homepage Welcome to WebmasterWorld Guest from 54.211.219.20
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Local / Foo
Forum Library, Charter, Moderators: incrediBILL & lawman

Foo Forum

    
Chinese Hackers Break Into New York Times Over Four Months
engine

WebmasterWorld Administrator engine us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



 
Msg#: 4540944 posted 3:23 pm on Jan 31, 2013 (gmt 0)

It's an interesting article, and also worth noting that the team at NYT were monitoring the activity and thereby strengthening their defences.

For the last four months, Chinese hackers have persistently attacked The New York Times, infiltrating its computer systems and getting passwords for its reporters and other employees.

After surreptitiously tracking the intruders to study their movements and help erect better defenses to block them, The Times and computer security experts have expelled the attackers and kept them from breaking back in.

Chinese Hackers Break Into New York Times Over Four Months [nytimes.com]
The hackers tried to cloak the source of the attacks on The Times by first penetrating computers at United States universities and routing the attacks through them, said computer security experts at Mandiant, the company hired by The Times. This matches the subterfuge used in many other attacks that Mandiant has tracked to China.

The attackers first installed malware — malicious software — that enabled them to gain entry to any computer on The Times’s network. The malware was identified by computer security experts as a specific strain associated with computer attacks originating in China.

 

SevenCubed

WebmasterWorld Senior Member



 
Msg#: 4540944 posted 4:08 pm on Jan 31, 2013 (gmt 0)

Doh! I just made a comment in another thread about trusting sites like theirs and not worrying about running Javascript on them.

SevenCubed

WebmasterWorld Senior Member



 
Msg#: 4540944 posted 6:29 pm on Jan 31, 2013 (gmt 0)

That link posted by engine didn't allow me access. It's behind a paywall. Here's an alternate for others who may not be able to get in either [foxbusiness.com...] Period

henry0

WebmasterWorld Senior Member henry0 us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4540944 posted 9:00 pm on Jan 31, 2013 (gmt 0)

I get it delivered thus some account info are probably within reach.
Wondering if personal users details have been accessed?

RhinoFish

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4540944 posted 9:14 pm on Jan 31, 2013 (gmt 0)

real world "hacking":
[shoemoney.com...]

most people use the same, easy password everywhere... snag it on place, and start...

we like to imagine we're secure and they're very smart, many times, we're stupid, and they're just smart enough to know that about us.

Sgt_Kickaxe

WebmasterWorld Senior Member sgt_kickaxe us a WebmasterWorld Top Contributor of All Time



 
Msg#: 4540944 posted 4:02 am on Feb 1, 2013 (gmt 0)

Rhino, linking a two year old Shoemoney article that tells people how to hack?

I think the topic is more about how the NYTimes handled an attack than to teach people how to hack.

Anyway, my question is why are these people above the law? Surely we have good enough relations with China to help them get the mud off their name when it comes to being accused of hacking scandals? A little justice and punishment would go a long way and had the perpetrator lived in the U.S. they'd be in court or jail already.

WesleyC

5+ Year Member



 
Msg#: 4540944 posted 3:06 pm on Feb 1, 2013 (gmt 0)

I work in a university, and I've actually been monitoring an extreme and increasing number of hacking attempts against our public-facing site recently--on the order of 150 malicious requests per day, and this directed at a fairly small university. Many attempts were very sophisticated and targeted at known vulnerabilities in our specific CMS, and even specific components and plugins within our CMS.

If we hadn't beefed up our security lately, our server would have been compromised as well. As it stands, we've been monitoring and blacklisting IP addresses at the rate of about 10 per day, mostly from China, though there's been a frightening number of attempts from other universities and US-based hosting companies as well.

Hopefully The Times' revelation will slow down the frantic attempts to compromise our server as well... Could just be wishful thinking on my part, though.

RhinoFish

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4540944 posted 5:33 pm on Feb 1, 2013 (gmt 0)

the point of my post is that i'd bet a ton that people working at the NYT made it VERY easy for the bad guys to access their network.

and the point of making that point, use the same password everywhere, like most people, and you (almost) deserve to be "hacked".

RhinoFish

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4540944 posted 5:36 pm on Feb 1, 2013 (gmt 0)

and the article doesn't teach people to hack, it reminds everyone that you're not actually hacked most often.

instead, you're lazy with passwords and security, you broadcast your data everywhere for anyone to see - they don't need to "hack" you, you're giving out your info.

moTi

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4540944 posted 3:35 pm on Feb 2, 2013 (gmt 0)

that the team at NYT were monitoring the activity..

strongly doubt that. yeah, everything under control - says who? the nyt.

bhonda

5+ Year Member



 
Msg#: 4540944 posted 8:49 am on Feb 4, 2013 (gmt 0)

Wouldn't it be great if the article itself was written and uploaded by the Chinese hackers themselves.

blend27

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4540944 posted 1:23 am on Feb 5, 2013 (gmt 0)

that the team at NYT were monitoring the activity..

strongly doubt that. yeah, everything under control - says who? the nyt.


I know some very smart/sharp people that work in IT at NYT, and would not doubt that statement.

Alexander8100



 
Msg#: 4540944 posted 6:38 pm on Feb 8, 2013 (gmt 0)

No doubt it is incredibly hard to confirm who is behind an internet attack like this.Even if China is identified as the kick off point of an attack,it doesn't actually confirm that it the function is supported by the China govt or intellect services.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Local / Foo
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved