Forgot your password?
typodupeerror
China Security The Media IT

Washington Post: We Were Also Hacked By the Chinese 135

Posted by Soulskill
from the they-just-want-to-fit-in dept.
tsu doh nimh writes "A sophisticated cyberattack targeted The Washington Post in an operation that resembled intrusions against other major American news organizations and that company officials suspect was the work of Chinese hackers, the publication acknowledged on Friday. The disclosure came just hours after a former Post employee shared information about the break-in with ex-Postie reporter Brian Krebs, and caps a week marked by similar stories from The New York Times and The Wall Street Journal. Krebs cites a former Post tech worker saying that the publication gave one of its hacked servers to the National Security Agency for analysis, a claim that the Post's leadership denies. The story also notes that the Post relied on software from Symantec, the same security software that failed to detect intrusions at The New York Times for many months."
This discussion has been archived. No new comments can be posted.

Washington Post: We Were Also Hacked By the Chinese

Comments Filter:
  • Yea. Me Too. (Score:3, Insightful)

    by Anonymous Coward on Saturday February 02, 2013 @11:38AM (#42771131)

    I need some attention too!

    What I have derived form this past weeks revelations.

    1. The Chinese have no problem gaining access to what ever computer networks they wish to.

    2. They seem to be most interested in themselves, kinda like creeping other people's Facebook to see what they say about you.

    3. So far, they haven't found anything worth their time.

    4. Organizations seem to feel that since they discovered something on their networks, they have discovered everything on their networks.

    5. Fail.

    • The Onion, America's Finest News Source, recently posted an article saying they'd also given all their passwords to the Chinese.

  • Attack details? (Score:4, Interesting)

    by griffjon (14945) <{GriffJon} {at} {gmail.com}> on Saturday February 02, 2013 @11:38AM (#42771135) Homepage Journal

    Has anyone seen any details on how to detect this specific method of attack, malware signatures, or similar? Cause that just might be of use, seeing the widespread nature of this.

    Also, who hasn't been attacked? Bueller? Bueller?

    • by Anonymous Coward

      I know a newspaper from a small Kansas town that hasn't been attacked. It's produced by a 80 year old man with his mechanical typewriter. Maybe these major American news organizations could learn a thing or two from him.

    • Re:Attack details? (Score:4, Interesting)

      by astralagos (740055) on Saturday February 02, 2013 @12:22PM (#42771369)
      APT attacks are well understood, it's just that they're not very technologically complex. They are, fundamentally, con jobs. You research somebody with a public identity, send a forged email with a trojan, and wait for somebody to open it. The success of the attack is dependent on finding a large enough group that somebody will open the mail. If you want an early example of a discussion of this, read Shishir Nagaraja's and Ross Anderson's "Snooping Dragon" paper.

      As for malware signatures, they've been increasingly ineffective for years. Attackers can buy AV as well, and it's easier for them to tweak their software to evade AV then it is for defenders to generate new signatures. AV's very good at protecting you from yesterday's attack. If you don't have a signature though, it usually takes month to identify a subverted host.

    • Re:Attack details? (Score:5, Interesting)

      by guttentag (313541) on Saturday February 02, 2013 @12:44PM (#42771531) Journal
      Disclosure: I am a former Washington Post employee

      The Post doesn't seem to officially be divulging details. Sure, they're reporting on it now that the word is out through a former employee's blog citing an unnamed former employee (neither of those people are me) as a source, but the article actually has a Post spokesperson denying one of the claims of the article (that the Post handed over one of its servers to the NSA for study). This isn't the paper contradicting itself – it's what ethics look like in practice at a good newspaper. The paper can report on itself even when the top brass don't want to.

      However, in the New York Times story on its own intrusion, it was stated that AT&T "monitors" the company's network and noticed unusual traffic patterns. AT&T alerted athe Times, who asked them to keep an eye on it, and then brought Mandiant in to consult.

      Going back to The Post's story, the company's claim that it did not turn over a server to the NSA casts the issue of China hacking U.S. newspapers in a new light... if you read between the lines. Newspapers (especially The Post and The Times) see themselves as a fiercely-independent check on the government. Watergate-era readers would be as appalled at the idea of The Post handing over servers to the NSA as MacWorld attendees were in the 90s at seeing Bill Gates's face on screen during Job's speech. From a PR perspective, it just looks wrong. China might actually do more to harm these papers by getting them to run into the arms of the U.S. government. It's one thing to think China may have found out you're talking to a reporter... Quite another to think both the U.S. and China may later discover you were the anonymous source for a story they didn't want out. It's unlikely that the NSA is rooting around the server looking for political whistleblowers, but the idea of it has a chilling effect on potential sources who think of The Post as the institution that protected Deep Throat's identity for decades, at great risk to itself.
  • by Anonymous Coward

    Let's just list the companies that have been verified not to have been attacked by the Chinese.

  • I figure... (Score:4, Insightful)

    by Xenna (37238) on Saturday February 02, 2013 @11:45AM (#42771161)

    Symantec has probably been hacked by the Chinese too...

