The Macrosite for News, Analysis and Opinion about the Future of the Internet
Maria Korolov

NY Times Hack Is Tip of a Cyber Iceberg

Written by Maria Korolov
2/4/2013 34 comments
no ratings
DISCUSS     Email This
Last week's reports that the Chinese government hacked into The New York Times were just the tip of the iceberg.

I don't just mean the reports that came out soon afterwards about successful hacks against The Wall Street Journal and Bloomberg.

Over the past couple of years, there have been analyst reports about a number of other companies and organizations infiltrated by Chinese hackers, including a number of oil companies, US government satellites, the US Chamber of Commerce, and a wide variety of technology companies including Google and Nortel.

I'm willing to bet, though, that we don't hear about the vast majority of attacks.

The New York Times is a media company. Media companies love big, juicy stories, and Chinese hackers infiltrating the world's premiere newspaper is the definition of big and juicy.

Sure, there were probably some people at the newspaper who saw the hacking as an embarrassment, and would have preferred to see it kept quiet. But it's hard to fight against the news instincts of your entire organization.

That's not the case in most companies. And, unless sensitive data is stolen, like credit card or Social Security numbers, companies have no obligation to tell anyone that they were hacked.

In fact, going public would only hurt a company's brand image and stock price. Plus, other hackers might read about the infiltration and get the idea that the company has weak security and is a prime target for their own efforts.

So what happens is that companies make a huge effort to protect personally identifiable information. After all, if it is hacked, the consequences are immediate, severe -- and very expensive. According to the latest report from Symantec and the Ponemon Institute, the average cost of an enterprise data breach is $5.5 million, or about $194 per stolen record.

Losses due to Chinese hacking and similar attacks are less visible but more insidious in the long term.

Unfortunately, when you're looking for additional money in your security budget, it's easy to make a case for beefing up security around, say, customer credit card numbers. You can point to all the companies that have been in the news because of data breaches, and how much it cost them to deal with the breach.

When hackers are going after strategic information instead, the costs are less visible, and it's easy to postpone security upgrades until the next budget cycle.

Plus, you could argue that The New York Times and The Wall Street Journal were special cases, high-profile political targets. The Chinese government might have an interest in going after politically embarrassing news coverage. Or military secrets. But why would the government go after regular run-of-the mill companies?

One possible reason was pointed out to me today by Patrick Taylor, CEO of Oversight Systems, a company that provides risk management data analytics software.

“The majority of Chinese companies in the Fortune 500 are state-owned enterprises,” Taylor said.

There were 73 Chinese companies on the Fortune Global 500 list in 2012, second only to the US -- and 65 of them were state-owned.

I can't think of another country on the planet right now where the interests of business and government are that closely intertwined.

And yes, I do understand the irony of writing that after an election where corporate donations and government bailouts were a big political issue.

But when the US government winds up owning part of a company, there's a big outcry. When the Chinese government runs entire industries, sets business agendas, names political appointees as senior executives, and passes legislation to favor those companies -- that's just the way things are.

So if you're a company that is currently competing against Chinese firms, or might do so in the future, consider beefing up your security around your email systems and document storage.

For example, one attack vector used at the NYT was to trick employees into giving up their passwords and then logging into their accounts. One security technique that could work here is to ask for a second method of authentication when an employee logs in from a new device.

Many banks already do this, and most of the time you don't notice this security layer at all. When I do log in from a new device -- say, because I got a new computer or am logging in from a friend's house -- my bank sends me a one-time password via text message.

It's a very minor inconvenience for employees, but a significant security improvement for the enterprise.

— Maria Korolov is president of Trombly International, an editorial services company that provides coverage of emerging technologies and markets. She has been a journalist for more than 20 years.

Related posts:
DISCUSS     Email This
Current display:       newest comments first       display in chronological order
Page 1 of 4   Next >
Anand Y
IQ Crew
Sunday March 10, 2013 3:38:02 PM
no ratings

Chinese infiltration has permeated in a much greater proporation then imagined.

