Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Washington Post: We Were Also Hacked By the Chinese

Soulskill posted about a year and a half ago | from the they-just-want-to-fit-in dept.

China 135

tsu doh nimh writes "A sophisticated cyberattack targeted The Washington Post in an operation that resembled intrusions against other major American news organizations and that company officials suspect was the work of Chinese hackers, the publication acknowledged on Friday. The disclosure came just hours after a former Post employee shared information about the break-in with ex-Postie reporter Brian Krebs, and caps a week marked by similar stories from The New York Times and The Wall Street Journal. Krebs cites a former Post tech worker saying that the publication gave one of its hacked servers to the National Security Agency for analysis, a claim that the Post's leadership denies. The story also notes that the Post relied on software from Symantec, the same security software that failed to detect intrusions at The New York Times for many months."

cancel ×

135 comments

Sorry! There are no comments related to the filter you selected.

Yea. Me Too. (3, Insightful)

Anonymous Coward | about a year and a half ago | (#42771131)

I need some attention too!

What I have derived form this past weeks revelations.

1. The Chinese have no problem gaining access to what ever computer networks they wish to.

2. They seem to be most interested in themselves, kinda like creeping other people's Facebook to see what they say about you.

3. So far, they haven't found anything worth their time.

4. Organizations seem to feel that since they discovered something on their networks, they have discovered everything on their networks.

5. Fail.

Re:Yea. Me Too. (0)

flyneye (84093) | about a year and a half ago | (#42771373)

What could they possibly want with the newspapers?
They don't control anything of value.
Most of the news is bullshit and propaganda.(probably less than in China, tho)
Are they trying to insert their own journalism?( as if anyone would notice)
Are they trying to edit ours? (as if anyone would notice)
Trying for free ads?
Get free delivery?
Or is it just the Newsclowns turning into bigger attention whores than they already are?
Something to consider, lack of a good motive on the Chinese part and every bit the M.O. of Newsclowns.

Re:Yea. Me Too. (3, Funny)

jhoegl (638955) | about a year and a half ago | (#42771393)

Go back into your bunker...

NPR had a great story on this yesterday, but since you most news is propaganda, you must ask these ignorant questions.
Your ignorance breeds unto itself.

Re:Yea. Me Too. (0, Flamebait)

flyneye (84093) | about a year and a half ago | (#42771475)

NPR is no talent propaganda and will probably be the next clowns to claim a hack.

Re:Yea. Me Too. (1)

jhoegl (638955) | about a year and a half ago | (#42771523)

Clearly you understand nothing of your own situation.
You make excuses for your ignorance by claiming sources are false, when they have repeatedly been proven.
Instead you let someone else filter your information, forming your opinion for you.
Lets hope you never make a major life decision that will affect others.

Re:Yea. Me Too. (2, Insightful)

flyneye (84093) | about a year and a half ago | (#42771565)

Well someone said so anyway. I guess you got it from newsclown.
I've heard enough verifiable bullshit over the years from NPR to see that it's just an ad agency for aging hippies.

Re:Yea. Me Too. (0)

Anonymous Coward | about a year and a half ago | (#42772057)

Well someone said so anyway. I guess you got it from newsclown.
I've heard enough verifiable bullshit over the years from NPR to see that it's just an ad agency for aging hippies.

Don't make fun of my newsclown! My newsclown mocks the people and things I disagree with and warns me about threats that may or may not be real. My newsclown will build a city and only the right kind of people will be allowed to live there!
Also, why would anyone want to age hippies? The ones I know are ripe already!

Re:Yea. Me Too. (1)

flyneye (84093) | about a year and a half ago | (#42773349)

Where can I find this newsclown? Can I get a deposit back on mine?

Re:Yea. Me Too. (0)

Anonymous Coward | about a year and a half ago | (#42771877)

That this is rated Informative should make Slashdotters aware that 50 Cent party members are working on Slashdot.

Re:Yea. Me Too. (1)

cyfer2000 (548592) | about a year and a half ago | (#42772759)

I don't think /.er 84093 can be a 50 Cent party member

Re:Yea. Me Too. (5, Interesting)

alexander_686 (957440) | about a year and a half ago | (#42771409)

These newspapers have been reporting embarrassing things. Like members of the Communist Party and their family members have vast wealth – implying that this wealth is coming from inside contacts and use (or abuse) of official power. The Communist Party would be interested in who is leaking the details.

Re:Yea. Me Too. (1)

flyneye (84093) | about a year and a half ago | (#42771467)

So, why can't they use a stolen credit card number to get to the premium/pay stories?
Doesn't add up.

