Thursday, 15 August 2013
New York Times Hackers Back for More
This past January (2013) hackers allegedly sponsored by the Chinese government managed to break into the New York Times computers with relative ease. According to a number of sources, the hackers were able to gain access to the computers of 53 Times employees along with data and newsgathering information having to do with Chinese officials. The newspaper admitted the hackers had access for nearly 4 months before they were discovered.
Unfortunately, the hackers are back once again. According to FireEye, the latest attacks use more sophisticated versions of two well-known pieces of malware named Aumlib and Ixeshe. Neither piece of malware has seen much activity since 2011, and neither has evolved at all until recently. However, the new incarnations allow hackers to manipulate networking and traffic patterns in order to remain undetected.
FireEye officials say that these newest attacks are significant because they take the two malware families to the next level. The amount of work required to write new code, develop new infrastructure, and train people in the use of the malware is extensive enough that it couldn't be the work of any organisation that didn't have significant muscle behind it. Hence, suspicion is once again being directed at the Chinese government.
Other than the massive amount of work that must have gone into the retooling, experts are not surprised to see Aumlib and Ixeshe being used again. Hackers often retool malware once current incarnations are exposed. As long as they can rewrite code to overcome security, there's no need to reinvent the wheel. That appears to be the case here.
FireEye's revelation of renewed attacks was first made known on August 13. But just a day later, the New York Times website was down for several hours, with some news outlets reporting a denial of service (DoS) attack as the culprit. When the site finally came back just after 2 pm EST, the Times released an official announcement saying the problem was due to an internal error.
One wonders if the Times is being completely honest. They may very well be, but would they be willing to publicise an external attack if that were the real cause of their website being down? There's no way to know for sure. The point is that no website or computer network is completely safe from hackers.
The nature of networking means there are vulnerabilities all across the board. From the servers hosting websites to the local computers accessing them, there are far too many players in the game to ensure complete security. So just like death and taxes, network hacking is something that is virtually guaranteed in this day and age.
IT security firms will continue doing their part monitoring international hackers and closing the security loopholes that make attacks possible. Indeed, prevention might even be possible in some cases. However, for the most part, we will be left to deal with attacks as they come. That's just the way it goes...