is going on with Linux or the free BSDs. The risk of being discovered would just be too big.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    3. Re:Better security might help by monkeyhybrid · · Score: 3, Interesting

      Please excuse my sceptism. I just googled the topic and it seems there's some evidence they've been doing this along with contributing to PRISM. Very enlightening to say the least!

    4. Re:Better security might help by AxemRed · · Score: 5, Informative

      It's all over the internet. Here for one:

      http://arstechnica.com/security/2013/06/nsa-gets-early-access-to-zero-day-data-from-microsoft-others/

    5. Re:Better security might help by Anonymous Coward · · Score: 3, Interesting

      There's no need to insert vulnerabilities into Linux. The Linux kernel is riddled with vulnerabilities.

      If you've ever wondered to yourself, "how the heck do those Linux developers commit such huge changes between minor versions without introducing bugs", well I have some news for you....

      If you want to run a secure system, try OpenBSD or NetBSD. Development occurs at a slower, more conservative pace, particularly with OpenBSD. And there are virtually none of the "dump and run" feature submissions that are so common with Linux.

      The application and server software you run should be developed similarly--slow and conservative, with a large number of the developers having a good comprehension of all or most of the subsystems, so that they can readily critique changes instead of deferring to the single guy who, alone, understands that subsystem.

      Remember, it's all about the eyeballs. But not all eyeballs are created equally, and not all projects make the most efficient use of the eyeballs available to them. Linux long ago past the point where bugs were spotted and quashed efficiently.

    6. Re:Better security might help by gweihir · · Score: 3, Insightful

      When you are talking about local exploits, maybe. But this is about remote exploits. When you have compromised an user account, you do not need privilege escalation to spy on them, you just need to get in as said user. That limits the scope of what needs to be looked at rather dramatically.

      Also, for security critical operation, a vanilla Linux is not a good idea. Use AppArmor or SELinux with custom, restrictive configurations. (Yes, I know that SELinux is from the NSA, but the risk of putting in back-doors is just to big.) Running a server is different. There, the largest risk is from the server software. Things like OpenSSH and Postfix are very secure, Apache2 without modules less so and Apache2 with modules can be a real nightmare, depending on the modules.

      I do agree on the development model though. But you need to take into account that most of the fast development in Linux is the drivers. The rest is done a lot more carefully and with significantly more review.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    7. Re:Better security might help by Clsid · · Score: 4, Informative

      SELinux is not provided by the NSA anymore. It has been incorporated into the kernel and all you have to do is enable stuff that you want to use now. The code has been reviewed and the NSA was not the only entity involved, so I would not worry about that too much.

    8. Re:Better security might help by Anonymous Coward · · Score: 4, Interesting

      It isn't the operating systems. Too many people pay attention to them. The secret code is in the compilers (where all the NSA fake employees work). It works this way: the compiler itself was compiled by the NSA to add secret code to the compiler source. This way, even if you are compiling from the clean and open source files, you will still get the NSA features. And when the OS is compiled, the NSA features are also added. For all 'hard-copy' operating systems, additional effort is made to ensure that the final copy is compromised. For open source or downloadable operating systems, the NSA runs a program where they swap out bytes at the ISP level while retaining the checksums. I've heard that this program is code named LEYTUNNEL.

      Posted via Tor to protect myself and my source

  2. Oddly specific denial by hawguy · · Score: 5, Interesting

    Why is the justice department denial so specific:

    To our knowledge, the Justice Department has never compromised Ms. Attkisson’s computers, or otherwise sought any information from or concerning any telephone, computer, or other media device she may own or use.

    It sounds like a carefully worded statement that leaves open the possibility that they planted an old fashioned bug to listen to her in her home, or a GPS tracker on her car, or secretly searched her house, or one of the other many ways they can secretly keep someone under surveillance.

    Why not a simple "We have never had Ms Attkisson under any surveillance or covertly obtained any information about her"?

    Besides, if she used a Verizon Business cell phone, or if the same cell phone meta-data order that was leaked to the press was given to all of the carriers, then the government *did* seek information concerning telephones used by her.

    1. Re:Oddly specific denial by larry+bagina · · Score: 5, Insightful

      When you have an Attorney General who will, under oath in front of Congress, commit perjury, why are any of their other statements considered credible?

      Not posting anonymously because the DOJ and NSA are tracking us either way.

      --
      Do you even lift?

      These aren't the 'roids you're looking for.

    2. Re:Oddly specific denial by ShanghaiBill · · Score: 4, Insightful

      well that would explain why they say that Justice Department hasn't done it.

      That is NOT what they said. Read the quote carefully. It simply says that the speaker has no knowledge of the justice dept doing it, not that they didn't do it. This is a classic example of a bureaucratic waffle. It sounds like they are actually saying something meaningful, but if you parse the sentence, it is basically vacuous.

  3. tsk tsk.... by arcite · · Score: 4, Funny

    Looks like someone didn't renew their Norton Anti-Virus subscription. They warned you!

