{"id":640788,"date":"2013-01-31T16:21:49","date_gmt":"2013-01-31T21:21:49","guid":{"rendered":"http:\/\/blog.ted.com\/?p=68436"},"modified":"2013-01-31T16:47:13","modified_gmt":"2013-01-31T21:47:13","slug":"the-wild-west-of-the-internet-reflections-on-the-new-york-times-hack","status":"publish","type":"post","link":"https:\/\/mereja.media\/index\/640788","title":{"rendered":"The Wild West of the Internet: Reflections on The New York Times hack"},"content":{"rendered":"<p><strong><img decoding=\"async\" class=\"size-full wp-image-68438 aligncenter\" alt=\"Hacked--The-New-York-Times-and-Dalai-Lama\" src=\"http:\/\/tedconfblog.files.wordpress.com\/2013\/01\/hacked-the-new-york-times-and-dalai-lama.jpg?w=900\"   \/><\/strong><\/p>\n<p><strong>By Shyam Sankar and Gabe Rosen<\/strong><\/p>\n<p>The Internet is the new Wild West, a frontier big enough for every pioneer and outlaw to roam free. Today, <i><a href=\"http:\/\/www.nytimes.com\/2013\/01\/31\/technology\/chinese-hackers-infiltrate-new-york-times-computers.html?pagewanted=1&amp;_r=2&amp;hp&amp;\">The New York Times <\/a><\/i><a href=\"http:\/\/www.nytimes.com\/2013\/01\/31\/technology\/chinese-hackers-infiltrate-new-york-times-computers.html?pagewanted=1&amp;_r=2&amp;hp&amp;\">revealed that hackers in China<\/a> had spent the last four months infiltrating its computer systems and pilfering employee passwords. As in the old West, it\u2019s not a question of <i>if<\/i> you\u2019ll be hit &#8212; but when and how. Online, primitive DDOS attacks rain down like arrows, while artful hackers can steal the data equivalent of 5,000 head of cattle before any breach is detected. There\u2019s no choice but to defend the homestead as best you can \u2013 and retreating to civilization is no longer an option.<\/p>\n<p>According to Mandiant, the infosec firm that conducted the investigation, the <i>Times<\/i> was first compromised on September 13. The attackers established at least three backdoors and installed 45 pieces of malware, only one of which was detected by Symantec security software. After two weeks, the attackers found the domain controller that contained all staff passwords. <i>Times<\/i> executive editor Jill Abramson maintains there is \u201cno evidence that sensitive emails or files\u201d were accessed, yet the investigation found that the attackers \u201ccreated custom software that allowed them to search for and grab [<i>Times<\/i> journalists] Mr. Barboza\u2019s and Mr. Yardley\u2019s e-mails and documents.&#8221;<\/p>\n<p>As the TED Blog <a href=\"http:\/\/blog.ted.com\/2012\/09\/06\/how-a-human-computer-collaboration-uncovered-who-hacked-the-dalai-lamas-email\/\">recently recounted<\/a>, we know a bit about this sort of thing at <a href=\"http:\/\/www.palantir.com\/\" >Palantir<\/a>. Our platform was used to investigate \u201c<a href=\"http:\/\/www.nytimes.com\/2009\/03\/29\/technology\/29spy.html?pagewanted=all&amp;_r=0\">GhostNet<\/a>\u201d, a Chinese cyber espionage network. In 2008, an unnamed country received an email from China warning them not to host the Dalai Lama for a scheduled visit. The email was startling because this visit was not public knowledge.\u00a0The country sought to find out how this sensitive information had been leaked.\u00a0Not only the Dalai Lama\u2019s personal computer been hacked, but 1,300 computers across the globe had been infected in the same way. This network had been operating for two years without notice.<\/p>\n<p><span class='embed-youtube' style='text-align:center; display: block;'><iframe class='youtube-player' type='text\/html' width='586' height='360' src='http:\/\/www.youtube.com\/embed\/zE6xvQeMqqE?version=3&#038;rel=1&#038;%23038;fs=1&#038;%23038;showsearch=0&#038;%23038;showinfo=1&#038;%23038;iv_load_policy=1&#038;%23038;wmode=transparent' frameborder='0'><\/iframe><\/span><\/p>\n<p>Naturally, when we heard about <i>The New York<\/i> <i>Times <\/i>hack today, we looked for parallels. The Dalai Lama\u2019s office was infiltrated by \u201cspear phishing\u201d &#8212; where hackers research a person and create an email, with an attachment, that looks like it came from a confidant. Spear phishing is suspected, though not confirmed, in the <i>Times<\/i> attack. Like GhostNet, the <i>Times<\/i> attackers covered their tracks through intermediaries in numerous countries, and employed remote access tools (RATs) and malware. The attacks also appear related to Chinese political sensitivities, though the exact loyalties in play are murky.