Chinese Hack New York Times 116
Rick Zeman writes "According to a headline article in the New York Times, they admit to being hacked by the Chinese, and covers the efforts of Mandiant to investigate, and then to eradicate their custom Advanced Persistent Threats (APT). This was alleged to be in reaction to an article which details the sleazy business dealings of the family of Wen Jiabao, China's newest Prime Minister. China's Ministry of National Defense said in denial, 'Chinese laws prohibit any action including hacking that damages Internet security.'" Update: 01/31 15:00 GMT by T : The Times used Symanetic's suite of malware protection software; Symantec has issued a statement that could be taken as slightly snippy about its role in (not) preventing the spyware from taking hold.
Re: (Score:2)
Was the spokesman related to Baghdad Bob?
Re: (Score:3)
They most certainly do have laws.
They protect the parties members, the corrupt elite and those Chinese who want to confiscate a foreigners businesses.
But, you will find them and the process opaque, haphazard, arbitrary and shockingly harsh... unless of course you are a senior party member, in which case none of this applies to you.
Re:Chinese Laws (Score:5, Funny)
This sounds a lot like US laws.
Re: (Score:2)
An incompetent or negligent food inspector should be executed, though. He/she might have the lives of tens of thousands of people in his hands, but because he's bored, or hung over, or whatever, he doesn't see the slime growing under the conveyor belt, on which lies tons of raw meat. Slowly, ever so slowly, the slime advances, reaching out for that succulent chicken . . .
Re: (Score:2)
Obligatory Zappa quote (Score:3)
This sounds a lot like US laws.
“The United States is a nation of laws, badly written and randomly enforced.”
- Frank Zappa
Since they have access... (Score:5, Funny)
Great Paywall of NYT (Score:5, Funny)
Re: (Score:3)
Re:Great Paywall of NYT (Score:4, Insightful)
Wait, that gives me an idea! We'll confuse our enemies with New York Times columns that are wildly inaccurate or simply have no bearing on reality at all. It's really easy too - all we need to do is hire back Tom Friedman.
Re: (Score:1)
He's still there; his column is on Sunday and Wednesday.
He's not the worst of the bunch (I'd probably give that "honor" to Ross Douthat) but he's certainly an embarrassment to the paper.
Re: (Score:2)
Re: (Score:3)
Oh you mean form Reagan adviser Paul Krugman?
Re:Great Paywall of NYT (Score:4, Informative)
Re: (Score:3)
Yeah, about that: Paul Krugman on his work for Enron [pkarchive.org].
He's advised a lot of other people too. Point being that if you think he was bought off (for a measly $37K, which given that he's probably a millionaire is basically chump change), you're probably wrong. He's also explicitly mentioned his work whenever he's written about it.
Re: (Score:2)
Paul Krugman went to the Times after Enron, so in your attempt to look clever you only look stupid.
Maybe you should stop watching Fox 'News', shut your dick holster, and learn to think for yourself?
Re: (Score:2)
Paul Krugman went to the Times after Enron
Where he promptly started writing about how evil, or stupid everyone associated with Enron management was for not blowing the whistle on what was going on, while carefully avoiding mentioning that he had spent several years as a paid adviser to those very same management people and never once noticed any of the problems (or chose to keep quiet about them) with their financial dealings.
Re: (Score:3)
columns that are wildly inaccurate or simply have no bearing on reality at all.
Fox News China Edition?
Re: (Score:2)
Re: (Score:2)
Re:I don't believe it (Score:4, Informative)
They are officially communist, but unlike the USSR they were able to acknowledge that communism isn't always the best solution to every problem and turn to market solutions when appropriate.
Chinese hack Slashdot? (Score:1)
Maybe the Chinese hacked Slashdot, that would explain why this story appears here 12 hours after everywhere else?
Re: (Score:1)
Maybe the Chinese hacked my tax returns, hmm Uncle Sam? Got nothing to say to that do ya.
Re: (Score:2)
Maybe the Chinese hacked Slashdot, that would explain why this story appears here 12 hours after everywhere else?
I guess the editors were asleep, or they saved it for morning for maximum visibility. I submitted it last night.
Favors? Surely You Jest! (Score:5, Insightful)
Okay, shooting people is illegal, but shooting people to protect others from getting shot is not. Compromising internet security is illegal in China, but hacking to "protect" the Chinese people from having their leader's security compromised must be okay, right?
Lethal force is only okay in very specific scenarios -- usually when lethal force is first presented by the attacker. Could you explain what the New York Times did that warranted the use of hacking? Did the New York Times hack the Chinese government? Did the New York Times even threaten to hack the Chinese government?
