February 05, 2013 HACKING,IT SECURITY

My 2 Cents Worth


Click on either of the two links above to read up on the topic of targeted hack attacks on media outlets.  In all candor, I find this, to a certain degree, rather amusing.

One of the articles says, “[It] all pointed to being hacked by the Chinese. They had the ability to get around to different servers and hide their tracks.”  Thing is, if they had the ability to hide their attack, how does the writer know it came from Chinese hackers?

One of the principal skills of hackers is that of hiding their tracks.  You never really know where they’re coming from and it’s incredibly rare for them to make a mistake, and be caught.   It’s common knowledge that the apparent originating IP of the attack is almost never the real one, it acts as a decoy, leaving a false trail.  Instead, both these articles talk about Chinese hackers, most likely tied to the government, most likely tied to the military.   How do they know all this?  THIS is what we would like to know.

And yet, in all fairness, I won’t be at all surprised if they were right.  We all know the Chinese government has a total disregard for human rights and civil liberties, and that media in that country serves no other purpose save as the megaphone of the power; and, therefore, freedom of news is a concept completely foreign to them, that the right to freedom of news we enjoy must surely bother them, particularly when we publicize things about them that they’d rather keep quiet.

Nonetheless, to go from this (in)famous known fact to claiming with utter apparent certainty that it was indeed the Chinese military which hacked into the NYT and TWP, to spy on their news, is a completely different story.  Again, I want to know how we knew it was them?  Did they leave a taunting message?  Something like “gotcha!”?  Was some form of threat issued?

If all they did was ‘get in, spy and leave’, this is pure speculation, and could very well have been the actions of anyone.  Heck, it could very well have been that the 2 papers spied on each other, and made it look as though it was the work of hacker attacks from China.  Who’s to know the truth??

I know this sounds ridiculous, and I am intentionally exaggerating.

On that same note of flippancy, the article claims the NYT blamed Symantec for not catching the Trojan.  Then, on the flip side, they’re also claiming this as a targeted attack.  Seriously?  Anyone can instantly deduce that the two things are in complete contradiction.

If it is a targeted attack, it means the hacker wrote the Trojan for the sole purpose of infiltrating the NYT network; therefore, it couldn’t have been a “common” virus available in the wild ~ Symantec couldn’t possibly have performed a miracle in surmising this was coming and dreaming up a signature.

If we were truly expecting a signature to stop the original Trojan, then, clearly, we’re admitting that this was a Trojan available on the internet, for which AV companies could have had a signature, and hence, it wasn’t targeted.  The hacker just got lucky that in this particular instance, his virus hit the NYT and once he gained access, he curiously started snooping around.  Thus is human nature.

So – which is it?  Targeted?  Not Symantec’s fault?  Symantec’s fault?  Not targeted?  I think someone really needs to make up their mind here.

Therefore, to be able to say that this was done by the Chinese with such preposterous certainty, requires hard, legitimate proof.  Proof that I would like to see.  If this exists, this is an act of war and we should take counter actions.  If it does not, just please stop speculating already, keep quiet, fix the security of our networks, teach our users to not click on stupid links in unknown emails, adopt a safer behavior on their computers, and STOP_CRYING_FOUL.The point of the matter is hackers don’t leave tracks behind; much less skilled hackers (unless, of course, they start getting cocky and make mistakes).