Re:Yea. Me Too. (4, Insightful)

alexander_686 (957440) | about a year and a half ago | (#42771683)

Your missing the point. The fact is that somebody is hacking into the paper to figure out who the journalist's sources are.

So, it's not the average Chinese citizen trying to read the paper – it's about finding who the journalist are, what their sources are, etc – the stuff a government would need to harasses and shut down the people who are leaking the data.

Re:Yea. Me Too. (1)

flyneye (84093) | about a year and a half ago | (#42771743)

Ahh thats better an actual answer rather than the newclown defense league.
Now it would be funny to find the newspapers hacked China...

Re:Yea. Me Too. (1)

alexander_686 (957440) | about a year and a half ago | (#42772121)

Define “Hack”. Are not investigative journalist suppose to investigate? Unearth buried and unpleasant truths? Being a “hack” used to be slang for being a journalist. A low class one interested in sensationalist stories, but still...

Re:Yea. Me Too. (1)

flyneye (84093) | about a year and a half ago | (#42773361)

I'm still waiting for computer saavy newsclowns, they seem to still be stuck on the tubes and pipes thing.

Re:Yea. Me Too. (2, Insightful)

AmiMoJo (196126) | about a year and a half ago | (#42771757)

You are assuming it was the Chinese government. So far I have not seen a shred of evidence to support that. There is some circumstantial evidence that the attacks may have originated from China, possibly.

It would actually make a lot more sense if it were hackers hired by the politician who has been the subject of these embarrassing stories. Of course it might just be the Chinese equivalent of Anonymous.

Re:Yea. Me Too. (3)

PCM2 (4486) | about a year and a half ago | (#42771933)

You are assuming it was the Chinese government. So far I have not seen a shred of evidence to support that. There is some circumstantial evidence that the attacks may have originated from China, possibly.

It would actually make a lot more sense if it were hackers hired by the politician who has been the subject of these embarrassing stories.

OK, did I just read your whole comment to learn that you think there's not "a shred of evidence" that it was the government, but instead you believe it was hackers hired by the government? I think I can smell my brain dying.

Of course it might just be the Chinese equivalent of Anonymous.

Do you have any idea how things work in China? Just think for a minute: Great Firewall of China, ring any bells? Go find some bandwidth statistics and see how hard it is for the Chinese to get access to fast internet connections, compared to places like South Korea or Japan. And if there really were some underground internet hacker movement composed of individuals in China -- and there isn't -- why on Earth would they attack Western newspapers, which mostly tell the truth, and not their own newspapers, which never do?

Re:Yea. Me Too. (1)

AmiMoJo (196126) | about a year and a half ago | (#42771999)

OK, did I just read your whole comment to learn that you think there's not "a shred of evidence" that it was the government, but instead you believe it was hackers hired by the government? I think I can smell my brain dying.

A politician acting for themselves is not the same as the state deciding to sanction something. When a US politician goes to jail that doesn't mean that the government committed a crime or endorsed his behaviour.

Re:Yea. Me Too. (4, Insightful)

alexander_686 (957440) | about a year and a half ago | (#42772069)

This is China - the lines between government, party, industry, and politician are a bit blurred. For example, IIRC, the Army reports to the party - not to the government. Elections are limited and managed. etc.

Re:Yea. Me Too. (1)

K. S. Kyosuke (729550) | about a year and a half ago | (#42772371)

"the lines between government, party, industry, and politician are a bit blurred"

That almost sounds like a description of Japan, too!

Re:Yea. Me Too. (3)

PCM2 (4486) | about a year and a half ago | (#42772113)

A politician acting for themselves is not the same as the state deciding to sanction something. When a US politician goes to jail that doesn't mean that the government committed a crime or endorsed his behaviour.

OK, my guess was right. You really don't understand how things work in China. My recommendation is that you go to the library, grab back issues of some reputable news source (The Economist might be a good place to start) and read up on everything you can find about the last Chinese national election. Along the way you'll learn a lot about how free Chinese politicians are to act independently. (TL;DR - China ain't the US.)

Also, just think about what you're suggesting. This isn't some politician giving an order to have some hapless old man thrown in prison. That kind of thing happens all the time in China, and nobody ever hears about it. What you're saying, though, is that some lone politician, acting completely independently and on his own initiative, hired hackers to launch an attack on the two largest, most respected newspapers in the United States. Not even the largest companies -- the largest newspapers. Exactly how was this supposed rogue, lone wolf politician planning to cover up what he did?

Re:Yea. Me Too. (1)

blue_teeth (83171) | about a year and a half ago | (#42772169)

The Power of Nightmares

Re:Yea. Me Too. (0)

Anonymous Coward | about a year and a half ago | (#42772269)

How do they know its China?