Obviously, there is nothing worse than having your leader's integrity challenged, so they are doing everybody a favor by hacking the Times.
Actually, I can think of a good deal many things that are worse than having my leader's integrity challenged. Truth be told, I quite enjoy my leader's integrity being challenged -- especially if there is fact behind it. The Western world enjoys this over-scrutiny of our leaders. Here's a worse scenario than your leader's integrity being challenged: your leader actually is corrupt and nobody's able to investigate it!
The only favor they're doing us by hacking the New York Times is showing the world that they believe their control of the media transcends their national borders. By paying petty lip service to their own laws (which are often subjective and which they feel they are above), the Chinese government is telling the foreign presses that they better fall in step with their mouthpieces or they will be hacked.
It's quite sickening and I find no way at all to view this as acceptable. This is an international attack on our constitutional values -- most notably freedom of speech.
Re:Favors? Surely You Jest! (Score:4, Insightful)
I think you're missing his sarcasm with the word "obviously."
--
BMO
Re:Favors? Surely You Jest! (Score:4, Funny)
He's obviously serious. Obviously.
--
BMO
Re: (Score:1)
Re: (Score:3)
It's quite sickening and I find no way at all to view this as acceptable. This is an international attack on our constitutional values -- most notably freedom of speech.
The capitalist dogs' attack on our noble way of life is what is unacceptable. Their slanderous lies constitute an international attack on our cultural values — and they must not be tolerated! Signed, the Chinese government.
Re: (Score:2)
Could you explain what the New York Times did that warranted the use of hacking?
Hired hack writers?
Re: (Score:2)
Given some of the history of the New York Times (the Pentagon Papers, Wikileaks), I have this funny feeling that they aren't just dealing with foreign governments hacking their systems.
hacked? Try infiltrated (Score:1)
Oh Behave! (Score:2)
the weak link(s) (Score:4, Insightful)
The article makes no mention of the operating system of the compromised computers. This would be like an article on safety faults in automobiles that did not mention the make and model. Can't we have better security reporting from the grey lady? There is mention of a "domain controller" that was compromised to obtain password hashes and that a rainbow table must have been used to crack passwords. Is there anyone who does not think that it was windows computers that were compromised? I can't help wondering if M$ and the NYT have some sort of agreement about how they report on computer security.
Re:the weak link(s) (Score:4, Informative)
The article makes no mention of the operating system of the compromised computers. This would be like an article on safety faults in automobiles that did not mention the make and model. Can't we have better security reporting from the grey lady? There is mention of a "domain controller" that was compromised to obtain password hashes and that a rainbow table must have been used to crack passwords. Is there anyone who does not think that it was windows computers that were compromised? I can't help wondering if M$ and the NYT have some sort of agreement about how they report on computer security.
The articles make it pretty clear that the vulnerabilities that were exploited was (A) social engineering and (B) excessive user privileges, not an OS or application flaw. It was nothing but a targeted email worm. This kind of thing could have easily been prevented on Windows with proper policies, and would have happened just as easily on a similarly (mis-)configured Mac or Linux machine.
In other words, the weak link is what they always were: the users.
Time for import tariffs (Score:3)
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
The US started the cyber cold-war, this is retaliation against YOUR attacks.
Re: (Score:2)
Don't be stupid. Attacks have been coming from China* for well over a decade. The US has recently responded to them.
*Meaning people in China, not as an official China government attack.
Re: (Score:2)
Re: (Score:1)
that's not actually a denial (Score:2)
After all, removing information damaging to the prime minister improves "internet security", not damages it ;-)
So That's why! (Score:1)
So that's why all the NY Times Editorials read like commie propaganda!
it was windows (Score:2)
The BBC is reporting [bbc.co.uk] that it was windows computers that were compromised. They quote Graham Cluley, a tech consultant at Sophos. All compromised computers were "thrown out and replaced." All passwords were changed. Another article [bbc.co.uk] reports that the hackers would begin working at 0800 Beijing time..
Re: (Score:2)
You can lock down windows computers just as well as anything else.
The attack they used would have worked on any computer not properly locked down. This was a direct attack from a private group in response to a iImes story. As such, the could have crafted the attack anyway they chose to.
Re: (Score:2, Informative)
The linked articles say no such thing. You need to read more critically. The BBC quoted a guy from Sophos, who wasn't involved in any way, making some general statements about Windows machines. It doesn't say anything about what OS was compromised in this attack.