@Shehzadi, I totally agree with your opinion. I think Chinese are moving forward at an accelerated pace partly aided by American technology gained through hacking. I think international community should come together to fight against this countries induldged in such practices.

shehzadi
IQ Crew
Thursday March 7, 2013 12:46:23 PM
no ratings

I personally believe that wikileaks should have been eye opener for everyone. The enormous number of cable leaks are enough for cyber security experts to give them sleepless nights . Maria has raised a very pertinent point that its just tip of the iceberg. Chinese infiltration has permeated in a much greater proporation then imagined. I think its a more worrisome factor for those companies which are entrusted with sensistive data...where secrecy and finances are involved. Hacking of media newspaper would not do much harm as compared to the organziations whose data if stolen could inflict a telling blow on national and international front. 

Kim Davis
Thinkernetter
Monday February 11, 2013 5:45:00 PM
no ratings

I am shocked that the Times would have any secrets.  Publish 'em!

kq4ym
IQ Crew
Sunday February 10, 2013 3:56:27 PM
no ratings

If the Times was hacked, just how many other news firms would be of interest to China, or for that matter any government.  I'm not so sure we can lay blame entirely on Chinese hacking of large outfits either.

There could be wholesale attacks going on that don't make the news, or maybe haven't yet been discovered by the affected sites.

And then what if it's not the Chinese government but an exercise by our very own spy agencies? The plot could be much thinker than we might imagine.

swijeyakumar
IQ Crew
Friday February 8, 2013 1:31:14 AM
no ratings

I pray we never see the day this happens, that said i see a lot of local government agencies running freeware or other low cost systems with very limited security and very little expertise in the IT department in security. I was recently speaking to the state government of a state that shall remain nameless who said they usually hire inexperienced folks in IT and train them on the job. when asked the credentials of the most senior security person they responded with he used to be a hacker but has no formal education. Now I am all for on the job training and the hiring of trainees but I confess this scared me a bit

Alison Diana
Thinkernetter
Thursday February 7, 2013 12:06:18 AM
no ratings

Oops... well, I wasn't going to see it either way, but thanks for the correction, Mitch! How about a movie that tells the tale of zombie hackers?

Mitch Wagner
Thinkernetter
Wednesday February 6, 2013 8:27:09 PM
no ratings

Alison, I think World War Z is about zombies. I know that PCs that have been infected by worms are sometimes referred to as "zombies," but I think this movie is about the OTHER kind of zombie. 

Braaaaaaains.

Kim Davis
Thinkernetter
Wednesday February 6, 2013 8:07:21 PM
no ratings

I hate to say it, but I wonder if China is overestimating the strategic significance of the New York Times?

Mitch Wagner
Thinkernetter
Wednesday February 6, 2013 3:41:50 PM
no ratings

Yes, if the attackers are the same as were used by the Chinese military in the past, and they used the same resources and servers, that would be strong circumstantial evidence. 

OTOH, the hackers could be operating on their own this time, and of course the same people would use the same tools. 

Maria Korolov
Thinkernetter
Wednesday February 6, 2013 12:25:14 AM
no ratings

Mitch --

The evidence seems to be circumstantial, the investigators said.

From the NY Times article:

...

The pattern that Mandiant's experts detected closely matched the pattern of earlier attacks traced to China. After Google was attacked in 2010 and the Gmail accounts of Chinese human rights activists were opened, for example...

Security experts say that by routing attacks through servers in other countries and outsourcing attacks to skilled hackers, the Chinese military maintains plausible deniability.

"If you look at each attack in isolation, you can't say, 'This is the Chinese military,' " said Richard Bejtlich, Mandiant's chief security officer.

But when the techniques and patterns of the hackers are similar, it is a sign that the hackers are the same or affiliated.

 

Link: http://www.nytimes.com/2013/01/31/technology/chinese-hackers-infiltrate-new-york-times-computers.html?pagewanted=all

Page 1 of 4   Next >
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
previous posts from Maria Korolov
Maria Korolov
Maria Korolov   4/26/2013   70 comments
The first age of computer interfaces involved paper tape, punch cards, and other cumbersome methods that required specialized operators.
Maria Korolov
Maria Korolov   4/23/2013   85 comments
I don't wear a watch. I haven't worn one years. If I'm carrying a phone -- any phone -- I always know what time it is and don't have to worry about time zones or daylight savings time. And I don't want to have an iPod or an iPhone that I can wear on my wrist. Again: Why? If I want to sport one while jogging, there are plenty of bands you can already buy that do that.
Maria Korolov
Maria Korolov   3/7/2013   29 comments
Organizations are expending enormous resources to improve their internal productivity by implementing cloud, adding collaborative applications, and investing in analytics solutions. Individually, we can improve our own productivity, even during sometimes lengthy meetings, by using free note-taking apps like Evernote or Microsoft OneNote.
Maria Korolov
Maria Korolov   1/2/2013   14 comments
When Kentucky Fried Chicken first came to China in the late 1980s, its "Finger lickin' good!" slogan was mistranslated as "Eat your fingers off."
5
of
Beau Brendler
Terrorism Expert Says US Gave Away Stuxnet Tech
4|4|12   |   3:29   |   9 comments