  • Someone at Anonymous works for Symantec
  • by peterindistantland (1487953) on Saturday February 02, 2013 @12:00PM (#42771245)
    Is that why I was modded down last time?
  • by OS24Ever (245667) * <trekkie@nomorestars.com> on Saturday February 02, 2013 @12:00PM (#42771249) Homepage Journal

    I'm curious why repeated attacks "by the Chinese" have invoked no response from the government? It seems odd that we have US Companies being attacked on US soil and there's not even a peep about it.

    I'm not saying bomb people but tis seems.....weird...

    • Re: (Score:3, Interesting)

      by mitchaki (1797554)
      Maybe it has something to do with the large amounts of money the US owes China. It could also have to do with the US government trying to hide the fact that the Dept. of Homeland Security is completely inept and a huge fail when it comes to cybersecurity.
      • by oodaloop (1229816)
        What do you want the DHS to do? Go into every company and tell them how to set up their networks?
        • by mitchaki (1797554)
          Haha..of course not, I have no trust in them when they can't even defend their own .gov domains. Is there any other insights that you can offer? Or do you just ask silly questions?
    • by pushing-robot (1037830) on Saturday February 02, 2013 @12:24PM (#42771377)

      Because...

      (a) We can't be sure the attack originated in China, it could have simply been proxied through there (there are plenty of vulnerable Chinese systems).
      (b) Even if it was, we can't prove it was organized by the Chinese government (there are plenty of non-state hackers in plenty of countries).
      (c) Even if it was, lots of governments engage in low-level espionage (including your own) without significant diplomatic repercussions.

      Gathering intelligence isn't typically considered an "act of war" unless it is seen as a prelude to invasion or otherwise causes physical harm.
      If it was, intelligence agencies would have started World Wars 3 through 17 by now.

      • by Anonymous Coward

        You forgot about the part where the current administration tends to minimize most things that would be considered "egg on the face" of any other administration. Most people will never know about this, and they definitely should.

        They've got the media in their pockets, and they know it.

        They've got most of *you* in their pocket, and we know it.

        Let the illogical defending begin. Always fun to watch on slashdot.

      • by oodaloop (1229816) on Saturday February 02, 2013 @12:46PM (#42771547)

        (a) We can't be sure the attack originated in China, it could have simply been proxied through there (there are plenty of vulnerable Chinese systems).

        ...which were associated with Chinese military? These weren't random machines. The proxies the Chinese used were random machines in the US, and the attacks were traced back to machines associated with the Chinese govt. This has happened many times in the past, and we know of large Chinese military units engaged in cyber warfare. How many attacks like this have to happen before people realize what kind of war we are in?

        • by Anonymous Coward on Saturday February 02, 2013 @01:02PM (#42771667)

          Those of us who have traced APT through a few proxies (typically only one) back to a large building owned by various Chinese government agencies can assure you that a very large scale industrial espionage program is underway, with occasional sidelines into attempting to trace methods and sources. There are mountains of evidence, most of it feed into shredders under the instruction of corporate lawyers. And most US corporations are so dependent on deeply flawed Microsoft technologies and caught so deep in political games that most of the time they'd rather bury their head in the sand and ask subordinates to delete all evidence than actually do anything proper about it. IT is a cost center, and you can't demonstrate security ROI in a way that passes modern MBA scrutiny. All corporate divisions exist only to bump the stock price this quarter, which means we have to keep cutting cost and overhead. With few exceptions, investment is basically dead in the US corporate world.

        • by dkleinsc (563838)

          How many attacks like this have to happen before people realize what kind of war we are in?

          One in which nobody's died?

          • by oodaloop (1229816)
            Good idea. Let's do nothing and wait until it's too late to save lives. Skate to where the puck's gonna be. Our power grid is going smart, meaning more and more things are connected to the internet, including all of our critical infrastructure. The internet of things is growing, with things like stoves and coffee pots hooked up to home networks (highly secure, I'm sure). China, Russia, Iran, and even North Korea (believe it or not) all have robust cyber offensive capabilities. This is where the next war wil
        • by c0lo (1497653)

          How many attacks like this have to happen before people realize what kind of war we are in?

          You don't feel good you don't define a situation as being "at war", don't you?

          • by oodaloop (1229816)
            I don't know if I don't understand what you're trying to say, don't I.
            • by c0lo (1497653)

              (perhaps I should have replied to the OS24Ever OP) I'm a bit sick of the "being at war" ethos. In which:
              * every attack is categorized as "being at war", disregarding how harmless or serious the attack actually is (I'd see Aaron Swartz as a victim of such a mentality: from where else the need "to make an example of him"?)
              * "war on concepts" are no longer just metaphors

              Without being a symptom that's unique and defining the "disease", it is highly consistent with "former giants about to fall": inability to

      • China, due to the Great Firewall, is slow as shit, lossy, and the worst place on the planet to route your traffic through. Not when there are Botswana, Russia, Belarus, etc. However if you're with the Chinese government, you get an unblocked clean line that is just as good as 1000mbps DSL in Korea.
    • by Shavano (2541114)
      What are you on about? The government talks about this all the time.
    • by guttentag (313541)

      I'm curious why repeated attacks "by the Chinese" have invoked no response from the government? It seems odd that we have US Companies being attacked on US soil and there's not even a peep about it.

