Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Lesson learned in cyberattack on The New York Times

Antone Gonsalves | Feb. 4, 2013
There is no one technology to combat a sophisticated attack like the one against the media company -- so think layers, say security experts

Once The Times' computers were compromised, the hackers installed remote access tools, known as RATs, in order to steal data. Once malware gets in computer systems, one of the better ways of catching it is through appliances that monitor application behavior and network traffic.

Another technology is a security information and event management (SIEM) system, which can capture and analyze logs from network hardware and software to flag abnormalities. Leading SIEM vendors include Hewlett-Packard, EMC-owned RSA, McAfee, Symantec, LogLogic and Q1 Labs, says Gartner.

In general, there is no one technology to combat a sophisticated attack like the one against The Times. Organizations that could become targets have to build layers of security that starts with the employee laptop and builds inward into the network behind the firewall.

"All of these strategies need to be used together," Pingree said. "There's no silver bullet for security solutions."

For companies that have the resources, The Times' strategy of monitoring the hackers' movements can reveal important intelligence, said Wolfgang Kandek, chief technology officer for Qualys.

For example, hackers may build several openings into a network, so shutting them out too quickly could lead to missing one of those backdoors, Kandek said. "It makes sense to watch for awhile."

The Times said it was able to close every backdoor in its network and to use the intelligence it gathered to determine the additional security technology needed to fend off future attacks.

The company also determined that the hackers seemed primarily interested in finding the names of people who might have provided information to the reporter of the Wen family story, Shanghai bureau chief David Barboza. No customer data was stolen.

The hackers infiltrated the computers of 53 employees, most of them outside the newsroom. The attackers tried to cover their tracks by first breaching computers at U.S. universities and then routing the attacks through them, Mandiant said.

Mandiant believes the hackers are members of a group the company calls "A.P.T. Number 12," for Advanced Persistent Threat. The group is one of 20 tracked by Mandiant that are spying on organizations in the U.S. and around the globe.

China's Ministry of National Defense denied it had anything to do with the cyberattacks.

The Times is not the first U.S. news media company to be targeted after reporting on Chinese leaders and corporations. Last year, Chinese hackers tried to penetrate the computers of Bloomberg News after it published a June 29 article on the wealth accumulated by relatives of then Vice President Xi Jinping, who became general secretary of the Communist Party in November and is expected to become president in March.

Also, The Wall Street Journal reported Thursday that its computer systems had been infiltrated by Chinese hackers bent on monitoring the newspaper's China coverage. The break-ins at the three companies along with reports of breaches at other news outlets indicate a widespread campaign to spy on U.S. media, the Journal said.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.