Washington Post: We Were Also Hacked By the Chinese 135
tsu doh nimh writes "A sophisticated cyberattack targeted The Washington Post in an operation that resembled intrusions against other major American news organizations and that company officials suspect was the work of Chinese hackers, the publication acknowledged on Friday. The disclosure came just hours after a former Post employee shared information about the break-in with ex-Postie reporter Brian Krebs, and caps a week marked by similar stories from The New York Times and The Wall Street Journal. Krebs cites a former Post tech worker saying that the publication gave one of its hacked servers to the National Security Agency for analysis, a claim that the Post's leadership denies. The story also notes that the Post relied on software from Symantec, the same security software that failed to detect intrusions at The New York Times for many months."
Yea. Me Too. (Score:3, Insightful)
I need some attention too!
What I have derived form this past weeks revelations.
1. The Chinese have no problem gaining access to what ever computer networks they wish to.
2. They seem to be most interested in themselves, kinda like creeping other people's Facebook to see what they say about you.
3. So far, they haven't found anything worth their time.
4. Organizations seem to feel that since they discovered something on their networks, they have discovered everything on their networks.
5. Fail.
I figure... (Score:4, Insightful)
Symantec has probably been hacked by the Chinese too...
How is this not an act of war? (Score:4, Insightful)
I'm curious why repeated attacks "by the Chinese" have invoked no response from the government? It seems odd that we have US Companies being attacked on US soil and there's not even a peep about it.
I'm not saying bomb people but tis seems.....weird...
Re:How is this not an act of war? (Score:4, Insightful)
Because...
(a) We can't be sure the attack originated in China, it could have simply been proxied through there (there are plenty of vulnerable Chinese systems).
(b) Even if it was, we can't prove it was organized by the Chinese government (there are plenty of non-state hackers in plenty of countries).
(c) Even if it was, lots of governments engage in low-level espionage (including your own) without significant diplomatic repercussions.
Gathering intelligence isn't typically considered an "act of war" unless it is seen as a prelude to invasion or otherwise causes physical harm.
If it was, intelligence agencies would have started World Wars 3 through 17 by now.
Re:How is this not an act of war? (Score:4, Insightful)
(a) We can't be sure the attack originated in China, it could have simply been proxied through there (there are plenty of vulnerable Chinese systems).
...which were associated with Chinese military? These weren't random machines. The proxies the Chinese used were random machines in the US, and the attacks were traced back to machines associated with the Chinese govt. This has happened many times in the past, and we know of large Chinese military units engaged in cyber warfare. How many attacks like this have to happen before people realize what kind of war we are in?
Re:Yea. Me Too. (Score:3, Insightful)
Well someone said so anyway. I guess you got it from newsclown.
I've heard enough verifiable bullshit over the years from NPR to see that it's just an ad agency for aging hippies.
Re:How is this not an act of war? (Score:5, Insightful)
Those of us who have traced APT through a few proxies (typically only one) back to a large building owned by various Chinese government agencies can assure you that a very large scale industrial espionage program is underway, with occasional sidelines into attempting to trace methods and sources. There are mountains of evidence, most of it feed into shredders under the instruction of corporate lawyers. And most US corporations are so dependent on deeply flawed Microsoft technologies and caught so deep in political games that most of the time they'd rather bury their head in the sand and ask subordinates to delete all evidence than actually do anything proper about it. IT is a cost center, and you can't demonstrate security ROI in a way that passes modern MBA scrutiny. All corporate divisions exist only to bump the stock price this quarter, which means we have to keep cutting cost and overhead. With few exceptions, investment is basically dead in the US corporate world.
Re:Yea. Me Too. (Score:5, Insightful)
Your missing the point. The fact is that somebody is hacking into the paper to figure out who the journalist's sources are.
So, it's not the average Chinese citizen trying to read the paper – it's about finding who the journalist are, what their sources are, etc – the stuff a government would need to harasses and shut down the people who are leaking the data.
Re:Yea. Me Too. (Score:3, Insightful)
You are assuming it was the Chinese government. So far I have not seen a shred of evidence to support that. There is some circumstantial evidence that the attacks may have originated from China, possibly.
It would actually make a lot more sense if it were hackers hired by the politician who has been the subject of these embarrassing stories. Of course it might just be the Chinese equivalent of Anonymous.
Re:Yea. Me Too. (Score:5, Insightful)
This is China - the lines between government, party, industry, and politician are a bit blurred. For example, IIRC, the Army reports to the party - not to the government. Elections are limited and managed. etc.
Re:The Chinese, such ingenius hackers (Score:4, Insightful)
Why is obscuring the origin of their attacks their intent? Perhaps being tracked to China is one of the points of it.
It's like poisoning a dissident with polonium: the unmistakable message of "don't fuck with Putin".
Re:Can someone remind me who wrote Stuxnet? (Score:4, Insightful)
One is trying to stop a religious dicatorship from making nuclear weapons.
The other is trying to intimidate people (and imprison them) who look into and talk about the corrupt financial shenanigans of a secular dictatorship.
If Stuxnet were directed at a German newspaper which printed a story about Dick Cheney's purloined billions, then it would be pretty comparable, but the U.S. government isn't actually going to do something like that, because, believe or not, some of the people in charge of doing the operation might believe it to be immoral.