Re:Yea. Me Too. (1)

K. S. Kyosuke (729550) | about a year and a half ago | (#42772379)

Perhaps they tried to edit the name to "Wachinkton Post"?

Re:Yea. Me Too. (1)

mbkennel (97636) | about a year and a half ago | (#42772857)

"What could they possibly want with the newspapers?
They don't control anything of value.
Most of the news is bullshit and propaganda.(probably less than in China, tho)
Are they trying to insert their own journalism?( as if anyone would notice)"

Think.

They are attempting to find and punish---extremely severely---any sources who gave information to the reporters. They are threatening the reporters. They are threatening the newspapers who publish information critical of the regime's power.

Re:Yea. Me Too. (1)

flyneye (84093) | about a year and a half ago | (#42773407)

LOL, I defy them to carry out any threats to newsclowns!
Go on take your best shot! Buncha sissy Chinese hackers! Go on , I dare you!

Re:Yea. Me Too. (2)

mjwalshe (1680392) | about a year and a half ago | (#42773147)

They want to find the journalists sources so they can be sent to the gulags (if they are lucky).

Re:Yea. Me Too. (1)

flyneye (84093) | about a year and a half ago | (#42773429)

Hey N.Y.Times and Wash. Post journalists are lucky. Send them! Dunno about the luck of the WSJ guys though, wouldn't they be too rich to be journalists if they were? But fair is fair, send them too!

Re:Yea. Me Too. (1)

mjwalshe (1680392) | about a year and a half ago | (#42773495)

send Murdoch Sr and Jnr First :-)

Re:Yea. Me Too. (1)

flyneye (84093) | about a year and a half ago | (#42773673)

Added Bonus: Exhumed remains of Hearst

The Onion says Me Too, too! (2)

billstewart (78916) | about a year and a half ago | (#42772603)

The Onion, America's Finest News Source, recently posted an article saying they'd also given all their passwords to the Chinese.

Attack details? (3, Interesting)

griffjon (14945) | about a year and a half ago | (#42771135)

Has anyone seen any details on how to detect this specific method of attack, malware signatures, or similar? Cause that just might be of use, seeing the widespread nature of this.

Also, who hasn't been attacked? Bueller? Bueller?

Re:Attack details? (1)

Anonymous Coward | about a year and a half ago | (#42771339)

I know a newspaper from a small Kansas town that hasn't been attacked. It's produced by a 80 year old man with his mechanical typewriter. Maybe these major American news organizations could learn a thing or two from him.

Re:Attack details? (3, Funny)

Sulphur (1548251) | about a year and a half ago | (#42771453)

I know a newspaper from a small Kansas town that hasn't been attacked. It's produced by a 80 year old man with his mechanical typewriter. Maybe these major American news organizations could learn a thing or two from him.

William Allen White?

--

Its all Post facto.

Re:Attack details? (4, Interesting)

astralagos (740055) | about a year and a half ago | (#42771369)

APT attacks are well understood, it's just that they're not very technologically complex. They are, fundamentally, con jobs. You research somebody with a public identity, send a forged email with a trojan, and wait for somebody to open it. The success of the attack is dependent on finding a large enough group that somebody will open the mail. If you want an early example of a discussion of this, read Shishir Nagaraja's and Ross Anderson's "Snooping Dragon" paper.

As for malware signatures, they've been increasingly ineffective for years. Attackers can buy AV as well, and it's easier for them to tweak their software to evade AV then it is for defenders to generate new signatures. AV's very good at protecting you from yesterday's attack. If you don't have a signature though, it usually takes month to identify a subverted host.

Re:Attack details? (5, Interesting)

guttentag (313541) | about a year and a half ago | (#42771531)

Disclosure: I am a former Washington Post employee

The Post doesn't seem to officially be divulging details. Sure, they're reporting on it now that the word is out through a former employee's blog citing an unnamed former employee (neither of those people are me) as a source, but the article actually has a Post spokesperson denying one of the claims of the article (that the Post handed over one of its servers to the NSA for study). This isn't the paper contradicting itself – it's what ethics look like in practice at a good newspaper. The paper can report on itself even when the top brass don't want to.

However, in the New York Times story on its own intrusion, it was stated that AT&T "monitors" the company's network and noticed unusual traffic patterns. AT&T alerted athe Times, who asked them to keep an eye on it, and then brought Mandiant in to consult.

