Forgot your password?
typodupeerror
China Security Your Rights Online Politics

Chinese Hack New York Times 116

Posted by samzenpus
from the protect-ya-neck dept.
Rick Zeman writes "According to a headline article in the New York Times, they admit to being hacked by the Chinese, and covers the efforts of Mandiant to investigate, and then to eradicate their custom Advanced Persistent Threats (APT). This was alleged to be in reaction to an article which details the sleazy business dealings of the family of Wen Jiabao, China's newest Prime Minister. China's Ministry of National Defense said in denial, 'Chinese laws prohibit any action including hacking that damages Internet security.'" Update: 01/31 15:00 GMT by T : The Times used Symanetic's suite of malware protection software; Symantec has issued a statement that could be taken as slightly snippy about its role in (not) preventing the spyware from taking hold.
This discussion has been archived. No new comments can be posted.

Chinese Hack New York Times

Comments Filter:
  • by tokencode (1952944) on Thursday January 31, 2013 @09:14AM (#42749651)
    Since they already have access, the NYTimes can just outsource the writing to China. This will reduce labor costs and save China the trouble of filtering articles they do not like. Think of all the new potential readers....
  • by Pollardito (781263) on Thursday January 31, 2013 @09:19AM (#42749699)
    Maybe they were just trying to read the many witticisms of David Brooks and Maureen Dowd?
    • by dkleinsc (563838) on Thursday January 31, 2013 @09:54AM (#42750009) Homepage

      Wait, that gives me an idea! We'll confuse our enemies with New York Times columns that are wildly inaccurate or simply have no bearing on reality at all. It's really easy too - all we need to do is hire back Tom Friedman.

      • by Anonymous Coward

        He's still there; his column is on Sunday and Wednesday.

        He's not the worst of the bunch (I'd probably give that "honor" to Ross Douthat) but he's certainly an embarrassment to the paper.

      • They do not even need to do that, they still have former Enron adviser, Paul Krugman.
        • by Maudib (223520)

          Oh you mean form Reagan adviser Paul Krugman?

          • by Attila Dimedici (1036002) on Thursday January 31, 2013 @02:08PM (#42752929)
            Which tells you more about Ronald Reagan's willingness to listen to people who disagreed with him than it does about Krugman's expertise. If you look at what Krugman says about his time working in the Reagan Administration (as an adviser to an adviser) you discover that he claims that even then he thought the answer to problems was more government as opposed to Reagan who thought the cause of most problems was government..
        • by dkleinsc (563838)

          Yeah, about that: Paul Krugman on his work for Enron [pkarchive.org].

          He's advised a lot of other people too. Point being that if you think he was bought off (for a measly $37K, which given that he's probably a millionaire is basically chump change), you're probably wrong. He's also explicitly mentioned his work whenever he's written about it.

        • by geekoid (135745)

          Paul Krugman went to the Times after Enron, so in your attempt to look clever you only look stupid.
          Maybe you should stop watching Fox 'News', shut your dick holster, and learn to think for yourself?

          • Paul Krugman went to the Times after Enron

            Where he promptly started writing about how evil, or stupid everyone associated with Enron management was for not blowing the whistle on what was going on, while carefully avoiding mentioning that he had spent several years as a paid adviser to those very same management people and never once noticed any of the problems (or chose to keep quiet about them) with their financial dealings.

      • by daem0n1x (748565)

        columns that are wildly inaccurate or simply have no bearing on reality at all.

        Fox News China Edition?

    • by T.E.D. (34228)
      More likely they thought there must be some secret information on their servers that explains why they say the crap they do. They can't possibly really be that stupid.
  • by Anonymous Coward

    Maybe the Chinese hacked Slashdot, that would explain why this story appears here 12 hours after everywhere else?

    • Maybe the Chinese hacked my tax returns, hmm Uncle Sam? Got nothing to say to that do ya.

    • by Rick Zeman (15628)

      Maybe the Chinese hacked Slashdot, that would explain why this story appears here 12 hours after everywhere else?

      I guess the editors were asleep, or they saved it for morning for maximum visibility. I submitted it last night.

