Major US News Publisher Breached, Chinese Supply-Chain Attack Suspected (kentucky.com) 73
The Associated Press reports:
News Corp., publisher of The Wall Street Journal, said Friday that it had been hacked and had data stolen from journalists and other employees, and a cybersecurity firm investigating the intrusion said Chinese intelligence-gathering was believed behind the operation.
The Journal, citing people briefed on the intrusion, reported that it appeared to date back to February 2020 and that scores of employees were impacted. It quoted them as saying the hackers were able to access reporters' emails and Google Docs, including drafts of articles. News Corp., whose publications and businesses include the New York Post and Journal parent Dow Jones, said it discovered the breach on Jan. 20. It said customer and financial data were so far not affected and company operations were not interrupted. But the potential impact on news reporting and sources was a serious concern.
News organizations are prime targets for the world's intelligence agencies because their reporters are in constant contact with sources of sensitive information. Journalists and newsrooms from Mexico and El Salvador to Qatar, where Al-Jazeera is based, have been hacked with powerful spyware.
Mandiant, the cybersecurity firm examining the hack, said in a statement that it "assesses that those behind this activity have a China nexus, and we believe they are likely involved in espionage activities to collect intelligence to benefit China's interests...." FBI Director Christopher Wray said in a speech this week that the bureau opens investigations tied to suspected Chinese espionage operations about every 12 hours, and has more than 2,000 such probes. He said Chinese government hackers have been pilfering more personal and corporate data than all other countries combined. While state-backed Russian hacking tends to get more headlines, U.S. officials say China has been stealthily stealing far more valuable commercial and personal data over the past few decades as digital technology took hold.
CBS News reports that "preliminary findings point to a supply chain hack," since News Corp wrote in its report that they'd discovered one of the third-party providers supporting their technology and "cloud-based" systems "was the target of persistent cyberattack activity."
The Associated Press adds that major newsrooms have also been compromised previously, including a 2013 cyberespionage attack against the New York Times in 2013. A former information security executive at the paper explaining "that while major newsrooms have shown a lot of progress in the last few years in helping their journalists navigate an increasingly hostile digital world, those efforts are not adequate to defend against a skilled and determined adversary like China."
The Journal, citing people briefed on the intrusion, reported that it appeared to date back to February 2020 and that scores of employees were impacted. It quoted them as saying the hackers were able to access reporters' emails and Google Docs, including drafts of articles. News Corp., whose publications and businesses include the New York Post and Journal parent Dow Jones, said it discovered the breach on Jan. 20. It said customer and financial data were so far not affected and company operations were not interrupted. But the potential impact on news reporting and sources was a serious concern.
News organizations are prime targets for the world's intelligence agencies because their reporters are in constant contact with sources of sensitive information. Journalists and newsrooms from Mexico and El Salvador to Qatar, where Al-Jazeera is based, have been hacked with powerful spyware.
Mandiant, the cybersecurity firm examining the hack, said in a statement that it "assesses that those behind this activity have a China nexus, and we believe they are likely involved in espionage activities to collect intelligence to benefit China's interests...." FBI Director Christopher Wray said in a speech this week that the bureau opens investigations tied to suspected Chinese espionage operations about every 12 hours, and has more than 2,000 such probes. He said Chinese government hackers have been pilfering more personal and corporate data than all other countries combined. While state-backed Russian hacking tends to get more headlines, U.S. officials say China has been stealthily stealing far more valuable commercial and personal data over the past few decades as digital technology took hold.
CBS News reports that "preliminary findings point to a supply chain hack," since News Corp wrote in its report that they'd discovered one of the third-party providers supporting their technology and "cloud-based" systems "was the target of persistent cyberattack activity."
The Associated Press adds that major newsrooms have also been compromised previously, including a 2013 cyberespionage attack against the New York Times in 2013. A former information security executive at the paper explaining "that while major newsrooms have shown a lot of progress in the last few years in helping their journalists navigate an increasingly hostile digital world, those efforts are not adequate to defend against a skilled and determined adversary like China."
Re:Ofcourse.. (Score:5, Insightful)
Oh right and Bush did 9/11, the CIA killed JFK, and Enron was sabotaged by Al Gore. /s
Seriously, you people are dumb. -_-
Re: (Score:1)
I reckon thousands of Professional Architects and Engineers should be listened to when they've looked at the evidence, engineering and science and came to a conclusion.
It's people who blindly accept incomplete explanations of NIST and non-science that are the idiots.
Of course, we have plenty of PR employees coming to slashdot (and all other 'influential' websites) trying to distract from facts that we were lied to about 9/11. We have proof of what happened, just none on WHO did it. Not that it isn't fucking
Re: (Score:2)
It is better to remain silent at the risk of being thought a fool than to talk and remove all doubt of it.
Re: (Score:1, Troll)
Let me guess, shill for China you're a Chinese expat in the south pacific and you're still afraid of the CCP.
