State-Sponsored Hacking Attacks Targeting Top News Organizations

← Back to Stories (view on slashdot.org)

State-Sponsored Hacking Attacks Targeting Top News Organizations

Posted by Soulskill on Friday March 28, 2014 @06:15AM from the tip-of-the-iceberg dept.

An anonymous reader writes "Security engineers from Google have found that 21 out of the top 25 news organizations have been targeted by cyberattacks that are likely state-sponsored. We've heard about some high profile attacks on news sites, but Google actively tracks the countries that are launching these attacks, and even hosts email services for many of the news organizations. 'Huntley said Chinese hackers recently gained access to a major Western news organization, which he declined to identify, via a fake questionnaire emailed to staff. Most such attacks involve carefully crafted emails carrying malware or directing users to a website crafted to trick them into giving up credentials. Marquis-Boire said that while such attacks were nothing new, their research showed that the number of attacks on media organizations and journalists that went unreported was significantly higher than those made public.'"

19 comments

Min score:

Reason:

Sort:

"Chinese hackers" by Anonymous Coward · 2014-03-28 06:26 · Score: 4, Insightful

How hard is it for an intel agency or a security contractor to launch an attack in such a way as to falsely implicate a boogey-man such as "Chinese hackers"?
1. Re:"Chinese hackers" by Anonymous Coward · 2014-03-28 06:56 · Score: 1
  
  Not very hard at all.
2. Re:"Chinese hackers" by hey! · 2014-03-28 07:19 · Score: 3, Insightful
  
  Depends on your standard of proof.
  I suppose the best possible way is to hack the patsy's computer and use it to launch an attack. That could, in principle, be nearly impossible to distinguish from an attack initiated by the patsy; not without the investigators hacking into the patsy's computer themselves. I suppose if I were going to implicate some patsy in cybershenanigans I'd start by securing his system from everybody but me.
  Once you've considered the possibility that an attack is frameup, you'd find yourself asking questions like, "Who would want to embarrass the New York Times AND get a Chinese engineering student into trouble? Well, another Chinese engineering student, I guess, but I wouldn't bet on it. The problem is that this kind of reasoning is extremely unreliable. One of the toughest lessons I've had to teach clients is that the motivations of attackers may not make any sense to you. In fact they probably won't.
  Take the attack itself. What does it accomplish to deface an American's newspaper's website? It doesn't stop people from getting the news. It doesn't stop people from getting the paper's website for very long. It certainly doesn't do anything to change US Government policies or actions. All it does, in the end, is get some site admins into trouble with their bosses. Essentially, it accomplishes nothing.
  But then, a lot of political stuff people do doesn't accomplish anything but make them feel like their doing something. So if we're going to criminally profile the hacker, what we've got is a technically clever stupid person. That is to say somebody who is good at figuring things out and persistent at problem solving, but not very good at choosing useful ways to apply that talent.
  But there's a hell of a lot of people like that.
  
  --
  Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
3. Re:"Chinese hackers" by poity · 2014-03-28 07:47 · Score: 2
  
  Take the attack itself. What does it accomplish to deface an American's newspaper's website?
  The article doesn't say anything about defacement, it actually says that journalists themselves were the targets. I assume being able to penetrate a journalist's work account is one of the first steps to either subsequently penetrating that journalist's personal accounts elsewhere, or to build a profile in order to create false identity elsewhere. The first could be used to reveal current sources, and the latter could be used to ensnare future sources.
  Everyone is on high alert to stopping their own Snowden event, and I think that's a far simpler and more relevant explanation than "USA is trying to frame other countries by defacing its own news site"
  
  --
  your thin skin doesn't make me a troll
4. Re:"Chinese hackers" by lgw · 2014-03-28 07:51 · Score: 3, Interesting
  
  One of the toughest lessons I've had to teach clients is that the motivations of attackers may not make any sense to you. In fact they probably won't.
  Indeed: "all politics is local". People have a hard time understanding this. Why does someone launch a terrorist attack against the US? It will be something involving the people that they socialize with, and the usual motivations of status, respect, dignity and so on. It may in some very distant way be a response to US actions, but don't look for direct "they killed my parents, and I've spent my life seeking the six-fingered man" motivations.
  When attacks (cyber or otherwise) are local, motivations are usually straightforward and understandable, but when the target is very distant, it will be something that makes a lot of sense in the attackers' community, but with the distance in geography and culture, it can be totally opaque to you. There may be nothing you can do to not be the target of choice, if you're successful and well known like a media property. No, they don't hate you because you're successful, but their distant community knows you exist and you thus give them bragging rights because you're successful.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
5. Re:"Chinese hackers" by Anonymous Coward · 2014-03-28 08:11 · Score: 0
  