Going back to The Post's story, the company's claim that it did not turn over a server to the NSA casts the issue of China hacking U.S. newspapers in a new light... if you read between the lines. Newspapers (especially The Post and The Times) see themselves as a fiercely-independent check on the government. Watergate-era readers would be as appalled at the idea of The Post handing over servers to the NSA as MacWorld attendees were in the 90s at seeing Bill Gates's face on screen during Job's speech. From a PR perspective, it just looks wrong. China might actually do more to harm these papers by getting them to run into the arms of the U.S. government. It's one thing to think China may have found out you're talking to a reporter... Quite another to think both the U.S. and China may later discover you were the anonymous source for a story they didn't want out. It's unlikely that the NSA is rooting around the server looking for political whistleblowers, but the idea of it has a chilling effect on potential sources who think of The Post as the institution that protected Deep Throat's identity for decades, at great risk to itself.

Re:Attack details? (0)

Anonymous Coward | about a year and a half ago | (#42771839)

Newspapers (especially The Post and The Times) see themselves as a fiercely-independent check on the government.

Uh, I'd hate to tell you this, but while they might see themselves as "fiercely independent", no one else does.

Now, mind you, most people will agree that newspapers and the media in general aren't independent of the government per se, but no one seriously believes that they are independent of the political parties. Newspapers like the Post and the Times both worked overtime to reelect Obama, turning Hurricane Sandy into a case for Obama and completely ignoring the horrors of Benghazi. (But "what difference does it make," right? You'd think the media would report on that, but, nope.)

Newspapers might be "independent of the government" but that doesn't make them any less the mouthpieces of the political parties at best.

At worst, I'll just note you said they view themselves as "fiercely independent of the government", but NOT "fiercely independent of their advertisers". Because there's a whole other way that the media biases the information that they report, and it has nothing to do with getting Democrats elected.

Re:Attack details? (2)

PCM2 (4486) | about a year and a half ago | (#42772003)

This brand of cynicism is dull, and it creates its own form of self-fulfilling ignorance.

If nothing you see in the media is true and every journalist is a puppet of either advertisers or the government, then where do you get your news from, exactly?

There is only one possible answer, and that is: You make it up. You hear what people tell you, decide you're going to believe the opposite, and then you go around railing on the news for not saying what you believe.

In other words, you are a dolt.

Re:Attack details? (1)

Anonymous Coward | about a year and a half ago | (#42772367)

Two consulate attacks happened on the same day, one by a protesting mob and one by ex-rebel fighters with all qaeda ties. This is in addition to many other mobs that gathered to protest the anti-islam video produced in the US. The attack was quick and I don't believe any of them identified themselves to allow it to be radioed back. There was confusion I'm sure, and the special mission in Benghazi and elsewhere should have had more security. It's a story, but I'm not sure it's as big as you've made it out to be. It also doesn't necessarily paint Obama in a negative light, as the private sector security they had guarding the place sounds more like a republican answer than a democratic one. A bill had also failed in congress that would have appropriated more security to these places.

I think generally the people harping on the issue are delusional. US intelligence isn't omnipotent, and the only reason Benghazi was a hot topic is because of the election. The NYT is a distinguished publication even despite their problems, and I contest that they worked to get Obama elected. They didn't harp on there not being any WMD in Iraq, or that the Bush administration didn't heed a report warning of the 9/11 attacks.

In other news, ... (1)

Anonymous Coward | about a year and a half ago | (#42771137)

Let's just list the companies that have been verified not to have been attacked by the Chinese.

I figure... (3, Insightful)

Xenna (37238) | about a year and a half ago | (#42771161)

Symantec has probably been hacked by the Chinese too...

Conspiracy theory (0)

TheRealMindChild (743925) | about a year and a half ago | (#42771173)

Someone at Anonymous works for Symantec

Re:Conspiracy theory (0)

Anonymous Coward | about a year and a half ago | (#42771243)

Someone at Anonymous works for Symantec

Anonyous IS Symantec

(yet another) windows box is owned - is this news? (-1)

Anonymous Coward | about a year and a half ago | (#42771181)

Post relied on software from Symantec

So, they were running windows and now are surprised they were owned?

nobody cares (0)

Anonymous Coward | about a year and a half ago | (#42771197)

we have all been attacked by chinks; who cares

The Chinese, such ingenius hackers (0)

Anonymous Coward | about a year and a half ago | (#42771219)

And yet so dumb as to not obscure the origins of their attacks so that they could claim plausible deniability. Hmm... Coincidence that news of these hacks occurred shortly after the announcements of the US expanding its "cyber" warf.. er, defense programs?

Re:The Chinese, such ingenius hackers (0)

Anonymous Coward | about a year and a half ago | (#42771405)

After Stuxnet, first posts on /. jumped at the chance to blame the US.
After these intrusions, first posts on /. jump at the chance to exonerate China.

Re:The Chinese, such ingenius hackers (0)

Anonymous Coward | about a year and a half ago | (#42773101)

Can you answer the question? Why would the Chinese use sophisticated attacks to break into systems, yet not take steps to hide their tracks?