From your link : "Graham Cluley, senior technology consultant at security company Sophos, which often helps companies cope with intrusions by hackers, "
Note that he's not directly related to this story in any way. They wanted a quote from a "comput
Re: (Score:2)
Snippy Symantec? (Score:1)
Can't say as I blame them. A friend at Symantec who's been involved in the NYT relationship was saying that they've spent over a year trying to get NYT's IT dept to update to SEP v12 to no avail, despite repeated warnings that v12 would catch malware exactly like this. Given that they turned the intrusion into
Steve Bennett (Score:2)
Steve Bennett - is that you? Don't spread rumours anonymously.
Gotta love Symentec's comment (Score:3, Interesting)
Detected 1 out of 45 malicious items? (Score:3)
Dang, Symantec has really been improving their products lately. That's much better than I've gotten out of them.
Re: (Score:1)
glorious chinese (Score:1)
so did they try sending themselves some PDF documents about the chinese leaders business dealings, under the email alias of some of the chinese prime ministers friends..? loaded with a few customized malware of their own, or not. after all you just sent it to yourself, right?
followup (Score:2)
The Times detailed its assertions in a long article posted to the front of its Website Jan. 30. The attacks apparently began in early September, as the probe into Wen’s family approached its conclusion. While the hackers could have “wrecked havoc on our systems,” according to Times CIO Marc Frons, they focused on infiltrating dozens of employee computers.
Unfortunately, they wreaked havoc on their grammar and spelling.
Great NYT Article! (Score:5, Informative)
The New York Times wrote a GREAT article disclosing in full, with technical detail, how they were compromised.
Kudos to them for this in-depth transparency.
The article described in detail how targeted malware attacks were brought against NYT employees. Those were launched from compromised university computers within the US. From there, the custom malware allowed them to hack a Windows AD Domain Controller, and obtain the NTLM hashes. They ran the NTLM hashes against a rainbow table and got 56 user passwords that they used for VPN access.
From there, they were tracked by a security consulting company using an intrusion detection system. They employed a great strategy of not knee-jerk kicking the hackers out, but of watching their moves and determining the scope of compromise. They used forensics hard drive analysis to recover logs and figure out exactly what data was being accessed.
Sounds like what I would do if I was called in for incident response. Except, NONE of my clients would ever allow a story of this detail to be published!!!
Hats off to the NYT for this level of transparency.
Re: (Score:2)
As someone who is very critical of the media and sides with Noam Chomsky's critiques of American media, The NYT is the least "propaganda-y" publication available in America.
If you would like to prove your point about NYT editors being explicitly propagandists and implicitly liars who have something to hide, please answer me this question: What is wrong with the Sulzberger family?
China constantly attacks universities. (Score:3)
If USU is any indication, China constantly attacks universities. China accounts for at least 1/2 of all attack that arrives at the USU border. See: https://it.wiki.usu.edu/20120301_ScanSummary [usu.edu]
Many of these attack appear to require favorable quality of service packet delivery. We frequently see flawless packet delivery in high speed Chinese scans and Chinese vulnerability assessments. Currently, we are receiving a comprehensive Chinese vulnerability assessment every 5 days. It would be a great service if we had paid for it. And if they would share the results with us :) See: https://it.wiki.usu.edu/20120101_China_Test [usu.edu]
Miles
The Cuckoo's Egg (Score:2)
First thing I thought of as I read TFA was: The Cuckoo's Egg [wikipedia.org]
Re:Must be bullshit (Score:5, Informative)
Everyone knows the hacking threat is made up by the US government, as I am continually reminded every time I try to talk about it.
No, it's not bullshit. I don't know how you draw that conclusion. I look at my family business' firewall logs and see lots of intrusion attempts coming from Chinese IP addresses. It got so bad that I moved the company's website to a VPS and moved our mail server to a cloud-based solution. Now, we just block all foreign IP addresses at the firewall by default.
Re:Must be bullshit (Score:4, Interesting)
I'm glad to hear I'm not the only person to do this. I block the entire country of China. Their hacking attempts outnumbered legit requests by a factor of 50 to 1.
Why doesn't the great firewall of China work the other way around?
Re:Must be bullshit (Score:5, Informative)
I block the entire country of China.
If you read the article, you'll notice that they used hacked machines at US universities as a jumping off point.
Re: (Score:2)
Re: (Score:2)
No kidding.. I took down the firewall on my router (comcast connection) to test some VPN stuff.. instead of doing a port forward etc.
I was doing this from the in-laws house to my house, and within just a couple minutes I saw attempts from china on the SSH and IPsec/L2TP ports (linux box's firewall was set so you couldn't access the L2TP outside of an IPsec tunnel).
Even after turning the firewall back on, they must have somehow (automated?) realized there was a machine they could access but not log into yet.
WOOOOSSSHH (Score:2)
I cannot imagine how you drew the conclusion that he drew that conclusion.
Re: (Score:2, Troll)