      I have three simple answers for you:

      • When the U.S. military conducts a "cyber" strike on another country, they're not going to tell you. Not even a peep. No one died, no maimed vets missing legs, so no one needs to know. The odds are they were already "at war" with China in "cyberspace" before this happened.
      • These intrusions are not worth risking a real war.
      • The U.S. government is just as interested in knowing who reporters are talking to as the Chinese are. Why would they want to stop this when China is
    • by MikeMo (521697)
      I'm curious why repeated attacks "by the Chinese" have invoked no response from the government? It seems odd that we have US Companies being attacked on US soil and there's not even a peep about it.

      How do you know we're not doing anything about it?
    • Can someone remind me who wrote Stuxnet? - and how is this any worse?

      • by mbkennel (97636) on Saturday February 02, 2013 @04:21PM (#42772989)

        One is trying to stop a religious dicatorship from making nuclear weapons.

        The other is trying to intimidate people (and imprison them) who look into and talk about the corrupt financial shenanigans of a secular dictatorship.

        If Stuxnet were directed at a German newspaper which printed a story about Dick Cheney's purloined billions, then it would be pretty comparable, but the U.S. government isn't actually going to do something like that, because, believe or not, some of the people in charge of doing the operation might believe it to be immoral.

    • by mjwalshe (1680392)
      Do you think any response has to be overt - there is more than one way to apply pressure as FDR said sneaking softly sometimes means you don't have to use the big stick.
      • by gmhowell (26755)

        Do you think any response has to be overt - there is more than one way to apply pressure as FDR said sneaking softly sometimes means you don't have to use the big stick.

        Wrong Roosevelt.

    • by c0lo (1497653)

      I'm curious why repeated attacks "by the Chinese" have invoked no response from the government? It seems odd that we have US Companies being attacked on US soil and there's not even a peep about it.

      "Citizen, you want to be safe of intrusion? Well, it's mandatory everybody releases to us their private encryption key..."

      Would you still want govt to step in?

    • by Maudib (223520)

      Saying something and doing something are not the same thing. If the government is doing something, talking about it would quite likely be very dumb.

  • I'm sure a myriad of complot theories are being concocted as we speak. Based on the world population, the probability of Chinese hacking anyone are roughly 1 in 6. Considering that, China scores much higher than almost any other country.
    • by oodaloop (1229816)
      I guess that might make even the slightest amount of sense if a Norwegian farmer and a Zimbabwean goat herder had the same likelihood of using a computer owned by the Chinese military.
  • by Anonymous Coward

    So do those people really think that the Chinese are the first to hack into their servers?

    Something tells me they don't actually reveal that Americans have been hacking into their servers for years aswell, because they want to hype up the entire cyber-terrorism and warfare thing. You know, makes it easier for politicians to push through even more bills that kill off the internet.

  • Has this info been made public?
  • "The story also notes that the Post relied on software from Symantec, the same security software that failed to detect intrusions at The New York Times for many months."

    Golly, it's almost as if relying upon detection after the fact or at entry point is no real protection. Oh, but you say, defense in depth! Well, defense in depth is great. But, intrusion detection of the sort is like tissue paper when you might get thousands of attacks daily. The only real defense is actually having software that isn't e

    • by colfer (619105)

      Symantec, I wonder what goes on there. Hope the engineering is better than the fairly ridiculous adventure I had with customer service. I was reporting a bug in the "Verified" seals for my paying client: the web wizard generates the wrong seals because the product matrix has not kept up with the threeway conversion of Verisign, Symantec and Norton. On the fourth customer service rep I finally had someone who knew what he was talking about. Refreshingly, he was blunt and did not end by asking me if I had any

  • What is the point on the IT department if your going to blame off the shelf software. The software is a rough first stop but in no way a completely solution for prevention. Before you blame the software also blame the IT department.
  • by Anonymous Coward

    That monolithic entity known only as THE CHINESE.

    Odd that when Anonymous deface a bank's website we don't say THE AMERICANS hacked it.

  • by edibobb (113989) on Saturday February 02, 2013 @12:57PM (#42771629) Homepage
    Of course it's a sophisticated attack. It happened to a big company, and they cannot be held responsible. If it happened to me on my home PC or at a small business, it would be my own fault for having inadequate security.
  • If the main story on the front pages is "Hacked by Chinese", was that supposed to be the main story or is it just script kiddies bragging?

  • http://it.slashdot.org/story/13/02/02/0340220/twitter-hacked [slashdot.org]

    Looks like bad things do happen in threes — Twitter's report comes on the heels of disclosures of hacking attacks on the WSJ and NY Times.

    Can we please get rid of that ridiculous expression?

  • Next thing you'll be telling me sometimes the government lies.

"Only the hypocrite is really rotten to the core." -- Hannah Arendt.

Working...