Re:The Chinese, such ingenius hackers (3, Insightful)

mbkennel (97636) | about a year and a half ago | (#42772957)

Why is obscuring the origin of their attacks their intent? Perhaps being tracked to China is one of the points of it.

It's like poisoning a dissident with polonium: the unmistakable message of "don't fuck with Putin".

IP blocks (0)

Anonymous Coward | about a year and a half ago | (#42771229)

I assume they can blame China because all the IPs of the hackers are in Chinese blocks.

So... why the fuck do these American news journals need China to have access in the first place? Why do these businesses need to route traffic to/from China? Are they using Huawei routers or something asstarded?

Did they also hack Slashdot? (5, Funny)

peterindistantland (1487953) | about a year and a half ago | (#42771245)

Is that why I was modded down last time?

Re:Did they also hack Slashdot? (0)

Anonymous Coward | about a year and a half ago | (#42771419)

Is that why I was modded down last time?

Nah, that's just because we don't like you. Next time, try NOT to run over CowboyNeal's dog.

How is this not an act of war? (3, Insightful)

OS24Ever (245667) | about a year and a half ago | (#42771249)

I'm curious why repeated attacks "by the Chinese" have invoked no response from the government? It seems odd that we have US Companies being attacked on US soil and there's not even a peep about it.

I'm not saying bomb people but tis seems.....weird...

Re:How is this not an act of war? (0)

Anonymous Coward | about a year and a half ago | (#42771347)

Because the US gov has been doing the same to companies in every other country for even longer?

Re:How is this not an act of war? (1)

Anonymous Coward | about a year and a half ago | (#42771447)

No citations but let's assume you're right.
When the US does that, Slashdotters never say "Well [somebody else] does it too. This is a non-story." Rather, most of us are righteously indignant and critical of such actions. Now, When [somebody else] indeed has done it, it seems the general consensus is "The US does it too. This is a non-story"

How about some consistency in standards?

Re:How is this not an act of war? (3, Interesting)

mitchaki (1797554) | about a year and a half ago | (#42771359)

Maybe it has something to do with the large amounts of money the US owes China. It could also have to do with the US government trying to hide the fact that the Dept. of Homeland Security is completely inept and a huge fail when it comes to cybersecurity.

Re:How is this not an act of war? (2)

oodaloop (1229816) | about a year and a half ago | (#42771513)

What do you want the DHS to do? Go into every company and tell them how to set up their networks?

Re:How is this not an act of war? (-1)

Anonymous Coward | about a year and a half ago | (#42771371)

No trouble telling you're a fucking american. "I'm not saying bomb people, but this is WARRRRR!" Are you as a race even capable of a solution to conflict other than killing the person you don't agree with?

Maybe instead of trying to come up with new and novel ways of defining the word "torture" to avoid international prosecution, you might want to sit down and think about why EVERYONE ON EARTH FUCKING HATES YOU. And no, it isn't your "freedom" by the way, because it's widely recognized by anyone who isn't a fat fucking yank that american's don't -have- freedom any more. Hell, they're about to take your assault rifles away, I thought guns were your last line of defense?

Re:How is this not an act of war? (3, Insightful)

pushing-robot (1037830) | about a year and a half ago | (#42771377)

Because...

(a) We can't be sure the attack originated in China, it could have simply been proxied through there (there are plenty of vulnerable Chinese systems).
(b) Even if it was, we can't prove it was organized by the Chinese government (there are plenty of non-state hackers in plenty of countries).
(c) Even if it was, lots of governments engage in low-level espionage (including your own) without significant diplomatic repercussions.

Gathering intelligence isn't typically considered an "act of war" unless it is seen as a prelude to invasion or otherwise causes physical harm.
If it was, intelligence agencies would have started World Wars 3 through 17 by now.

Re:How is this not an act of war? (1)

Anonymous Coward | about a year and a half ago | (#42771445)

You forgot about the part where the current administration tends to minimize most things that would be considered "egg on the face" of any other administration. Most people will never know about this, and they definitely should.

They've got the media in their pockets, and they know it.

They've got most of *you* in their pocket, and we know it.

Let the illogical defending begin. Always fun to watch on slashdot.

Re:How is this not an act of war? (3, Insightful)

oodaloop (1229816) | about a year and a half ago | (#42771547)

(a) We can't be sure the attack originated in China, it could have simply been proxied through there (there are plenty of vulnerable Chinese systems).

...which were associated with Chinese military? These weren't random machines. The proxies the Chinese used were random machines in the US, and the attacks were traced back to machines associated with the Chinese govt. This has happened many times in the past, and we know of large Chinese military units engaged in cyber warfare. How many attacks like this have to happen before people realize what kind of war we are in?

