Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

State-Sponsored Hacking Attacks Targeting Top News Organizations

Soulskill posted about 5 months ago | from the tip-of-the-iceberg dept.

Security 19

An anonymous reader writes "Security engineers from Google have found that 21 out of the top 25 news organizations have been targeted by cyberattacks that are likely state-sponsored. We've heard about some high profile attacks on news sites, but Google actively tracks the countries that are launching these attacks, and even hosts email services for many of the news organizations. 'Huntley said Chinese hackers recently gained access to a major Western news organization, which he declined to identify, via a fake questionnaire emailed to staff. Most such attacks involve carefully crafted emails carrying malware or directing users to a website crafted to trick them into giving up credentials. Marquis-Boire said that while such attacks were nothing new, their research showed that the number of attacks on media organizations and journalists that went unreported was significantly higher than those made public.'"

cancel ×

19 comments

Sorry! There are no comments related to the filter you selected.

"Chinese hackers" (4, Insightful)

Anonymous Coward | about 5 months ago | (#46605021)

How hard is it for an intel agency or a security contractor to launch an attack in such a way as to falsely implicate a boogey-man such as "Chinese hackers"?

Re:"Chinese hackers" (1)

Anonymous Coward | about 5 months ago | (#46605251)

Not very hard at all.

Re:"Chinese hackers" (3, Insightful)

hey! (33014) | about 5 months ago | (#46605427)

Depends on your standard of proof.

I suppose the best possible way is to hack the patsy's computer and use it to launch an attack. That could, in principle, be nearly impossible to distinguish from an attack initiated by the patsy; not without the investigators hacking into the patsy's computer themselves. I suppose if I were going to implicate some patsy in cybershenanigans I'd start by securing his system from everybody but me.

Once you've considered the possibility that an attack is frameup, you'd find yourself asking questions like, "Who would want to embarrass the New York Times AND get a Chinese engineering student into trouble? Well, another Chinese engineering student, I guess, but I wouldn't bet on it. The problem is that this kind of reasoning is extremely unreliable. One of the toughest lessons I've had to teach clients is that the motivations of attackers may not make any sense to you. In fact they probably won't.

Take the attack itself. What does it accomplish to deface an American's newspaper's website? It doesn't stop people from getting the news. It doesn't stop people from getting the paper's website for very long. It certainly doesn't do anything to change US Government policies or actions. All it does, in the end, is get some site admins into trouble with their bosses. Essentially, it accomplishes nothing.

But then, a lot of political stuff people do doesn't accomplish anything but make them feel like their doing something. So if we're going to criminally profile the hacker, what we've got is a technically clever stupid person. That is to say somebody who is good at figuring things out and persistent at problem solving, but not very good at choosing useful ways to apply that talent.

But there's a hell of a lot of people like that.

Re:"Chinese hackers" (2)

poity (465672) | about 5 months ago | (#46605645)

Take the attack itself. What does it accomplish to deface an American's newspaper's website?

The article doesn't say anything about defacement, it actually says that journalists themselves were the targets. I assume being able to penetrate a journalist's work account is one of the first steps to either subsequently penetrating that journalist's personal accounts elsewhere, or to build a profile in order to create false identity elsewhere. The first could be used to reveal current sources, and the latter could be used to ensnare future sources.

Everyone is on high alert to stopping their own Snowden event, and I think that's a far simpler and more relevant explanation than "USA is trying to frame other countries by defacing its own news site"

Re:"Chinese hackers" (2)

hey! (33014) | about 5 months ago | (#46606681)

Good catch. We have to distinguish between vulnerabilities and threats. The exploitation of a vulnerability tells us next to nothing. Some people will twist a doorknob without thinking. But if someone particularly targets certain assets, like reporter email and phone logs, you can use that along with who the attacker targets to infer some pretty solid things about him.

Journalists *should* have been on high alert years before Snowden, because their number one most dangerous threat a court order demanding they reveal their sources. The courts could physically seize the equipment of the reporter and his employer and search them well before the NSA started recording everything everywhere.

Re:"Chinese hackers" (3, Interesting)

lgw (121541) | about 5 months ago | (#46605677)

One of the toughest lessons I've had to teach clients is that the motivations of attackers may not make any sense to you. In fact they probably won't.

Indeed: "all politics is local". People have a hard time understanding this. Why does someone launch a terrorist attack against the US? It will be something involving the people that they socialize with, and the usual motivations of status, respect, dignity and so on. It may in some very distant way be a response to US actions, but don't look for direct "they killed my parents, and I've spent my life seeking the six-fingered man" motivations.