  • It's been the Commie Times for a while now...
  • 'Governor Jiabao. I should have expected to find you holding General Mingfu's leash. Do you realize the more your hackers attack our free (well mostly free) press, the more we will think you're are carrying on like a pack of spoiled brats unfit to replace America as the world's superpower?' http://www.businessinsider.com/chinese-general-ominously-warns-australia-not-to-side-with-the-us-tiger-2013-1 [businessinsider.com]
  • the weak link(s) (Score:4, Insightful)

    by DrProton (79239) on Thursday January 31, 2013 @10:25AM (#42750251)

    The article makes no mention of the operating system of the compromised computers. This would be like an article on safety faults in automobiles that did not mention the make and model. Can't we have better security reporting from the grey lady? There is mention of a "domain controller" that was compromised to obtain password hashes and that a rainbow table must have been used to crack passwords. Is there anyone who does not think that it was windows computers that were compromised? I can't help wondering if M$ and the NYT have some sort of agreement about how they report on computer security.

    • Re:the weak link(s) (Score:4, Informative)

      by Anonymous Coward on Thursday January 31, 2013 @01:05PM (#42752075)

      The article makes no mention of the operating system of the compromised computers. This would be like an article on safety faults in automobiles that did not mention the make and model. Can't we have better security reporting from the grey lady? There is mention of a "domain controller" that was compromised to obtain password hashes and that a rainbow table must have been used to crack passwords. Is there anyone who does not think that it was windows computers that were compromised? I can't help wondering if M$ and the NYT have some sort of agreement about how they report on computer security.

      The articles make it pretty clear that the vulnerabilities that were exploited was (A) social engineering and (B) excessive user privileges, not an OS or application flaw. It was nothing but a targeted email worm. This kind of thing could have easily been prevented on Windows with proper policies, and would have happened just as easily on a similarly (mis-)configured Mac or Linux machine.

      In other words, the weak link is what they always were: the users.

  • by Squidlips (1206004) on Thursday January 31, 2013 @10:40AM (#42750377)
    Why do we keep putting up with this crap and not fighting back? Let's add a stiff import tariff on Chinese junk which would increase revenues and add jobs to this country.
    • by ak3ldama (554026)
      The delusionals tell everyone we want a free market. Oh by the way we need to pass that new farm bill!
    • We don't see that. Our elites are as low and worthless as junkies, because they are hopelessly, terminally addicted to cheap labour.

    • by Skiron (735617)
      Who uses Chinese Junks? I thought you guys used canoes like in the film "The 'squeal like a pig' Deliverance"
    • by AmiMoJo (196126) *

      The US started the cyber cold-war, this is retaliation against YOUR attacks.

      • by geekoid (135745)

        Don't be stupid. Attacks have been coming from China* for well over a decade. The US has recently responded to them.

        *Meaning people in China, not as an official China government attack.

    • because Walmart doesn't want it.
  • After all, removing information damaging to the prime minister improves "internet security", not damages it ;-)

  • by Anonymous Coward

    So that's why all the NY Times Editorials read like commie propaganda!

  • The BBC is reporting [bbc.co.uk] that it was windows computers that were compromised. They quote Graham Cluley, a tech consultant at Sophos. All compromised computers were "thrown out and replaced." All passwords were changed. Another article [bbc.co.uk] reports that the hackers would begin working at 0800 Beijing time..

    • Re: (Score:2, Informative)

      by Anonymous Coward

      The linked articles say no such thing. You need to read more critically. The BBC quoted a guy from Sophos, who wasn't involved in any way, making some general statements about Windows machines. It doesn't say anything about what OS was compromised in this attack.

      From your link : "Graham Cluley, senior technology consultant at security company Sophos, which often helps companies cope with intrusions by hackers, "

      Note that he's not directly related to this story in any way. They wanted a quote from a "comput

  • Aren't these Communists delicate little flowers? Amazingly thin skinned, even though they block anything even vaguely political from mainland China.

    I think they are a bunch of stupid Third World pussies, with stupid Third World attitudes. No wonder they're Pakistan's only friend in the world. It takes a dirty, illiterate loser to know one.