Re: (Score:1, Troll)
Nope, european here, with the facts that the US is spying on our countries.
What does foreign countries spying on you have to do with you lying about this story?
If you think that is fair play, then perhaps we should keep a closer eye on your activities...
Re: Ofcourse.. (Score:2)
Re: (Score:1)
Isn't it obvious? A simple FISA warrant would provide them with the information they wanted without causing a stir. You're a fool.
Re: (Score:1)
Who says I'm lying? You don't know that, you just believe anything you're told.
See, right there you're lying again. You're making a positive assertion that you absolutely don't have any evidence of. That's a type of lie. You don't know if it is true, but you're asserting it as true anyway.
If you don't know, you don't know. It doesn't mean [stupid absolute] is somehow true.
Re: Ofcourse.. (Score:2)
Re: (Score:2)
All countries spy, Bunny Rabbit. It is how we prevent surprises.
Re: (Score:3)
The government doesn't need to hack your files. It can get them all with a secret warrant that no one will ever know about, and you can't tell anyone about.
Here come the whatabouters (Score:4, Insightful)
OK, get ready for the chain of China partisans saying "Why accuse China, America's just as bad! Everybody does it!"
This article is about China doing it. Even if other nations also spy, that doesn't excuse them.
Re: (Score:1)
If you think America has "been pilfering more personal and corporate data than all other countries combined" you need to show evidence.
Re: (Score:2)
If you think America has "been pilfering more personal and corporate data than all other countries combined" you need to show evidence.
When and where did I say that?
Re: (Score:2)
"America doesn't do this on a regular basis?"
Re: (Score:1)
"America doesn't do this on a regular basis?"
Nice try at pivoting Kellyanne, now try again. When did I say: "America has been pilfering more personal and corporate data than all other countries combined" ??
Re: (Score:1)
It was right there in the article buddy, and then you said "America doesn't do this on a regular basis?"
Re: (Score:1)
It was right there in the article buddy, and then you said "America doesn't do this on a regular basis?"
One more time Kellanne, "America doesn't do this on a regular basis?" is not the same as "America has been pilfering more personal and corporate data than all other countries combined", not even close. Now when and where did I say "America has been pilfering more personal and corporate data than all other countries combined".
Re: (Score:1)
Actually it does. Keep running!
Re: (Score:2)
Actually it does. Keep running!
No Kellyanne, I'm perfectly content to keep asking you when and where did I say "America has been pilfering more personal and corporate data than all other countries combined". (Hint: I didn't).
Re: (Score:2, Informative)
In that case, what "this" were you talking about when you said "America doesn't do this on a regular basis?". Was it what was clearly described in the article?
You are welcome to try to walk it back.
Re: (Score:1)
In that case, what "this" were you talking about when you said "America doesn't do this on a regular basis?". Was it what was clearly described in the article?
You are welcome to try to walk it back.
There you go again Kellyanne, pivoting. Now where did I say "America has been pilfering more personal and corporate data than all other countries combined". (Hint: I didn't).
Re: (Score:2)
"America doesn't do this on a regular basis?"
Everyone does it Mr, Wang. You need to do better to earn your yuan.
Found the whatabouter (Score:2)
OK, get ready for the chain of China partisans saying "Why accuse China, America's just as bad! Everybody does it!" This article is about China doing it. Even if other nations also spy, that doesn't excuse them.
America isn't just as bad, America doesn't do this on a regular basis? https://en.wikipedia.org/wiki/... [wikipedia.org] You reap what you sow.
Found the whatabouter!
Re: (Score:1)
However, this strangely coincides with the FBI director claiming China to be the greatest threat to America (especially in the infosphere). I somehow suspect that if these news came out a couple of weeks back Mandiant would have "discovered" a definitive highly likely almost certain Russian link.
Re: (Score:2)
So its all a conspiracy? And Mandiant is controlled by the FBI?
Re: (Score:3)
Except that the US doesn't attack Chinese media companies?
Re: (Score:2)
The NSA and their British counterpart GCHQ are known to have targeted journalists... In their own countries. I'm sure they do it to foreign ones as well.
Journalists have always been targeted, it would be strange if they were being ignored for some reason.
Re: (Score:2)
The NSA and their British counterpart GCHQ are known to have targeted journalists... In their own countries.
So you could just say, instead, "Yes, you're right, I have no evidence of them doing that."
I'm sure
You don't have any evidence of it, but you're sure?
Wait, are you a moron?
And anyway, no, you don't know anything about what the NSA is doing. You don't know anything about how they get their data. You probably don't even know what part of the government the NSA is.
GCHQ
Is not part of the US government, and who cares what they do? Not relevant. British people don't have any Constitutional rights except for the ones their
Re: (Score:2)
Evidence in the Snowden leaks, and from the journalists themselves.
Re: (Score:2)
Except that the US doesn't attack Chinese media companies?