Re:How is this not an act of war? (5, Insightful)

Anonymous Coward | about a year and a half ago | (#42771667)

Those of us who have traced APT through a few proxies (typically only one) back to a large building owned by various Chinese government agencies can assure you that a very large scale industrial espionage program is underway, with occasional sidelines into attempting to trace methods and sources. There are mountains of evidence, most of it feed into shredders under the instruction of corporate lawyers. And most US corporations are so dependent on deeply flawed Microsoft technologies and caught so deep in political games that most of the time they'd rather bury their head in the sand and ask subordinates to delete all evidence than actually do anything proper about it. IT is a cost center, and you can't demonstrate security ROI in a way that passes modern MBA scrutiny. All corporate divisions exist only to bump the stock price this quarter, which means we have to keep cutting cost and overhead. With few exceptions, investment is basically dead in the US corporate world.

Re:How is this not an act of war? (1)

ahabswhale (1189519) | about a year and a half ago | (#42773827)

If "IT is a cost center" then you're not doing it right.

Re:How is this not an act of war? (2)

dkleinsc (563838) | about a year and a half ago | (#42772211)

How many attacks like this have to happen before people realize what kind of war we are in?

One in which nobody's died?

Re:How is this not an act of war? (1)

oodaloop (1229816) | about a year and a half ago | (#42772247)

Good idea. Let's do nothing and wait until it's too late to save lives. Skate to where the puck's gonna be. Our power grid is going smart, meaning more and more things are connected to the internet, including all of our critical infrastructure. The internet of things is growing, with things like stoves and coffee pots hooked up to home networks (highly secure, I'm sure). China, Russia, Iran, and even North Korea (believe it or not) all have robust cyber offensive capabilities. This is where the next war will be fought, and the nerds here seem to want to make every excuse to avoid believing it.

Re:How is this not an act of war? (0)

Anonymous Coward | about a year and a half ago | (#42771553)

(a) We can't be sure Stuxnet originated in the US. A government official claiming US responsibility could just as well be a cover to shield an allied nation who actually bears responsibility.

Yet /. is comfortable with accepting that Stuxnet was US made.

(b) Even if it was, we can't prove Stuxnet was organized by the US government (there are rogue actors within government and without)

Yet /. is comfortable with accepting that Stuxnet was US made.

(c) Even if it was, lots of governments engage in low-level espionage (including your own) without significant diplomatic repercussions.

Yet /. never dared to use the "well others do it too" excuse in any Stuxnet discussion.

Now, imagine another country reported on the Bush/Cheney family fortune and their petropolitical connections. Then, the US government hacks into that country's media establishments in order to identify the whistleblowers. How would Slashdot react? With waving of the hand as you have, or with indignation and condemnation?

Re:How is this not an act of war? (1)

Shavano (2541114) | about a year and a half ago | (#42771425)

What are you on about? The government talks about this all the time.

Re:How is this not an act of war? (1)

guttentag (313541) | about a year and a half ago | (#42771647)

I'm curious why repeated attacks "by the Chinese" have invoked no response from the government? It seems odd that we have US Companies being attacked on US soil and there's not even a peep about it.

I have three simple answers for you:

  • When the U.S. military conducts a "cyber" strike on another country, they're not going to tell you. Not even a peep. No one died, no maimed vets missing legs, so no one needs to know. The odds are they were already "at war" with China in "cyberspace" before this happened.
  • These intrusions are not worth risking a real war.
  • The U.S. government is just as interested in knowing who reporters are talking to as the Chinese are. Why would they want to stop this when China is pushing the newspapers into the arms of the FBI and NSA?

Re:How is this not an act of war? (2)

MikeMo (521697) | about a year and a half ago | (#42771923)

I'm curious why repeated attacks "by the Chinese" have invoked no response from the government? It seems odd that we have US Companies being attacked on US soil and there's not even a peep about it.

How do you know we're not doing anything about it?

Can someone remind me who wrote Stuxnet? (1)

jools33 (252092) | about a year and a half ago | (#42772403)

Can someone remind me who wrote Stuxnet? - and how is this any worse?

Re:Can someone remind me who wrote Stuxnet? (3, Insightful)

mbkennel (97636) | about a year and a half ago | (#42772989)

One is trying to stop a religious dicatorship from making nuclear weapons.

The other is trying to intimidate people (and imprison them) who look into and talk about the corrupt financial shenanigans of a secular dictatorship.

If Stuxnet were directed at a German newspaper which printed a story about Dick Cheney's purloined billions, then it would be pretty comparable, but the U.S. government isn't actually going to do something like that, because, believe or not, some of the people in charge of doing the operation might believe it to be immoral.