When attacks (cyber or otherwise) are local, motivations are usually straightforward and understandable, but when the target is very distant, it will be something that makes a lot of sense in the attackers' community, but with the distance in geography and culture, it can be totally opaque to you. There may be nothing you can do to not be the target of choice, if you're successful and well known like a media property. No, they don't hate you because you're successful, but their distant community knows you exist and you thus give them bragging rights because you're successful.

Re:"Chinese hackers" (0)

Anonymous Coward | about 5 months ago | (#46606289)

Analysis of Competing Hypotheses is often used to detect deception by law enforcement and intelligence agencies. It might be reasonable to load what you know about the attack into an ACH matrix to see whether there is a means, motive, and opportunity or whether there is some undiscovered evidence yet to be found which would support a deception hypothesis.

Re:"Chinese hackers" (0)

Anonymous Coward | about 5 months ago | (#46605827)

Here's a typical scenario:

[13:04] * OwnedChinabotLOL (~sneaky@2b6f2293.211e61ee.163data.com.cn) has joined #CIASBOTNET
[13:04] <CIaDumbassNoobScriptkid> !packet 198.81.129.107
[13:05] <OwnedChinabotLOL> Now Packeting Amerrrrrcuaaa at 198.81.129.107 !
[13:06] <CIaDumbassNoobScriptkid> Lol now those dumb ass Americans who pay my salary will now think China is attacking the USA
[13:06] <CIaDumbassNoobScriptkid2> This is wayyyy easier than a 9/11 false flag.

It's that easy.

Re:"Chinese hackers" (0)

Anonymous Coward | about 5 months ago | (#46607399)

Google actively tracks the countries that are launching these attacks...Huntley said Chinese hackers recently gained access to a major Western news organization..

I'm frankly sick and tire of these dickless smarmy sychophant journalists kissing up to the Chicoms.
How about some recognitions for the hard working state sponsored hackers in America, UK, Canada, ...instead of being fixated at sucking the dicks of the nouveau chic Chicoms.

Re:"Chinese hackers" (1)

flyneye (84093) | about 5 months ago | (#46609551)

Isnt the whole concept sort of akin to breaking into someones house to steal the contents of their toilet?

Of course (0)

Anonymous Coward | about 5 months ago | (#46605047)

Politics and the control of information, hence the population is obvious!

From the attacker's view... (5, Insightful)

BobMcD (601576) | about 5 months ago | (#46605169)

From the attacker's view, this largely makes sense. The 'top 25 news organizations' are all deeply biased towards keeping the government happy, and even we Kool Aid drinking Americans are aware of it.

To an outsider, they're probably pretty hard to distinguish from state-run news.

Re:From the attacker's view... (3, Funny)

ArcadeMan (2766669) | about 5 months ago | (#46605237)

In France, do they call Fox News "Faux News"?

... And? (1)

CanHasDIY (1672858) | about 5 months ago | (#46605231)

So what? Are they going to start replacing the sensationalized drivel, designed to keep us divided against each other, with factual stories or something?

As a person who typically avoids the "Top news organizations," I have a really, really hard time A) understanding what the problem is, and B) caring.

Re:... And? (1)

click2005 (921437) | about 5 months ago | (#46605271)

The problem is that Google seems to be routinely reading the email accounts of people working at 'Top News Organizations'. This isn't just random automated scanning but a deliberate invasion of privacy.

E-Mail Communications (1)

Anonymous Coward | about 5 months ago | (#46605467)

The "problem" here is that e-mail is such a mind-boggling useful way to communicate that its benefits outweigh its security risks. Yes there are lots of solutions (if only everyone would implementing them), but what is really needed is a new mind-boggling useful communication tool that is secure by design.

And it ain't some closed proprietary system like Facebook or Twitter.

captcha: distort

1000+ years of dark matters to keep hidden (0)

Anonymous Coward | about 5 months ago | (#46605663)

aka the teepeeleaks etchings http://www.youtube.com/results?search_query=unrepentant&sm=3 our legacy & leavings for our kids etc... never a better time to consider ourselves in relation to each other, our surroundings, creation & it's earth based rep. momkind featuring new clear options for us billions of uchosens,, like no bomb us more mom us,, free the innocent stem cells,, rescue the world's millions of starving diaper addicts,,, & other non-lethal stuff. little miss dna cannot be wrong.. see you there?

Makes Sense (0)

Anonymous Coward | about 5 months ago | (#46606241)

There are probably a lot of NOCs working in news organizations throughout the world. It's perfect cover for gathering information. News organizations also don't publish everything they know so that is another source of information for the attacker. The attacker could also find out if they have leaks coming from their own organization. Propaganda is another piece of the puzzle.

Most attacks involve Windows users .. (2)

DTentilhao (3484023) | about 5 months ago | (#46606885)

"Most such attacks involve carefully crafted emails carrying malware or directing users to a website crafted to trick them into giving up credentials"
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>