  Here's a typical scenario:
  [13:04] * OwnedChinabotLOL (~sneaky@2b6f2293.211e61ee.163data.com.cn) has joined #CIASBOTNET
  [13:04] <CIaDumbassNoobScriptkid> !packet 198.81.129.107
  [13:05] <OwnedChinabotLOL> Now Packeting Amerrrrrcuaaa at 198.81.129.107 !
  [13:06] <CIaDumbassNoobScriptkid> Lol now those dumb ass Americans who pay my salary will now think China is attacking the USA
  [13:06] <CIaDumbassNoobScriptkid2> This is wayyyy easier than a 9/11 false flag.
  It's that easy.
6. Re:"Chinese hackers" by Anonymous Coward · 2014-03-28 09:09 · Score: 0
  
  Analysis of Competing Hypotheses is often used to detect deception by law enforcement and intelligence agencies. It might be reasonable to load what you know about the attack into an ACH matrix to see whether there is a means, motive, and opportunity or whether there is some undiscovered evidence yet to be found which would support a deception hypothesis.
7. Re:"Chinese hackers" by hey! · 2014-03-28 10:01 · Score: 2
  
  Good catch. We have to distinguish between vulnerabilities and threats. The exploitation of a vulnerability tells us next to nothing. Some people will twist a doorknob without thinking. But if someone particularly targets certain assets, like reporter email and phone logs, you can use that along with who the attacker targets to infer some pretty solid things about him.
  Journalists *should* have been on high alert years before Snowden, because their number one most dangerous threat a court order demanding they reveal their sources. The courts could physically seize the equipment of the reporter and his employer and search them well before the NSA started recording everything everywhere.
  
  --
  Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
8. Re:"Chinese hackers" by Anonymous Coward · 2014-03-28 12:32 · Score: 0
  
  Google actively tracks the countries that are launching these attacks...Huntley said Chinese hackers recently gained access to a major Western news organization..
  I'm frankly sick and tire of these dickless smarmy sychophant journalists kissing up to the Chicoms.
  How about some recognitions for the hard working state sponsored hackers in America, UK, Canada, ...instead of being fixated at sucking the dicks of the nouveau chic Chicoms.
9. Re:"Chinese hackers" by flyneye · 2014-03-29 02:48 · Score: 1
  
  Isnt the whole concept sort of akin to breaking into someones house to steal the contents of their toilet?
  
  --
  *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
Of course by Anonymous Coward · 2014-03-28 06:29 · Score: 0

Politics and the control of information, hence the population is obvious!
From the attacker's view... by BobMcD · 2014-03-28 06:43 · Score: 5, Insightful

From the attacker's view, this largely makes sense. The 'top 25 news organizations' are all deeply biased towards keeping the government happy, and even we Kool Aid drinking Americans are aware of it.
To an outsider, they're probably pretty hard to distinguish from state-run news.
1. Re:From the attacker's view... by ArcadeMan · 2014-03-28 06:55 · Score: 3, Funny
  
  In France, do they call Fox News "Faux News"?
  
  --
  Get free satoshi (Bitcoin) and Dogecoins
... And? by CanHasDIY · 2014-03-28 06:54 · Score: 1

So what? Are they going to start replacing the sensationalized drivel, designed to keep us divided against each other, with factual stories or something?
As a person who typically avoids the "Top news organizations," I have a really, really hard time A) understanding what the problem is, and B) caring.

--
An enigma, wrapped in a riddle, shrouded in bacon and cheese
1. Re:... And? by click2005 · 2014-03-28 06:59 · Score: 1
  
  The problem is that Google seems to be routinely reading the email accounts of people working at 'Top News Organizations'. This isn't just random automated scanning but a deliberate invasion of privacy.
  
  --
  I am a free slashdotter. I will not be modded, blogged, DRM'd, patented, podcasted or RFID'd. My life is my own.
E-Mail Communications by Anonymous Coward · 2014-03-28 07:23 · Score: 1

The "problem" here is that e-mail is such a mind-boggling useful way to communicate that its benefits outweigh its security risks. Yes there are lots of solutions (if only everyone would implementing them), but what is really needed is a new mind-boggling useful communication tool that is secure by design.
And it ain't some closed proprietary system like Facebook or Twitter.
captcha: distort
1000+ years of dark matters to keep hidden by Anonymous Coward · 2014-03-28 07:49 · Score: 0

aka the teepeeleaks etchings http://www.youtube.com/results?search_query=unrepentant&sm=3 our legacy & leavings for our kids etc... never a better time to consider ourselves in relation to each other, our surroundings, creation & it's earth based rep. momkind featuring new clear options for us billions of uchosens,, like no bomb us more mom us,, free the innocent stem cells,, rescue the world's millions of starving diaper addicts,,, & other non-lethal stuff. little miss dna cannot be wrong.. see you there?
Makes Sense by Anonymous Coward · 2014-03-28 09:03 · Score: 0

There are probably a lot of NOCs working in news organizations throughout the world. It's perfect cover for gathering information. News organizations also don't publish everything they know so that is another source of information for the attacker. The attacker could also find out if they have leaks coming from their own organization. Propaganda is another piece of the puzzle.
Most attacks involve Windows users .. by DTentilhao · 2014-03-28 10:30 · Score: 2

"Most such attacks involve carefully crafted emails carrying malware or directing users to a website crafted to trick them into giving up credentials"