US counterterrorism expert Richard Clarke, who came to prominence with his prescient warnings before the 9/11 attacks, tells Smithsonian Magazine the US was responsible for the Stuxnet supersmart worm that attacked parts of nuclear reactors in Iran – and in the process, has given away one of the world's most sophisticated cyberweapons.
Mary Maida
How Medtronic Overcomes Social Business Resistance
1|31|13   |   1:23   |   No comments

Showing results is the best way to win over social business doubters, according to Mary Maida, Medtronic lead information solutions manager. Internet Evolution's Mitch Wagner interviewed Maida at the E2 Innovate conference.
Mary E. Shacklett
Watch Your Business Secrets on Multi-Tenant Clouds
11|26|12   |   1:56   |   1 comment

Multi-tenant clouds assure security for clients, but not necessarily for their ideas. Here's one thing you should discuss with your cloud provider before you sign on.
Mitch Wagner
TweetDeck Gets a Second Life
11|5|12   |   9:54   |   13 comments

A recent release of the popular TweetDeck app for Twitter power-users gives new life to software that had previously taken a wrong turn. Here's a quick walk-through of the new TweetDeck, to show you why it should be at the top of your Twitter toolkit.
Tony Kontzer
Salesforce.com Trumpets the 'Social Enterprise'
9|25|12   |   1:45   |   2 comments

"Social Enterprise" is an increasingly trendy term, and Salesforce.com has been leading the way. At its Dreamforce conference last week, the theme was clear: From here on, enterprise applications must have social capabilities built in.
Robert D. Atkinson
Why Doesn't the US Have Any Mobile Wallets?
11|28|09   |   2:09   |   1 comment

Imagine being able to use your mobile phone to pay taxi and mass transit fare; use vending machines; make retail purchases; and check in at hotels. Every day, millions of citizens in Japan, S. Korea, and soon Singapore do so simply by waving their mobile phones in front of point-of-sale terminals using near-field communication or related technology. But, while the technology is readily available in the US, it will be some time before Americans can use their cellphones as mobile wallets.
Mitch Wagner
'Digital Nomads' Work From Anywhere & Everywhere
2|14|13   |   2:35   |   20 comments

New tools like laptops, tablets, smartphone, and wireless connectivity let us work from San Diego to Katmandu, and anywhere in between. But time management remains a problem.
Second Shooter
It's Not Tablets That Threaten the PC
2|13|13   |   2:21   |   8 comments

Blaming the PC's gloomy future on tablets is an oversimplification.
Kelli Carlson-Jagersma
Wells Fargo Sales Get Social Business Boost
1|16|13   |   2:30   |   2 comments

Wells Fargo uses social software to replace email chains and help its sales team collaborate more effectively to land deals, according to Kelli Carlson-Jagersma, VP Collaboration Strategy for Wells Fargo. Mitch Wagner spoke with Carlson-Jagersma at the E2Innovate conference
Second Shooter
Cisco & Linksys: A Problem at the Edge
1|4|13   |   2:15   |   No comments

Cisco's rumored sale of Linksys suggests we may have problem with innovation and profit at the edge of our Internet, and that could be critical to the evolution of many Internet-delivered services.
IETV: the thinkerNet on film
5
of
Paul J. Fleuranges
Digital Signage Keeps NYC Subway Straphangers on Track
5|6|13   |   3:51   |   No comments

New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
Kim Davis
Fast Forward to the Future
4|23|13   |   2:29   |   20 comments

A look back at tech writing in the 90s makes us wonder where enterprise IT will be 20 years from now.
Mitch Wagner
Google Launches Its Most Depressing Service Yet
4|15|13   |   2:59   |   10 comments

Google's new Inactive Account Manager lets you control how Google disposes of your accounts when you die.
Second Shooter
Argument Over Top-Level Domains Is 'Stupid'
4|11|13   |   2:07   |   3 comments

