The New York Times' Nicole Perlroth reports that Chinese hackers have "persistently attacked The New York Times" for the past four months, stealing every employee's corporate password and installing malware that gave them access to any computer on the company's network.
"The timing of the attacks coincided with the reporting for a Times investigation, published online on Oct. 25, that found that the relatives of Wen Jiabao, China’s prime minister, had accumulated a fortune worth several billion dollars through business dealings," Perlroth writes.
"It's not clear how hackers originally gained access to the Times' network, but computer forensics experts from IT security firm Mandiant, which was contracted to investigate the incident, believe that the organization's employees might have been targeted via spear phishing -- an attack technique that involves sending specifically crafted email messages with malicious links or attachments," writes Computerworld's Lucian Constantin.
"According to the Times, the methods these hackers used were similar to past attacks by the Chinese military," writes CNET News' Dara Kerr. "These methods include routing attacks through U.S. university computers, constantly changing IP addresses, using e-mail malware to get into the computer system, and installing custom software to target specific individuals and documents."
"But some security experts think the available facts don't clearly demonstrate Chinese involvement," notes InformationWeek's Mathew J. Schwartz. "'The list of potential culprits who could have breached the Times network for information on Asia is far longer than just China,' said cyber warfare specialist Jeffrey Carr, who's the CEO of Taia Global, in a blog post. He also noted that tying the attacks to the Oct. 25 story appeared to be an assumption on the part of officials at the Times, since the related attacks began over a month earlier. So while that intrusion could have sparked by reporters conducting research for their Wen Jiabao story, it might also have been unrelated."
"A piece of collateral damage in the whole affair is the reputation of anti-virus giant Symantec, which provided AV protection to the Times that failed to prevent or adequately identify the attacks," Infosecurity reports. "'The Times … found only one instance in which Symantec identified an attacker’s software as malicious and quarantined it, according to Mandiant,' the paper noted."
In response, Symantec today issued the following statement: "Advanced attacks like the ones the New York Times described ... underscore how important it is for companies, countries and consumers to make sure they are using the full capability of security solutions. The advanced capabilities in our endpoint offerings, including our unique reputation-based technology and behavior-based blocking, specifically target sophisticated attacks. Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats. We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security. Anti-virus software alone is not enough."