<\/p>\n<p>While it\u2019s important to resist easy conclusions, <a href=\"http:\/\/en.wikipedia.org\/wiki\/Occam's_razor\">Occam\u2019s razor<\/a> and common sense shouldn\u2019t be ignored. The difficulty is that positive attribution is rare in cyber warfare, so when something <i>looks<\/i> like the work of someone who was never actually identified, it may not be exceptionally meaningful. As open-source sleuth <a href=\"http:\/\/jeffreycarr.blogspot.com\/2013\/01\/the-new-york-times-china-hack-what.html\">Jeff Carr<\/a> points out, there are several doubts. Beijing\u2019s time zone includes numerous other cities. The attacks were ultimately traced to Chinese IPs, though their geo-locations encompass millions of people. The attackers used RATs, but these are widely available and hardly confined to China. According to Richard Bejtlich, Mandiant\u2019s chief security officer, \u201cWhen you see the same group steal data on Chinese dissidents and Tibetan activists, then attack an aerospace company, it starts to push you in the right direction.\u201d Given the vast spectrum of potentially interested parties, it\u2019s a very general direction \u2013 but it\u2019s a start nonetheless.<\/p>\n<p>The lack of clear answers notwithstanding, Mr. Bejtlich is certainly correct that cyber defense \u201crequires an internal vigilance model.\u201d You have to sleep with one eye open, and preoccupation with one mode of attack leaves you vulnerable to others. As in the old West, it\u2019s essential to make common cause with your neighbors, however distant. During the recent spate of suspected Iranian DDOS attacks, two global Top 20 banks shared threat data in real time with each other as well as US law enforcement, and collaboration across public\/private lines is essential to countering the matrix of state and non-state combatants.<\/p>\n<p>Above all, we need to adopt a Wild West approach of our own. The sheriff\u2019s only hope is to become as swift, resourceful, and adaptive as the outlaws.<\/p>\n<p><em>Shyam Sankar is the Director at\u00a0<a href=\"http:\/\/www.palantir.com\/\">Palantir Technologies<\/a>. He gave the TED Talk \u201c<a href=\"http:\/\/www.ted.com\/talks\/shyam_sankar_the_rise_of_human_computer_cooperation.html\" >The rise of human-computer collaboration<\/a>\u201d at TEDGlobal 2012, as well as the talk embedded above at TED2010. Gabe Rosen works in Business Development at Palantir.<\/em><\/p>\n<p>  <a rel=\"nofollow\" href=\"http:\/\/feeds.wordpress.com\/1.0\/gocomments\/tedconfblog.wordpress.com\/68436\/\"><img decoding=\"async\" alt=\"\" border=\"0\" src=\"http:\/\/feeds.wordpress.com\/1.0\/comments\/tedconfblog.wordpress.com\/68436\/\" \/><\/a> <img loading=\"lazy\" decoding=\"async\" alt=\"\" border=\"0\" src=\"http:\/\/stats.wordpress.com\/b.gif?host=blog.ted.com&#038;blog=14795620&#038;%23038;post=68436&#038;%23038;subd=tedconfblog&#038;%23038;ref=&#038;%23038;feed=1\" width=\"1\" height=\"1\" \/><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/feeds.feedburner.com\/~r\/TEDBlog\/~4\/ZdDPqeBjFTc\" height=\"1\" width=\"1\"\/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>By Shyam Sankar and Gabe Rosen The Internet is the new Wild West, a frontier big enough for every pioneer and outlaw to roam free. Today, The New York Times revealed that hackers in China had spent the last four months infiltrating its computer systems and pilfering employee passwords. As in the old West, it\u2019s [&hellip;]<\/p>\n","protected":false},"author":7478,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-640788","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts\/640788","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/users\/7478"}],"replies":[{"embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/comments?post=640788"}],"version-history":[{"count":0,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts\/640788\/revisions"}],"wp:attachment":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/media?parent=640788"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/categories?post=640788"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/tags?post=640788"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}