The depth and breadth of computer crime today is actually quite stunning, and it can target anyone. Individuals who have had identity thieves steal their lives know this, as do large companies who have had to deal with attacks. The New York Times recently had computer forensics investigators scour their network to get a better idea about the cybercriminal attack they’d suffered. According to reports, the specialists who conducted the investigation say that the cyber attack actually targeted just two specific people who worked for the paper. Strangely, even though the criminals actually had access to information on all of the employees, they only utilized the info on those two individuals that were their target.
Who Were the Targets?
The breach happened during an email attack. The email had malware in it that was able to target the two reporters who were working on a story about the Chinese Prime Minister, as well as some of the business dealings associated with him. While the attack might seem quite sophisticated for those who do not know much about hacking or computer forensics, the specialists who looked into the case are saying that it was actually quite simple, albeit large. The attackers used custom tools, but they kept to techniques that were very common, which helped make it easier to find out what they were doing.
The specialists also found it odd that even though they had so much access, they kept their attacks and spying focused only on those two reporters. This was not something that they usually see in network intrusions of that scope and nature, so they believed that the attack was from those in the Chinese government who had an interest in following the story.
The intrusion lasted longer than most as well – four months. The things that the attackers were looking for included:
- What the reporters were going to put into the article they were writing
- The names of sources
- The names of all those with whom they were speaking about the story
Computer Forensics Specialists Find Plenty of Data
The specialists who were working on this case found quite a bit of information about the type of the attack, the tools used, and more. They did this with the use of their own sophisticated tools, as well as their knowledge of the field and the types of techniques in use. They discovered the original Trojan where the intrusion started. They discovered the tools used, and the type of malware that was used in the attack. This helped to give them a better idea of the identity of the attackers.
Why Were They Able to Last So Long Undetected
One of the questions that many people have is just how they were able to spy for four months without anyone realize that there was an intruder on the network. They actually used 45 different pieces of malware that helped them remain hidden. Many of the tools used were custom, and it was those custom tools that helped to show the investigators that the probably culprits were a gang already under investigation.
Strangely, the Times did not even know of the intrusion until someone in the Chinese government actually warned the reporters that there would be consequences if the information in their unpublished articles got out. This alerted them that they might want to look at the security of the system since no one should have known about the nature of the article.
This should be a wakeup call for all of those companies out there who are lax in their security. It pays to have a high quality professional IT department that will be able to watch for intrusions to their system.