Re:How is this not an act of war? (1)

mjwalshe (1680392) | about a year and a half ago | (#42773159)

Do you think any response has to be overt - there is more than one way to apply pressure as FDR said sneaking softly sometimes means you don't have to use the big stick.

Probability (0)

SpaghettiPattern (609814) | about a year and a half ago | (#42771251)

I'm sure a myriad of complot theories are being concocted as we speak. Based on the world population, the probability of Chinese hacking anyone are roughly 1 in 6. Considering that, China scores much higher than almost any other country.

Re:Probability (2)

oodaloop (1229816) | about a year and a half ago | (#42771561)

I guess that might make even the slightest amount of sense if a Norwegian farmer and a Zimbabwean goat herder had the same likelihood of using a computer owned by the Chinese military.

Kinda strange... (1)

Anonymous Coward | about a year and a half ago | (#42771257)

So do those people really think that the Chinese are the first to hack into their servers?

Something tells me they don't actually reveal that Americans have been hacking into their servers for years aswell, because they want to hype up the entire cyber-terrorism and warfare thing. You know, makes it easier for politicians to push through even more bills that kill off the internet.

Re:Kinda strange... (0)

Anonymous Coward | about a year and a half ago | (#42771479)

US government hacking into Chinese journalists' servers to identify whistle-blowers who implicate family of Obama/Biden in potential nepotism.

proof?

Where is Symantec mentioned? (0)

Anonymous Coward | about a year and a half ago | (#42771259)

I see no mention that Symantec is mentioned.

Another third rate burglary attempt (0)

Anonymous Coward | about a year and a half ago | (#42771283)

This time against the paper that brought down the Nixon administration. The Watergate scandal began with the arrest of the E. Howard Hunt and other lowlife security types at the Democratic National Headquarters in Washington DC. "A third rate burglary attempt" commented Nixon's press secretary Ron Zieglar. But the Post kept following the money as the administration scrambled to cover up the White House's role in numerous illegal operations against political opponents. An anonymous administration official (since identified as the FBI's Mark Felt, who revealed himself just before he died) began tipping the Post's Bob Woodward. At the height of the scandal, Woodward and Carl Bernstein prepared a bombshell story about US Attorney General John Mitchell's role in the Watergate coverup. Mitchell was reached by phone late in the evening for his reaction, and he reportedly screamed "JEEEEEEEEE-SUSS! (Washington Post publisher) Katie Graham is going to get her tit caught in a big fat wringer [latimes.com] if you print that."

They edited "her tit" out Mitchell's quote from the story that came out the next morning.

Re:Another third rate burglary attempt (0)

Anonymous Coward | about a year and a half ago | (#42771429)

What do you mean low lifes?
Liddy is pretty damn cool.
Hunt is a sissy little squealer.
Democrats are nothing of value.
Wow! So maybe it's Liddy hacking the papers. They've brought Frankenixon back to life and even now he stalks Obama.
Stop the Press! We got a new headline. Beijing Ding-a-ling Has Fruity Fling, Democrats Named and Blamed, Obama claims "I am not a crook"

Chinese Hackers (0)

Anonymous Coward | about a year and a half ago | (#42771313)

I now remember, I was also hacked by the Chinese.

Attack Vector(s)? (1)

SirBitBucket (1292924) | about a year and a half ago | (#42771325)

Has this info been made public?

expected (1)

noshellswill (598066) | about a year and a half ago | (#42771341)

You globalist fools let the slants in .. what behaviour did you expect from a culture corrupt, effete, plotting and tyrannous since whiteboyz ran around caves in bearskins? American exceptionalism was no joke -- a unique mix of Redskin "gifting" and Greek rationalist memes. You sold it for a Semite nominalist nickel. Now the piper calls, so pay what thou owest!

I would love to see (0)

Anonymous Coward | about a year and a half ago | (#42771351)

I'd love to see a full study on how much Microsofts lack of security for the last 15 years has cost the American people in lost secrets to foreign agencies. I'm sure its significant, problem is the person doing the study will probably die in a car crash or get cancer before its finished.

What, Security? (1)

10101001 10101001 (732688) | about a year and a half ago | (#42771353)

"The story also notes that the Post relied on software from Symantec, the same security software that failed to detect intrusions at The New York Times for many months."

