Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
The Media China Cloud Security

Major US News Publisher Breached, Chinese Supply-Chain Attack Suspected (kentucky.com) 73

The Associated Press reports: News Corp., publisher of The Wall Street Journal, said Friday that it had been hacked and had data stolen from journalists and other employees, and a cybersecurity firm investigating the intrusion said Chinese intelligence-gathering was believed behind the operation.

The Journal, citing people briefed on the intrusion, reported that it appeared to date back to February 2020 and that scores of employees were impacted. It quoted them as saying the hackers were able to access reporters' emails and Google Docs, including drafts of articles. News Corp., whose publications and businesses include the New York Post and Journal parent Dow Jones, said it discovered the breach on Jan. 20. It said customer and financial data were so far not affected and company operations were not interrupted. But the potential impact on news reporting and sources was a serious concern.

News organizations are prime targets for the world's intelligence agencies because their reporters are in constant contact with sources of sensitive information. Journalists and newsrooms from Mexico and El Salvador to Qatar, where Al-Jazeera is based, have been hacked with powerful spyware.

Mandiant, the cybersecurity firm examining the hack, said in a statement that it "assesses that those behind this activity have a China nexus, and we believe they are likely involved in espionage activities to collect intelligence to benefit China's interests...." FBI Director Christopher Wray said in a speech this week that the bureau opens investigations tied to suspected Chinese espionage operations about every 12 hours, and has more than 2,000 such probes. He said Chinese government hackers have been pilfering more personal and corporate data than all other countries combined. While state-backed Russian hacking tends to get more headlines, U.S. officials say China has been stealthily stealing far more valuable commercial and personal data over the past few decades as digital technology took hold.

CBS News reports that "preliminary findings point to a supply chain hack," since News Corp wrote in its report that they'd discovered one of the third-party providers supporting their technology and "cloud-based" systems "was the target of persistent cyberattack activity."

The Associated Press adds that major newsrooms have also been compromised previously, including a 2013 cyberespionage attack against the New York Times in 2013. A former information security executive at the paper explaining "that while major newsrooms have shown a lot of progress in the last few years in helping their journalists navigate an increasingly hostile digital world, those efforts are not adequate to defend against a skilled and determined adversary like China."
This discussion has been archived. No new comments can be posted.

Major US News Publisher Breached, Chinese Supply-Chain Attack Suspected

Comments Filter:
  • by XXongo ( 3986865 ) on Saturday February 05, 2022 @03:53PM (#62240931) Homepage

    OK, get ready for the chain of China partisans saying "Why accuse China, America's just as bad! Everybody does it!"

    This article is about China doing it. Even if other nations also spy, that doesn't excuse them.

    • No.

      However, this strangely coincides with the FBI director claiming China to be the greatest threat to America (especially in the infosphere). I somehow suspect that if these news came out a couple of weeks back Mandiant would have "discovered" a definitive highly likely almost certain Russian link.

    • Except that the US doesn't attack Chinese media companies?

      • by AmiMoJo ( 196126 )

        The NSA and their British counterpart GCHQ are known to have targeted journalists... In their own countries. I'm sure they do it to foreign ones as well.

        Journalists have always been targeted, it would be strange if they were being ignored for some reason.

        • The NSA and their British counterpart GCHQ are known to have targeted journalists... In their own countries.

          So you could just say, instead, "Yes, you're right, I have no evidence of them doing that."

          I'm sure

          You don't have any evidence of it, but you're sure?

          Wait, are you a moron?

          And anyway, no, you don't know anything about what the NSA is doing. You don't know anything about how they get their data. You probably don't even know what part of the government the NSA is.

          GCHQ

          Is not part of the US government, and who cares what they do? Not relevant. British people don't have any Constitutional rights except for the ones their

      • by jaa101 ( 627731 )

        Except that the US doesn't attack Chinese media companies?

        How would you know? Perhaps a bigger difference between the two countries is that US companies often reveal if they've been hacked whereas Chinese companies almost never do. It's naive to think that the reason is that US companies are hacked more often.

        • The US doesn't even try to discourage journalists from saying unwanted things, so it's pretty stupid to imagine they'd hack them to... to what? To do fucking what with the knowledge? They don't attack journalists, they don't try to discredit journalists whose opinions they don't like, they don't force American expats in that country to give them creepy visits and park their cars across the street from their houses to harass them. Chinese journalists who shitpost about the US don't get arrested when the airp

    • by AmiMoJo ( 196126 )

      The problem is we only get one side of this. We never see stories about Chinese journalists getting hacked by our governments.

      The result is an endless stream of stories about how awful China is for doing this completely normal thing that we do too. It creates fear and anger and that's not very pleasant for Chinese people, including the ones who live among us. They have already had the pandemic and all that "Chinese flu" bullshit to deal with.

