Click on either of the two links above to read up on the topic of targeted hack attacks on media outlets. In all candor, I find this, to a certain degree, rather amusing.
One of the articles says, "[It] all pointed to being hacked by the Chinese. They had the ability to get around to different servers and hide their tracks." Thing is, if they had the ability to hide their attack, how does the writer know it came from Chinese hackers?
One of the principal skills of hackers is that of hiding their tracks. You never really know where they’re coming from and it’s incredibly rare for them to make a mistake, and be caught. It’s common knowledge that the apparent originating IP of the attack is almost never the real one, it acts as a decoy, leaving a false trail. Instead, both these articles talk about Chinese hackers, most likely tied to the government, most likely tied to the military. How do they know all this? THIS is what we would like to know.
And yet, in all fairness, I won’t be at all surprised if they were right. We all know the Chinese government has a total disregard for human rights and civil liberties, and that media in that country serves no other purpose save as the megaphone of the power; and, therefore, freedom of news is a concept completely foreign to them, that the right to freedom of news we enjoy must surely bother them, particularly when we publicize things about them that they’d rather keep quiet.
Nonetheless, to go from this (in)famous known fact to claiming with utter apparent certainty that it was indeed the Chinese military which hacked into the NYT and TWP, to spy on their news, is a completely different story. Again, I want to know how we knew it was them? Did they leave a taunting message? Something like "gotcha!"? Was some form of threat issued?
If all they did was ‘get in, spy and leave’, this is pure speculation, and could very well have been the actions of anyone. Heck, it could very well have been that the 2 papers spied on each other, and made it look as though it was the work of hacker attacks from China. Who’s to know the truth??
I know this sounds ridiculous, and I am intentionally exaggerating.
On that same note of flippancy, the article claims the NYT blamed Symantec for not catching the Trojan. Then, on the flip side, they’re also claiming this as a targeted attack. Seriously? Anyone can instantly deduce that the two things are in complete contradiction.
If it is a targeted attack, it means the hacker wrote the Trojan for the sole purpose of infiltrating the NYT network; therefore, it couldn’t have been a "common" virus available in the wild ~ Symantec couldn’t possibly have performed a miracle in surmising this was coming and dreaming up a signature.
If we were truly expecting a signature to stop the original Trojan, then, clearly, we’re admitting that this was a Trojan available on the internet, for which AV companies could have had a signature, and hence, it wasn’t targeted. The hacker just got lucky that in this particular instance, his virus hit the NYT and once he gained access, he curiously started snooping around. Thus is human nature.
So - which is it? Targeted? Not Symantec's fault? Symantec's fault? Not targeted? I think someone really needs to make up their mind here.
Therefore, to be able to say that this was done by the Chinese with such preposterous certainty, requires hard, legitimate proof. Proof that I would like to see. If this exists, this is an act of war and we should take counter actions. If it does not, just please stop speculating already, keep quiet, fix the security of our networks, teach our users to not click on stupid links in unknown emails, adopt a safer behavior on their computers, and STOP_CRYING_FOUL.The point of the matter is hackers don't leave tracks behind; much less skilled hackers (unless, of course, they start getting cocky and make mistakes).
Several days ago, a Network Box USA customer received an email from a Yahoo account belonging to one of his colleagues. As the email was obviously spam, the customer was (understandably) concerned and quickly got in touch with me, asking me to find out what was going on.
An analysis of the email headers revealed that it had originated from Vietnam. Hence, my initial comment to him was, “unless your colleague is, right this very moment, in Vietnam, someone stole his account and is using it to send out spam”.
I know now that I was on the right track - that email address must have been one of those stolen in this latest attack against online email services. And, in fact, we’d just witnessed another one, barely a month ago, unleashed upon Hotmail accounts.
The appeal of such accounts is twofold – firstly, many people maintain their contacts online, so once a hacker gets a hold of their password, he can harvest new email addresses to which to send spam and viruses, smug in the knowledge that these are actual email addresses, so the emails _will_ reach their targets.
Secondly, the account itself can be set up to send out a bit of spam before Yahoo, or whichever other service was compromised, finds out and blocks it. It’s a free ride requiring minimal effort and barely any resources to speak of, and it is (almost) impossible to trace – I mean, seriously, unless the customer is prepared to board a plane to South East Asia, who will ever trace and determine the real sender, from Vietnam, who distributed the spam to which I referred earlier?