Golly, it's almost as if relying upon detection after the fact or at entry point is no real protection. Oh, but you say, defense in depth! Well, defense in depth is great. But, intrusion detection of the sort is like tissue paper when you might get thousands of attacks daily. The only real defense is actually having software that isn't exploitable. And that means having (a) open software you can analyze, (b) developers/vendors of that software who will quickly address problems, (c) open disclosure so you don't have to wait months to find out you might already be being hacked--giving you the option to simply stop using software if it's hackable--, (d) multiple servers running multiple software stacks so you have something to switch to for (c), and (e) having a strong push for possible problems so you don't have to rely upon (b) because (b) is just a bad hack to the truth that no software is perfect--as that's a broken record if it's said all the time, as it's meant to explain the *occasional* security bug.

Oh, and I think this also highlights the whole point that treating security as a joke shows the joke's on you. The real thing to worry about is just how bad the US Government's security score is. If you at all believe that government is generally worse than private industry--not something I particularly believe given just how bad private industry is--, then the US as a whole is fucked at least as far as any concerns for keeping US Government held data private from the Chinese or other hackers. All things considered, it makes one wonder if the data China has--not necessarily even their government--would put Wikileaks to shame.

Re:What, Security? (1)

colfer (619105) | about a year and a half ago | (#42772579)

Symantec, I wonder what goes on there. Hope the engineering is better than the fairly ridiculous adventure I had with customer service. I was reporting a bug in the "Verified" seals for my paying client: the web wizard generates the wrong seals because the product matrix has not kept up with the threeway conversion of Verisign, Symantec and Norton. On the fourth customer service rep I finally had someone who knew what he was talking about. Refreshingly, he was blunt and did not end by asking me if I had any other issues, but just signed off! He sent me the code I needed, but I'm not sure he reported the bug.

Let's hope that means the server security and SSL cert teams are no-nonsense engineers, not bereft souls in a chaotic marketing enterprise.

Blame the software? (1)

Murdoch5 (1563847) | about a year and a half ago | (#42771427)

What is the point on the IT department if your going to blame off the shelf software. The software is a rough first stop but in no way a completely solution for prevention. Before you blame the software also blame the IT department.

Lie factory (0, Troll)

tendentious (2831395) | about a year and a half ago | (#42771435)

The Washington Post is a company that sells propaganda to suckers. They lie for a living. Why should anyone believe them now?

Re:Lie factory (1)

guttentag (313541) | about a year and a half ago | (#42771717)

The Washington Post is a company that sells propaganda to suckers. They lie for a living. Why should anyone believe them now?

Citation please.

Re:Lie factory (1)

93 Escort Wagon (326346) | about a year and a half ago | (#42771799)

Thank you for sharing your opinion, Mr. Liddy.

THE CHINESE (1)

Anonymous Coward | about a year and a half ago | (#42771567)

That monolithic entity known only as THE CHINESE.

Odd that when Anonymous deface a bank's website we don't say THE AMERICANS hacked it.

Re:THE CHINESE (1)

edibobb (113989) | about a year and a half ago | (#42771637)

I suspect the Mongoliad.

Sophisticated? (2)

edibobb (113989) | about a year and a half ago | (#42771629)

Of course it's a sophisticated attack. It happened to a big company, and they cannot be held responsible. If it happened to me on my home PC or at a small business, it would be my own fault for having inadequate security.

Re:Sophisticated? (0)

Anonymous Coward | about a year and a half ago | (#42771725)

The NYT and WSJ were also hacked, apparently in the same way. Apply Occam's Razor - three of top five newspapers all were negligent security at the same time, and were irresponsibly vulnerable to ordinary hacks. Or the attackers were considerably more sophisticated than average.

This could cause some confusing headlines (1)

istartedi (132515) | about a year and a half ago | (#42771767)

If the main story on the front pages is "Hacked by Chinese", was that supposed to be the main story or is it just script kiddies bragging?

Looks like Bad Things DO Happen in Fours (1)

ohnocitizen (1951674) | about a year and a half ago | (#42772023)

http://it.slashdot.org/story/13/02/02/0340220/twitter-hacked [slashdot.org]

Looks like bad things do happen in threes — Twitter's report comes on the heels of disclosures of hacking attacks on the WSJ and NY Times.

Can we please get rid of that ridiculous expression?

Re:Looks like Bad Things DO Happen in Fives (1)

dkleinsc (563838) | about a year and a half ago | (#42772221)

Not only have 4 other bad things happened, we've also failed to get rid of that ridiculous expression!

quit running windows, if you care. (0)

Anonymous Coward | about a year and a half ago | (#42772093)

These companies deserve to be hacked. They obviously have no concern about security, or they would run a decent OS, not a POS.

Let's get this over with quickly (0)

Anonymous Coward | about a year and a half ago | (#42772163)

Who has not been hacked (successfully or not) by Chinese over the years, newspaper, TV, not just the media and government, any body with a server connected to the internet ? And who has not been hacked by the Russians ? I suspect there will be few answers.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>