- Press organizations, including The New York Times and The Wall Street Journal, strongly suspect that Chinese hackers infiltrated their networks looking for information on news sources and research.
- These attacks – and private sector incidents – underscore the increasing prominence of politically, ideologically, and revenge-driven attacks in the threat environments.
2013 is starting where 2012 left off, with ideologically and politically motivated attacks making headlines, and in the case of a few recent high-profile breaches, making the news outlets that write those headlines extremely anxious. The New York Times, The Wall Street Journal, and a number of other press organizations have publicized their own battles against what they suspect are politically backed hackers which have successfully breached their networks in search of data gathered on sources that exposed government scandals. Though its government has denied any involvement, China specifically has been named for the role that attackers, suspected to be/accused of acting on its behalf, have played on hacking into journalist’s files in search of information used in articles on corruption and other political issues in China.
In The New York Times’ case, through its security providers Mandiant and AT&T, the press organization discovered that China-based hackers had taken e-mails, contact information, and files from more than more than two dozen journalists and executives at Western news organizations. The hackers also reportedly kept a record of the journalists they were monitoring. Other press organizations dealt with similar attacks.
The high-profile nature of the breached organizations highlights this set of attacks. However, what might be most notable about these types of highly targeted attacks is just how common they are becoming and the diverse nature of the organizations attacked. In its 2012 Infrastructure Security Report, released in late January 2013, distributed denial of service (DDoS) mitigation technology vendor Arbor Networks found that the top three drivers for DDoS attacks are politics, ideology, and revenge. Judging from the attacks against the news organizations, these motivations extend beyond DDoS.
So, now essentially any organization that possesses data of a sensitive nature might find itself in the crosshairs of a cyber attacker. This extends to high-profile entities that might be attractive targets to hackers looking to embarrass or avenge a perceived wrong doing. Given that this increased risk could apply in theory to almost any organization, all enterprises need to reassess their security posture and reconsider their defenses. Have incidents in the last few months caused you to re-evaluate your strategies? If you have, what changes are you considering?