The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
Kim Davis
Ladies, Your Tablet Awaits
3|21|13   |   2:22   |   37 comments

ePad Femme is the world’s first tablet “made exclusively for women.”
Wisdom of the Big Chair
NFC Moves Into the Mainstream
3|20|13   |   2:16   |   No comments

While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Wisdom of the Big Chair
Integrating Security Into Your Cloud Contract
3|19|13   |   3:35   |   No comments

Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Brian Baron
How Edmunds.com Collects Customer Information
3|18|13   |   1:15   |   No comments

Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Brian Baron
How Edmunds.com Uses Analytics to Customize Site
3|14|13   |   0:47   |   No comments

The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Second Shooter
Locked Handsets Aren't the Problem – Subsidies Are the Problem
3|13|13   |   2:09   |   10 comments

Subsidized handsets, rather than locked handsets, should be the focus of regulators. We're not getting good deals, not fostering innovation, and weakening our power as buyers.
an IBM information resource
sponsored content
big blue blog
Todd Watson
Todd Watson   5/17/2013   1 comment
It's been 17 years since I've visited the city of Dublin, but I still have some very distinct impressions from my one and only visit.
an IBM information resource
sponsored content
Expert Integrated Systems: Changing the Experience & Economics of IT
In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator.
READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE!
REGISTER HERE
Wanted! Site Moderators
Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?

Please email: moderators@internetevolution.com
Internet Evolution – not for thickies
Keep Critical Data With a Knowledge Management System
Taimoor Zubair
Fortune 500 companies lose at least $31.5 billion a year by failing to share knowledge. A Knowledge Management System (KMS) can help companies significantly reduce these costs.
CLICK FOR MORE
Intel's Haswell On-Die GPU Is Lean, Powerful & Built for Cloud
Jason Mick
Whether you’re an engineering firm that uses CAD for parts design, or an e-business that leverages Photoshop for user-interface graphics, you likely require a modest graphics-processing unit. In the old days, this was a daunting hurdle to innovation, but today, the situation has improved thanks to technologies like NVIDIA’s GRID and Microsoft’s RemoteFX. Such virtualized graphics protocols allow you to load-balance graphics-intensive workloads from virtual desktops on a server-side graphics card.
CLICK FOR MORE
IT Suffers From Obama Admin's Jekyll & Hyde Approach to Privacy Rights
Ron Miller
Recently, the Obama administration has been of two minds where privacy rights are concerned. On one hand, you have an administration that vowed to veto CISPA and mandated open data for government websites. On the other hand, you have an increasingly out-of-control Department of Justice on a fishing expedition at AP and demanding legislation to let the FBI wiretap private, encrypted communications and levy fines if a company fails to comply.
CLICK FOR MORE
IT Suffers From Obama Admin's Jekyll & Hyde Approach to Privacy Rights
Ron Miller
Recently, the Obama administration has been of two minds where privacy rights are concerned. On one hand, you have an administration that vowed to veto CISPA and mandated open data for government websites. On the other hand, you have an increasingly out-of-control Department of Justice on a fishing expedition at AP and demanding legislation to let the FBI wiretap private, encrypted communications and levy fines if a company fails to comply.
CLICK FOR MORE
Baking Up Business With Facebook Advertising
Harry Hawk
Facebook advertising is a lightning rod. It seems neither brands nor consumers are 100 percent happy about the social media site's policies, placement, or procedures. But the real controversy about Facebook ads and promotions is over whether they work.
CLICK FOR MORE
IT Suffers From Obama Admin's Jekyll & Hyde Approach to Privacy Rights
Ron Miller
Recently, the Obama administration has been of two minds where privacy rights are concerned. On one hand, you have an administration that vowed to veto CISPA and mandated open data for government websites. On the other hand, you have an increasingly out-of-control Department of Justice on a fishing expedition at AP and demanding legislation to let the FBI wiretap private, encrypted communications and levy fines if a company fails to comply.
CLICK FOR MORE
Websites Should Consider Tougher ID Verification Policies
Alan Reiter
The apartment and house sharing service, Airbnb, now requires members to verify their identities by demonstrating a presence on the web, and by either scanning a government ID or entering detailed personal details. Other enterprises should take a close look at Airbnb's verification policies.
CLICK FOR MORE