      I don't know what the solution is because clearly there is a good

    • Hold off on the self-righteous indignation before all the facts are in. There's no proof "China did it", only allegations. The corporation involved in a notoriously right-wing who will use any opportunity to scapegoat their readers' favorite bogeymen.

      PS: I'm annoyed the (corrupt) IOC chose China for the Olympics because they're pumping money into an authoritarian regime and multinational corporations are profiteering from it.

    • OK, get ready for the chain of China partisans saying "Why accuse China, America's just as bad! Everybody does it!"

      This article is about China doing it. Even if other nations also spy, that doesn't excuse them.

      Too late.

  • ...the conspiracies about China, but was too slow.

    This is why you don't use the cloud...

  • by aitikin ( 909209 ) on Saturday February 05, 2022 @04:00PM (#62240965)

    "...including a 2013 cyberespionage attack against the New York Times in 2013."

    Good job EditorDavid!

  • Cloud! (Score:4, Insightful)

    by Gravis Zero ( 934156 ) on Saturday February 05, 2022 @04:04PM (#62240979)

    Everyone loves the cloud! When you rely on the cloud, you don't have to worry about security! /s

    Seriously though, people need to learn to distrust systems and design software around distrust and isolation. However, apparently there is too much money to be made by not giving a damn about [re-]designing software around the expectation that part of it is flawed.

    • by AmiMoJo ( 196126 )

      They need services that can be accessed from anywhere, so that journalists can submit stories and photos, as well as access their email and company resources like contact lists.

      They could do it in house, but as we have seen in house systems regularly get hacked too. At least if they outsource it they have someone else to blame when it inevitably happens.

      • They need services that can be accessed from anywhere, so that journalists can submit stories and photos,

        Easy to do without exposing all your data.

        as well as access their email and company resources like contact lists.

        More difficult but each user could be isolated.

        However, I take more issue with the software design. Server software always seem to be complex and intertwined, requiring a significant amount of trust that none of the software is flawed. This is a huge design mistake. I could spell out how to properly design a program for interfacing with a network but I'd just be wasting my own time because companies don't care.

  • by Freischutz ( 4776131 ) on Saturday February 05, 2022 @04:14PM (#62241013)
    Couldn't have happened to a more deserving soulless mega corporation.
  • Obligatory "Round up the usual suspects" [youtu.be]. Here's lookin' at you, kid.

  • Yet more Cyber Bullshit from the Microsoft slashdot.
  • The schadenfreude is strong with this one...

  • by oldgraybeard ( 2939809 ) on Saturday February 05, 2022 @05:30PM (#62241215)
    Since, there are hardly any journalist still in the news business most are just political hacks now for one side or the other. I don't see much of a problem. A pundits personal thoughts and political beliefs? Who cares if any of that is stolen. it is not like anything the Main Stream Media does these days is real or news.
    • "emails and Google Docs, including drafts of articles" OK so everything was made public on purpose! So where was the breach? Duh?
    • by AmiMoJo ( 196126 )

      Journalists sometimes have a lot of notes on things said to them off the record. Politicians give them inside info not for publication, in exchange for favours.

      • "notes on things said to them off the record" Real sources are just so confining and old fashion. How quaint! No one uses those anymore! In the world of unpaid intern and staff gossip and political agendas.
    • Unfortunately any China contacts that were used in publishing the stories, and those who leaked out news that was potentially embarrasing to China, are now potentially exposed.

      This may end up detering other China contacts that other organisations have as well.

  • by david.emery ( 127135 ) on Saturday February 05, 2022 @06:08PM (#62241285)

    Should a supplier or outsourcing company be legally liable when their product/service fails like this?

    I certainly think so. But I know that's not a view that is widely shared here.

  • This will continue until CONgress passes a trivial bill to get all citizens/legal immigrants a digital certificates
  • More likely they just had absolutely horrible IT security and some semi-competent managed to hack them. Now they need to shift blame away form their own incompetence and hence blame what they perceive to be the scariest possible opponent as in "nobody can prevent being hacked by the Chinese".

    Well, here is news: Competent Chinese hackers do not leave traces and do not get caught, at least on badly secured targets. On well secured targets, they do not attack, because they know they will get caught. Same for t

  • See https://www.wired.com/story/th... [wired.com] Who expects a newspaper to be up there with the experts. The way to prevent future hacking is to have a ton of deep fake articles to give the baddies scandalous and savory sexual misadventures of their leaders and generals, and secret foreign palaces stocked with gold handled toilet brushes, owned by the servant. Oh wait.
  • Given the war that Newscorp is waging and has waged against anyone to the left of the Waltons, this sounds like them fighting back.

    I'm so upset. Newscorp can hack someone's phone, destroying the ability of the police to find their killer, but they're all upset when someone hacks them.

    There's a pic of a tardigrave playing the violin that fits here.

Avoid strange women and temporary variables.

Working...