The Macrosite for News, Analysis and Opinion about the Future of the Internet
Maria Korolov

NY Times Hack Is Tip of a Cyber Iceberg

Written by Maria Korolov
2/4/2013 34 comments
no ratings
DISCUSS     Email This
Last week's reports that the Chinese government hacked into The New York Times were just the tip of the iceberg.

I don't just mean the reports that came out soon afterwards about successful hacks against The Wall Street Journal and Bloomberg.

Over the past couple of years, there have been analyst reports about a number of other companies and organizations infiltrated by Chinese hackers, including a number of oil companies, US government satellites, the US Chamber of Commerce, and a wide variety of technology companies including Google and Nortel.

I'm willing to bet, though, that we don't hear about the vast majority of attacks.

The New York Times is a media company. Media companies love big, juicy stories, and Chinese hackers infiltrating the world's premiere newspaper is the definition of big and juicy.

Sure, there were probably some people at the newspaper who saw the hacking as an embarrassment, and would have preferred to see it kept quiet. But it's hard to fight against the news instincts of your entire organization.

That's not the case in most companies. And, unless sensitive data is stolen, like credit card or Social Security numbers, companies have no obligation to tell anyone that they were hacked.

In fact, going public would only hurt a company's brand image and stock price. Plus, other hackers might read about the infiltration and get the idea that the company has weak security and is a prime target for their own efforts.

So what happens is that companies make a huge effort to protect personally identifiable information. After all, if it is hacked, the consequences are immediate, severe -- and very expensive. According to the latest report from Symantec and the Ponemon Institute, the average cost of an enterprise data breach is $5.5 million, or about $194 per stolen record.

Losses due to Chinese hacking and similar attacks are less visible but more insidious in the long term.

Unfortunately, when you're looking for additional money in your security budget, it's easy to make a case for beefing up security around, say, customer credit card numbers. You can point to all the companies that have been in the news because of data breaches, and how much it cost them to deal with the breach.

When hackers are going after strategic information instead, the costs are less visible, and it's easy to postpone security upgrades until the next budget cycle.

Plus, you could argue that The New York Times and The Wall Street Journal were special cases, high-profile political targets. The Chinese government might have an interest in going after politically embarrassing news coverage. Or military secrets. But why would the government go after regular run-of-the mill companies?

One possible reason was pointed out to me today by Patrick Taylor, CEO of Oversight Systems, a company that provides risk management data analytics software.

“The majority of Chinese companies in the Fortune 500 are state-owned enterprises,” Taylor said.

There were 73 Chinese companies on the Fortune Global 500 list in 2012, second only to the US -- and 65 of them were state-owned.

I can't think of another country on the planet right now where the interests of business and government are that closely intertwined.

And yes, I do understand the irony of writing that after an election where corporate donations and government bailouts were a big political issue.

But when the US government winds up owning part of a company, there's a big outcry. When the Chinese government runs entire industries, sets business agendas, names political appointees as senior executives, and passes legislation to favor those companies -- that's just the way things are.

So if you're a company that is currently competing against Chinese firms, or might do so in the future, consider beefing up your security around your email systems and document storage.

For example, one attack vector used at the NYT was to trick employees into giving up their passwords and then logging into their accounts. One security technique that could work here is to ask for a second method of authentication when an employee logs in from a new device.

Many banks already do this, and most of the time you don't notice this security layer at all. When I do log in from a new device -- say, because I got a new computer or am logging in from a friend's house -- my bank sends me a one-time password via text message.

It's a very minor inconvenience for employees, but a significant security improvement for the enterprise.

— Maria Korolov is president of Trombly International, an editorial services company that provides coverage of emerging technologies and markets. She has been a journalist for more than 20 years.

Related posts:
DISCUSS     Email This
Current display:       newest comments first       display in chronological order
< Previous   Page 4 of 4
Mitch Wagner
Thinkernetter
Monday February 4, 2013 12:28:12 PM
no ratings

Mike Acker - Google has been a Linux shop from the very beginning. 

Switching to Linux is an expensive proposition for any business. It is not to be undertaken lightly and it takes time to implement. 

At this point, we don't know if the attacks were directed at desktops -- which likely do run Windows -- or servers, which quite possibly don't. 

Maria Korolov
Thinkernetter
Monday February 4, 2013 10:44:20 AM
no ratings

Switching to Linux may work for a tech-heavy company like Google, where a large percentage of the employees are likely to be programmers or at least programmer-adjacent.

It's not as great a fit for a traditional office, like the New York Times, that heavily relies on standard business productivity and layout software, which traditionally isn't available for Linux.

