In January this year, The New York Times, having been the victim of persistent attacks, experienced a breach which lasted four months.
A sophisticated Chinese hacking team slipped past security systems in order to deploy 45 custom malware pieces and access the computers of 53 employees -- before moving on to a domain controller, breaching the system, and gaining the hashed password of every member of staff on The New York Times payroll. Eventually, once the breach was discovered, the hackers were dispelled.
The newspaper said that it may have to do with an investigation carried out in October 2012 concerning a story which said the Chinese Prime Minister had accumulated funds through business dealings. The government official said this accusation was "groundless." However, the publication also pointed the finger at security firm Symantec for failing to protect it against the security breach. In response, the security firm said:
"Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats. We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security.Anti-virus software alone is not enough."
The Wall Street Journal then came forward, stating that the U.S. publication too had been a victim of attacks designed to monitor reports concerning China, and cyberattacks spanned several years. The WSJ said that "journal sources on occasion have become hard to reach after information identifying them was included in emails," and suggested that information gained by the attackers has worked its way to Chinese authorities, who then took action to silence whistleblowers.
No comments:
Post a Comment