How would you know? Perhaps a bigger difference between the two countries is that US companies often reveal if they've been hacked whereas Chinese companies almost never do. It's naive to think that the reason is that US companies are hacked more often.
Re: (Score:2)
The US doesn't even try to discourage journalists from saying unwanted things, so it's pretty stupid to imagine they'd hack them to... to what? To do fucking what with the knowledge? They don't attack journalists, they don't try to discredit journalists whose opinions they don't like, they don't force American expats in that country to give them creepy visits and park their cars across the street from their houses to harass them. Chinese journalists who shitpost about the US don't get arrested when the airp
Re: (Score:2)
The problem is we only get one side of this. We never see stories about Chinese journalists getting hacked by our governments.
The result is an endless stream of stories about how awful China is for doing this completely normal thing that we do too. It creates fear and anger and that's not very pleasant for Chinese people, including the ones who live among us. They have already had the pandemic and all that "Chinese flu" bullshit to deal with.
I don't know what the solution is because clearly there is a good
Re: (Score:1)
Hold off on the self-righteous indignation before all the facts are in. There's no proof "China did it", only allegations. The corporation involved in a notoriously right-wing who will use any opportunity to scapegoat their readers' favorite bogeymen.
PS: I'm annoyed the (corrupt) IOC chose China for the Olympics because they're pumping money into an authoritarian regime and multinational corporations are profiteering from it.
Re: (Score:2)
OK, get ready for the chain of China partisans saying "Why accuse China, America's just as bad! Everybody does it!"
This article is about China doing it. Even if other nations also spy, that doesn't excuse them.
Too late.
Tried to get in before... (Score:2)
...the conspiracies about China, but was too slow.
This is why you don't use the cloud...
Redundant Department of Redundancy (Score:4, Funny)
"...including a 2013 cyberespionage attack against the New York Times in 2013."
Good job EditorDavid!
Re: (Score:2)
Cloud! (Score:4, Insightful)
Everyone loves the cloud! When you rely on the cloud, you don't have to worry about security! /s
Seriously though, people need to learn to distrust systems and design software around distrust and isolation. However, apparently there is too much money to be made by not giving a damn about [re-]designing software around the expectation that part of it is flawed.
Re: (Score:2)
They need services that can be accessed from anywhere, so that journalists can submit stories and photos, as well as access their email and company resources like contact lists.
They could do it in house, but as we have seen in house systems regularly get hacked too. At least if they outsource it they have someone else to blame when it inevitably happens.
Re: (Score:2)
They need services that can be accessed from anywhere, so that journalists can submit stories and photos,
Easy to do without exposing all your data.
as well as access their email and company resources like contact lists.
More difficult but each user could be isolated.
However, I take more issue with the software design. Server software always seem to be complex and intertwined, requiring a significant amount of trust that none of the software is flawed. This is a huge design mistake. I could spell out how to properly design a program for interfacing with a network but I'd just be wasting my own time because companies don't care.
Couldn't have ... (Score:5, Funny)
Re: (Score:1)
Hahaha. Rupert Murdoch's rags. Unfortunately, they also used the opportunity to blame a lab in Wuhan for hacking them.
Obligatory (Score:2)
Obligatory "Round up the usual suspects" [youtu.be]. Here's lookin' at you, kid.
Re: (Score:1)
Keyser Söze!
Cyber Bullshit! (Score:1)
Hmmmm.... (Score:2)
The schadenfreude is strong with this one...
Journalist and their data? (Score:4, Insightful)
Re: (Score:2)
Re: (Score:2)
Journalists sometimes have a lot of notes on things said to them off the record. Politicians give them inside info not for publication, in exchange for favours.
Re: (Score:2)
Re: (Score:2)
Unfortunately any China contacts that were used in publishing the stories, and those who leaked out news that was potentially embarrasing to China, are now potentially exposed.
This may end up detering other China contacts that other organisations have as well.
Outsourced liability? (Score:3)
Should a supplier or outsourcing company be legally liable when their product/service fails like this?
I certainly think so. But I know that's not a view that is widely shared here.
So stupid (Score:2)
Unlikely (Score:1)
More likely they just had absolutely horrible IT security and some semi-competent managed to hack them. Now they need to shift blame away form their own incompetence and hence blame what they perceive to be the scariest possible opponent as in "nobody can prevent being hacked by the Chinese".
Well, here is news: Competent Chinese hackers do not leave traces and do not get caught, at least on badly secured targets. On well secured targets, they do not attack, because they know they will get caught. Same for t
Remember RSA (Score:2)
i've seen worse... (Score:1)
#insert tiny_violin.h (Score:2)
Given the war that Newscorp is waging and has waged against anyone to the left of the Waltons, this sounds like them fighting back.
I'm so upset. Newscorp can hack someone's phone, destroying the ability of the police to find their killer, but they're all upset when someone hacks them.
There's a pic of a tardigrave playing the violin that fits here.