  • by Anonymous Coward

    The Times used Symanetic's suite of malware protection software; Symantec has issued a statement that could be taken as slightly snippy about its role in (not) preventing the spyware from taking hold.

    Can't say as I blame them. A friend at Symantec who's been involved in the NYT relationship was saying that they've spent over a year trying to get NYT's IT dept to update to SEP v12 to no avail, despite repeated warnings that v12 would catch malware exactly like this. Given that they turned the intrusion into

  • by sasparillascott (1267058) on Thursday January 31, 2013 @11:55AM (#42751165)
    Symentec, who's software didn't identify but one of the 45 pieces of malware installed, tried to imply it was the NY Times fault, saying the anti-virus isn't enough (although once such stuff is installed the antivirus should be able to find and eliminate it...that's what they sell it for, right?) - I wonder if Symentec's software can identify all or even most of the malware now, yet? The average user is just so far out in the woods, its obvious most of the anti-malware software (even the biggies like Symentec) are not remotely successful at catching or preventing such attacks (since they obviously won't just be used by the Chinese govt hackers forever).
  • by StormyWeather (543593) on Thursday January 31, 2013 @01:15PM (#42752227) Homepage

    Dang, Symantec has really been improving their products lately. That's much better than I've gotten out of them.

    • Perhaps they should try AppGuard [blueridge.com], which stops zero-day attacks. (Shill disclaimer: I used to work for the company that produces AppGuard.)
  • so did they try sending themselves some PDF documents about the chinese leaders business dealings, under the email alias of some of the chinese prime ministers friends..? loaded with a few customized malware of their own, or not. after all you just sent it to yourself, right?

  • The Times detailed its assertions in a long article posted to the front of its Website Jan. 30. The attacks apparently began in early September, as the probe into Wen’s family approached its conclusion. While the hackers could have “wrecked havoc on our systems,” according to Times CIO Marc Frons, they focused on infiltrating dozens of employee computers.

    Unfortunately, they wreaked havoc on their grammar and spelling.

  • Great NYT Article! (Score:5, Informative)

    by Midnight_Falcon (2432802) on Thursday January 31, 2013 @03:04PM (#42753573)
    Amidst all the discussion of the paywall and how long it took slashdot to post this, I think the real point here has been missed:
    The New York Times wrote a GREAT article disclosing in full, with technical detail, how they were compromised.

    Kudos to them for this in-depth transparency.

    The article described in detail how targeted malware attacks were brought against NYT employees. Those were launched from compromised university computers within the US. From there, the custom malware allowed them to hack a Windows AD Domain Controller, and obtain the NTLM hashes. They ran the NTLM hashes against a rainbow table and got 56 user passwords that they used for VPN access.

    From there, they were tracked by a security consulting company using an intrusion detection system. They employed a great strategy of not knee-jerk kicking the hackers out, but of watching their moves and determining the scope of compromise. They used forensics hard drive analysis to recover logs and figure out exactly what data was being accessed.

    Sounds like what I would do if I was called in for incident response. Except, NONE of my clients would ever allow a story of this detail to be published!!!

    Hats off to the NYT for this level of transparency.

  • by dweller_below (136040) on Thursday January 31, 2013 @06:25PM (#42756067)
    I do computer and network security for USU (Utah State University).

    If USU is any indication, China constantly attacks universities. China accounts for at least 1/2 of all attack that arrives at the USU border. See: https://it.wiki.usu.edu/20120301_ScanSummary [usu.edu]

    Many of these attack appear to require favorable quality of service packet delivery. We frequently see flawless packet delivery in high speed Chinese scans and Chinese vulnerability assessments. Currently, we are receiving a comprehensive Chinese vulnerability assessment every 5 days. It would be a great service if we had paid for it. And if they would share the results with us :) See: https://it.wiki.usu.edu/20120101_China_Test [usu.edu]

    Miles

  • First thing I thought of as I read TFA was: The Cuckoo's Egg [wikipedia.org]

In any formula, constants (especially those obtained from handbooks) are to be treated as variables.

Working...