 

fonstuinstra
Rank: Cave Painter
Monday February 4, 2013 8:42:36 AM
no ratings

Shouldn't you be as careful when dealing with other countries. In the US the "Patriot Act" actually allows the government to peek at your internet traffic, a huge concern in Europe, where legal protection for US citizens and companies is not valid. And would non-Chinese not have commercial interests to break-in.

China just gets some attention, but seems to act as a distraction on what should be a larger concern,

Mike Acker
Rank: Cyborg
Monday February 4, 2013 7:13:10 AM
no ratings

there is an article on Information Week this morning regarding this hack .

the article properly points out the lack of detail . we need to know what O/S they were running .  if they had XP with just AV installed: oh well.  get over it, the boat sank .

signature based a/v is no longer effective . systems must monitor the behavbior of their application programs . e.g. a business net should be running Win7 with UAC activated and AppLocker installed.

better yet, switch to Linux - as did Google after they got  hacked back in 2010 .

< Previous   Page 4 of 4
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
previous posts from Maria Korolov
Maria Korolov
Maria Korolov   5/21/2013   9 comments
In the fall of 2011, around 160,000 students in 190 countries enrolled in a Stanford-sponsored online course about artificial intelligence. About 23,000 completed the course and got certificates, including 248 who got a perfect score. The university offered the same course the old-fashioned way to students sitting in Stanford classrooms. None of the those students got a perfect score.
Maria Korolov
Maria Korolov   4/26/2013   71 comments
The first age of computer interfaces involved paper tape, punch cards, and other cumbersome methods that required specialized operators.
Maria Korolov
Maria Korolov   4/23/2013   89 comments
I don't wear a watch. I haven't worn one years. If I'm carrying a phone -- any phone -- I always know what time it is and don't have to worry about time zones or daylight savings time. And I don't want to have an iPod or an iPhone that I can wear on my wrist. Again: Why? If I want to sport one while jogging, there are plenty of bands you can already buy that do that.
Maria Korolov
Maria Korolov   3/7/2013   29 comments
Organizations are expending enormous resources to improve their internal productivity by implementing cloud, adding collaborative applications, and investing in analytics solutions. Individually, we can improve our own productivity, even during sometimes lengthy meetings, by using free note-taking apps like Evernote or Microsoft OneNote.
5
of
Beau Brendler
Terrorism Expert Says US Gave Away Stuxnet Tech
4|4|12   |   3:29   |   9 comments

US counterterrorism expert Richard Clarke, who came to prominence with his prescient warnings before the 9/11 attacks, tells Smithsonian Magazine the US was responsible for the Stuxnet supersmart worm that attacked parts of nuclear reactors in Iran – and in the process, has given away one of the world's most sophisticated cyberweapons.
Mary Maida
How Medtronic Overcomes Social Business Resistance
1|31|13   |   1:23   |   No comments

Showing results is the best way to win over social business doubters, according to Mary Maida, Medtronic lead information solutions manager. Internet Evolution's Mitch Wagner interviewed Maida at the E2 Innovate conference.
Mary E. Shacklett
Watch Your Business Secrets on Multi-Tenant Clouds
11|26|12   |   1:56   |   1 comment

Multi-tenant clouds assure security for clients, but not necessarily for their ideas. Here's one thing you should discuss with your cloud provider before you sign on.
Mitch Wagner
TweetDeck Gets a Second Life
11|5|12   |   9:54   |   13 comments

A recent release of the popular TweetDeck app for Twitter power-users gives new life to software that had previously taken a wrong turn. Here's a quick walk-through of the new TweetDeck, to show you why it should be at the top of your Twitter toolkit.
Tony Kontzer
Salesforce.com Trumpets the 'Social Enterprise'
9|25|12   |   1:45   |   2 comments

"Social Enterprise" is an increasingly trendy term, and Salesforce.com has been leading the way. At its Dreamforce conference last week, the theme was clear: From here on, enterprise applications must have social capabilities built in.
Robert D. Atkinson
Why Doesn't the US Have Any Mobile Wallets?
11|28|09   |   2:09   |   1 comment

Imagine being able to use your mobile phone to pay taxi and mass transit fare; use vending machines; make retail purchases; and check in at hotels. Every day, millions of citizens in Japan, S. Korea, and soon Singapore do so simply by waving their mobile phones in front of point-of-sale terminals using near-field communication or related technology. But, while the technology is readily available in the US, it will be some time before Americans can use their cellphones as mobile wallets.
Mitch Wagner
'Digital Nomads' Work From Anywhere & Everywhere
2|14|13   |   2:35   |   20 comments