  4. Welcome to the Botnet by checkitout · · Score: 5, Insightful

    Occam's razor would suggest that she got pwned by a drive-by exploit on some site she visits. In the same way anyone else might. She just happened to be of some level of importance.

    1. Re:Welcome to the Botnet by gl4ss · · Score: 3, Informative

      Occam's razor would suggest that she got pwned by a drive-by exploit on some site she visits. In the same way anyone else might. She just happened to be of some level of importance.

      but it was an attack by someone who knew the user/pass. like, from her mail or whatever..

      --
      world was created 5 seconds before this post as it is.
    2. Re: Welcome to the Botnet by Anonymous Coward · · Score: 3, Interesting

      Total coincidence that she was the only non-Fox reporter looking into Fast & Furious gun running scandal, and this happened right around when that was heating up.

      Obama's people wanted to know if they'd been caught.

  5. Re:Yawn... by Anonymous Coward · · Score: 3, Insightful

    Leave an embassador to die, no one bats an eye.

    Spy on some reporters, everyone looses their minds....

    Yawn....

    The Slashdot audience is either retarded or full of partisan idiots.

    The quoted comment is quite relevant to the level of attention the media and the public pay to seriously important failings based on party politics of the government and of course is modded down.

    While this fluff nonsense gets modded up.

    Maybe they just wanted hot pics of her (Score:2)
    by Spy Handler (822350) on Friday June 14, 2013 @07:19PM (#44012213) Homepage Journal

    She's a nice looking lady... sure she's like 50 now, but around the year 2000 I was unemployed and watching late night TV, and she used to be a regular on CBS late late night news (like past midnight). I remember thinking hey she's really cute.

    I'm sick of it, and reading the comments is a waste of time here. All you libtards can congratulate yourselves on your partisanship and continue doing so as America becomes a banana republic.

    And while you are at it, quit thinking of your selves as the technical elite, you're not, you're more like kiddie Hax0rs competing for attention by being idiot smartasses.

  6. What data? by dadelbunts · · Score: 5, Interesting

    I love how they fail to mention what data was searched. Im sure that would provide alot of information as to who was doing the searching.

  7. Re:Yawn... by gmuslera · · Score: 4, Insightful

    Spy on basically everyone on the planet, no one bats an eye. Spy on a public person, everything is crazy now.

  8. Re:Security begins with Linux by DaHat · · Score: 3, Insightful

    With Linux it should be possible to have a computer which can search the Internet and prepare reports with no open ports for external attack.

    So you are going to read code line by line to determine that no such exploits exist?

    Anytime you run ANYTHING that you did not build AND control yourself... you run that risk... the best we can do is hope we can trust who we get our OS, router or tank from... and perhaps audit them from time to time (if we have that power) to try to make sure.

    --
    Help Brendan pay off his student loans
  9. Re:Yawn... by cold+fjord · · Score: 4, Informative

    The best thing to do if you want to change people's minds is to find facts and present them reasonably, politely, logically, in a factual manner, and possibly with a reference link. Flames and insults seldom change peoples minds, and rarely snark, but facts sometimes do. Note that I wrote "sometimes." And it is often a long process. Being in the minority on Slashdot often means having to ignore insult, bad moderation, harassment, trolls, the occasional doppelganger trying to discredit you, silly arguments against you being highly moderated while you get mod bombed, the occasional death threat or wish for your injury, and all manner of other nonsense. And you have to live with the fact that vehement statements that are uninformed, silly, completely wrong, and often inflammatory, will be highly moderated as long as they are from the proper politically correct perspective. There are people from all around the world that post here with all manner of ideas, including: liberals, socialists, progressives, libertarians, conservatives, communists, Nazis, Islamists, Christians, atheists, the occasional Jedi, programmers, sys admins, engineers, doctors, lawyers, soldiers, students, mathematicians, physicists, and I'm going to stop because the full list is so long, seemingly unbounded. It can be frustrating, but try to be salt, if you care to.

    --
    much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
  10. Re:Yawn... by ShooterNeo · · Score: 4, Interesting

    Think back to the 1960s. Many of the complaints the "radicals" had were in fact legitimate. The Vietnam war was poorly managed and ultimately a colossal waste of lives and resources. Agent Orange really was a horrible toxin, causing permanent injuries. Drafting people to send them to a pointless war really was an evil act (and the draft dodgers were making a decision that in retrospect was a smart one)

    Marijuana really was a drug with low potential for harm, black people really were being oppressed, and nudism and free love must have been pretty fun.

    The point is, what did mainstream culture have to say then? What did all those protests do to affect the decisions made by The Man? Fuck-all, that's what. Doesn't seem any different now.

  11. Re:Yawn... by tripleevenfall · · Score: 3, Insightful

    I think /. is showing it's biased, but it's mostly biased on things other than tech issues. On tech issues like online privacy, everyone has the same opinion here.

    On something like Benghazi or Guantanamo Bay or (whatever), for most people it's ok when their guy does it, not ok when the other guy does it.

    We will all be a lot better off if this president's (remaining) defenders admit they were sold a bill of goods.

    (from a 3rd party voter)