Feeds

First the NYT, now the Wall Street Journal: But are hacking attacks from China new?

If this is a surprise, where have you been for a decade? Mars?

Security for virtualized datacentres

Analysis The Wall Street Journal is the latest media titan after the New York Times to admit it was raided by Chinese hackers.

The WSJ confessed on Thursday a day after the NYT similarly blamed intruders linked to China's military for a persistent four-month assault against its computer systems.

The attack against the NYT used a combination of spear-phishing - targeting specific individuals in a company - and customised malware. The newspaper's observation that its Symantec-supplied protection systems only spotted one of the 45 incoming software nasties provoked a defensive statement from the antivirus maker.

As previously reported, the NYT said the attack resulted in the theft of staff passwords. It reckoned the espionage was an attempt to discover how the paper came to run an expose on outgoing Chinese Premier Wen Jiabao's family finances. The NYT hired internet security firm Mandiant to investigate the network compromises.

The WSJ goes into less detail about the assault against its systems, but said that hackers were trying to monitor its China coverage. Journal publisher Dow Jones & Co said its broadsheet's computer had been infiltrated by Chinese miscreants and that these attacks were geared towards identifying sources for stories and information on upcoming articles.

The Journal was notified by the FBI of a potential security breach in the middle of last year and that a subsequent investigation suggested that journalists in the paper's Beijing bureau - such as Jeremy Page and bureau chief Andrew Browne - were the targets. We're told that the intruders gained access to the overseas office's PCs and used them as a route to infiltrate the paper's global computer system.

It said that the attacks were the latest in a series of assaults from China against the WSJ.

News agencies are also plagued by spies creeping in over the internet: the WSJ reports that Reuters was hacked twice in August. The newswire either doesn't know or isn't prepared to say who it reckons was behind the attacks. Bloomberg said it was also targeted by hackers but claims that it was able to fend off the assault.

Western organisations accuse the hackers of having strong links to China's Communist-run government. The WSJ even quotes web security biz CrowdStrike as saying that one of the 20 Chinese hacking groups it tracks specialises in attacking the media industry.

China's foreign ministry has angrily rejected allegations of state collusion; its top brass said any suggestion that officials masterminded cyber-incursions into major US news outlets is "groundless" and "totally irresponsible".

"It is irresponsible to make such an allegation without solid proof and evidence," Foreign Ministry spokesman Hong Lei said. "The Chinese government prohibits cyber-attacks and has done what it can to combat such activities in accordance with Chinese laws."

Hong added that China itself had been the victim of hackers but declined to identify the infiltrators nor who or what they targeted within the Asian nation's Great Firewall.

APT as easy as ABC

So-called Advanced Persistent Threat (APT) attacks against media outlets are part of a huge range of attacks against high-tech companies, government agencies, oil exploration outfits, defence contractors and so many others. And it has been going on for years.

More recently, the onslaughts have moved on from spear-phishing to planting malicious code on websites commonly visited by workers at targeted organisations - a so-called watering hole attack. This is ultimately designed to spread customised malware.

Victims of an ongoing campaign - variously codenamed Aurora, TitanRain, ShadyRAT and Night Dragon - over the years have included Google, RSA, and Coca-Cola in the US; Canada's Nortel; Mitsubishi Heavy industries in Japan; Rolls-Royce and Royal Dutch Shell in the UK; and numerous others.

Over the years patriotic hacker groups, who choose to defend their home nation or beat up their state's enemies, and criminals have forged alliances; this is a process thought to be facilitated by the Chinese government and in particular the Peoples' Liberation Army.

There are various roles within such outfits including malware distributors, bot masters, account brokers and, most importantly, vulnerability researchers. The Chinese often prefer to use freelance hackers for plausible deniability, but the use of Chinese-language tools first seen in internet sorties against Tibetan activists has led computer security experts to point the finger of blame towards the Chinese government in many cases.

There's little point in dismissing or being shocked by the New York Times attack, which is just one example of a serious ongoing problem that has provoked formal complaints by the US State department to foreign nations.

"Sophisticated, targeted attacks have changed the cyber landscape. Everybody is vulnerable to these threats - no organisation is safe," said Rob Cotton, chief exec at infosec biz NCC Group.

"Although we can't blame this incident purely on the antivirus software, the ongoing issue is that signature based antivirus tackles a problem that was prevalent 20 years ago but is largely irrelevant to today's cyber threats."

Antivirus is like 'homeopathy for computers'

The NYT electronic break-in was a catalyst for a debate about the effectiveness of antivirus software. There are broadly three camps to this discussion: Defenders of the continuing usefulness of the technology argue that it's necessary but insufficient. You need antivirus, and not just on the desktop, along with intrusion prevention, monitoring and other layers of protection.

The second camp argues that custom malware is always going to punch through defences so what you need is early detection of infection, and then recovery and a response to attacks. By responding quickly, organisations can minimise the effect of a breach and prevent the theft of valuable information. This approach makes a fair bit of sense when if you appreciate that attackers use an initial infection to get a foothold on a targeted organisation's network but what they're really after is often stored elsewhere. So thwarting so-called stepping stone attacks makes a lot of sense.

The third, and most vocal, camp argues that antivirus software is hopelessly outdated in the face of modern threats; some describe the industry as selling "blunt razor blades" or more damningly "homeopathy for computers".

Vendors in this camp include those who advocate white-listing as an alternative to antivirus (technology that blacklists known malicious programs). However modern security software incorporates white-listing and behaviour-based detection so this argument is far from a clincher or at least it's more complicated than it looks on the surface. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
FBI boss: We don't want a backdoor, we want the front door to phones
Claims it's what the Founding Fathers would have wanted – catching killers and pedos
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.