New tools like laptops, tablets, smartphone, and wireless connectivity let us work from San Diego to Katmandu, and anywhere in between. But time management remains a problem.
Second Shooter
It's Not Tablets That Threaten the PC
2|13|13   |   2:21   |   8 comments

Blaming the PC's gloomy future on tablets is an oversimplification.
Kelli Carlson-Jagersma
Wells Fargo Sales Get Social Business Boost
1|16|13   |   2:30   |   2 comments

Wells Fargo uses social software to replace email chains and help its sales team collaborate more effectively to land deals, according to Kelli Carlson-Jagersma, VP Collaboration Strategy for Wells Fargo. Mitch Wagner spoke with Carlson-Jagersma at the E2Innovate conference
Second Shooter
Cisco & Linksys: A Problem at the Edge
1|4|13   |   2:15   |   No comments

Cisco's rumored sale of Linksys suggests we may have problem with innovation and profit at the edge of our Internet, and that could be critical to the evolution of many Internet-delivered services.
IETV: the thinkerNet on film
5
of
Kim Davis
Big-Data Can’t Always Sell Wine
5|21|13   |   2:23   |   3 comments

Whole Foods Global Wine Purchaser Doug Bell told me about some of the constraints on using analytics in the US wine market.
Paul J. Fleuranges
Digital Signage Keeps NYC Subway Straphangers on Track
5|6|13   |   3:51   |   No comments

New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
Kim Davis
Fast Forward to the Future
4|23|13   |   2:29   |   20 comments

A look back at tech writing in the 90s makes us wonder where enterprise IT will be 20 years from now.
Mitch Wagner
Google Launches Its Most Depressing Service Yet
4|15|13   |   2:59   |   10 comments

Google's new Inactive Account Manager lets you control how Google disposes of your accounts when you die.
Second Shooter
Argument Over Top-Level Domains Is 'Stupid'
4|11|13   |   2:07   |   3 comments

The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
Kim Davis
Ladies, Your Tablet Awaits
3|21|13   |   2:22   |   37 comments

ePad Femme is the world’s first tablet “made exclusively for women.”
Wisdom of the Big Chair
NFC Moves Into the Mainstream
3|20|13   |   2:16   |   No comments

While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Wisdom of the Big Chair
Integrating Security Into Your Cloud Contract
3|19|13   |   3:35   |   No comments

Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Brian Baron
How Edmunds.com Collects Customer Information
3|18|13   |   1:15   |   No comments

Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Brian Baron
How Edmunds.com Uses Analytics to Customize Site
3|14|13   |   0:47   |   No comments

The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
an IBM information resource
sponsored content
big blue blog
Alison Diana
Alison Diana   5/21/2013   1 comment
Ushering in a new era of cognitive computing systems, IBM announced today the IBM Watson Engagement Advisor, a technology breakthrough that allows brands to crunch big data in record time to transform the way they engage clients in key functions such as customer service, marketing, and sales.
an IBM information resource
sponsored content
Expert Integrated Systems: Changing the Experience & Economics of IT
In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator.
READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE!
REGISTER HERE
Wanted! Site Moderators
Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?

Please email: moderators@internetevolution.com
Internet Evolution – not for thickies
Keep Critical Data With a Knowledge Management System
Taimoor Zubair
Fortune 500 companies lose at least $31.5 billion a year by failing to share knowledge. A Knowledge Management System (KMS) can help companies significantly reduce these costs.
CLICK FOR MORE
M2M: Rise of the Machines? Not Yet
David Weldon
In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M.
CLICK FOR MORE
M2M: Rise of the Machines? Not Yet
David Weldon
In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M.
CLICK FOR MORE
M2M: Rise of the Machines? Not Yet
David Weldon
In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M.
CLICK FOR MORE
Smartphone Influx Stresses IT Help Desks
Paul Korzeniowski
The smartphone market reached a significant milestone, a breakthrough that may cause vendors to celebrate but could strain the capabilities of IT service desks.
CLICK FOR MORE
M2M: Rise of the Machines? Not Yet
David Weldon
In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M.
CLICK FOR MORE
Yahoo Needs to Break Tumblr in Order to Fix It
Joe Stanganelli
As Mitch Wagner discussed today, Yahoo is acquiring Tumblr. The big Internet debate at the moment is whether Tumblr will be good or bad for Yahoo. Regardless of their stances on the future of Yahoo itself, many claim that Yahoo will somehow ruin Tumblr.
CLICK FOR MORE