Welcome to WebmasterWorld Guest from 50.16.24.12

Forum Moderators: incrediBILL & lawman

Chinese Hackers Break Into New York Times Over Four Months

   
3:23 pm on Jan 31, 2013 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



It's an interesting article, and also worth noting that the team at NYT were monitoring the activity and thereby strengthening their defences.

For the last four months, Chinese hackers have persistently attacked The New York Times, infiltrating its computer systems and getting passwords for its reporters and other employees.

After surreptitiously tracking the intruders to study their movements and help erect better defenses to block them, The Times and computer security experts have expelled the attackers and kept them from breaking back in.

Chinese Hackers Break Into New York Times Over Four Months [nytimes.com]
The hackers tried to cloak the source of the attacks on The Times by first penetrating computers at United States universities and routing the attacks through them, said computer security experts at Mandiant, the company hired by The Times. This matches the subterfuge used in many other attacks that Mandiant has tracked to China.

The attackers first installed malware — malicious software — that enabled them to gain entry to any computer on The Times’s network. The malware was identified by computer security experts as a specific strain associated with computer attacks originating in China.
4:08 pm on Jan 31, 2013 (gmt 0)

WebmasterWorld Senior Member



Doh! I just made a comment in another thread about trusting sites like theirs and not worrying about running Javascript on them.
6:29 pm on Jan 31, 2013 (gmt 0)

WebmasterWorld Senior Member



That link posted by engine didn't allow me access. It's behind a paywall. Here's an alternate for others who may not be able to get in either [foxbusiness.com...] Period
9:00 pm on Jan 31, 2013 (gmt 0)

WebmasterWorld Senior Member henry0 is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I get it delivered thus some account info are probably within reach.
Wondering if personal users details have been accessed?
9:14 pm on Jan 31, 2013 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



real world "hacking":
[shoemoney.com...]

most people use the same, easy password everywhere... snag it on place, and start...

we like to imagine we're secure and they're very smart, many times, we're stupid, and they're just smart enough to know that about us.
4:02 am on Feb 1, 2013 (gmt 0)

WebmasterWorld Senior Member sgt_kickaxe is a WebmasterWorld Top Contributor of All Time 5+ Year Member



Rhino, linking a two year old Shoemoney article that tells people how to hack?

I think the topic is more about how the NYTimes handled an attack than to teach people how to hack.

Anyway, my question is why are these people above the law? Surely we have good enough relations with China to help them get the mud off their name when it comes to being accused of hacking scandals? A little justice and punishment would go a long way and had the perpetrator lived in the U.S. they'd be in court or jail already.
3:06 pm on Feb 1, 2013 (gmt 0)

5+ Year Member



I work in a university, and I've actually been monitoring an extreme and increasing number of hacking attempts against our public-facing site recently--on the order of 150 malicious requests per day, and this directed at a fairly small university. Many attempts were very sophisticated and targeted at known vulnerabilities in our specific CMS, and even specific components and plugins within our CMS.

If we hadn't beefed up our security lately, our server would have been compromised as well. As it stands, we've been monitoring and blacklisting IP addresses at the rate of about 10 per day, mostly from China, though there's been a frightening number of attempts from other universities and US-based hosting companies as well.

Hopefully The Times' revelation will slow down the frantic attempts to compromise our server as well... Could just be wishful thinking on my part, though.
5:33 pm on Feb 1, 2013 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



the point of my post is that i'd bet a ton that people working at the NYT made it VERY easy for the bad guys to access their network.

and the point of making that point, use the same password everywhere, like most people, and you (almost) deserve to be "hacked".
5:36 pm on Feb 1, 2013 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



and the article doesn't teach people to hack, it reminds everyone that you're not actually hacked most often.

instead, you're lazy with passwords and security, you broadcast your data everywhere for anyone to see - they don't need to "hack" you, you're giving out your info.
3:35 pm on Feb 2, 2013 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



that the team at NYT were monitoring the activity..

strongly doubt that. yeah, everything under control - says who? the nyt.
8:49 am on Feb 4, 2013 (gmt 0)

5+ Year Member



Wouldn't it be great if the article itself was written and uploaded by the Chinese hackers themselves.
1:23 am on Feb 5, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



that the team at NYT were monitoring the activity..

strongly doubt that. yeah, everything under control - says who? the nyt.


I know some very smart/sharp people that work in IT at NYT, and would not doubt that statement.
6:38 pm on Feb 8, 2013 (gmt 0)



No doubt it is incredibly hard to confirm who is behind an internet attack like this.Even if China is identified as the kick off point of an attack,it doesn't actually confirm that it the function is supported by the China govt or intellect services.
 

Featured Threads

My Threads

Hot Threads This Week

Hot Threads This Month

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved