New York Times Hacked by China
The New York Times hack was big news last week, and I spent a lot of time doing press interviews about it. But while it is an important story—hacking a newspaper for confidential sources is fundamentally different from hacking a random network for financial gain—it’s not much different than GhostNet in 2009, Google’s Chinese hacking stories from 2010 and 2011, or others.
Why all the press, then? Turns out that if you hack a major newspaper, one of the side effects is a 2,400-word newspaper story about the event.
It’s a good story, and I recommend that people read it. The newspaper learned of the attack early on, and had a reporter embedded in the team as they spent months watching the hackers and clearing them out. So there’s a lot more detail than you usually get. But otherwise, this seems like just another of the many cyberattacks from China. (It seems that the Wall Street Journal was also hacked, but they didn’t write about it. This tells me that, with high probability, other high-profile news organizations around the world were hacked as well.)
My favorite bit of the New York Times story is when they ding Symantec for not catching the attacks:
Over the course of three months, attackers installed 45 pieces of custom malware. The Times —which uses antivirus products made by Symantec —found only one instance in which Symantec identified an attacker’s software as malicious and quarantined it, according to Mandiant.
Symantec, of course, had to respond:
Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats. We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security. Anti-virus software alone is not enough.
It’s nice to have them on record as saying that.
EDITED TO ADD (2/6): This blog post on Symantec’s response is really good.