"You need to take some pretty extreme steps," ACLU expert says
Journalists tend to not be savvy about digital security, he says
Attorney: Cyberattacks from abroad are rarely prosecuted
"The Cold War has gone digital," security analyst says
The New York Times’ acknowledgment in its Thursday editions that Chinese hackers carried out sustained attacks on its computer systems should be a wake-up call to any company around the world that trades in information, according to computer security experts.
“When you’re dealing with an adversary with significant resources like the Chinese – or the United States, for that matter – you need to take some pretty extreme steps,” said Chris Soghoian, principal technologist for the American Civil Liberty Union’s Speech Privacy and Technology Project.
“Off-the-shelf antivirus software is not going to be enough.”
That’s because consumer antivirus software from business-supply stores such as Staples will not protect computer owners from state-sponsored actors, he said. “Staples, hopefully, will protect you from a scammer trying to steal your bank account, or a Russian criminal gang trying to put a key logger on your computer. There is no commercial software that is going to keep you safe from a determined government,” Soghoian said.
According to The Times, the cyberassaults took place over four months, beginning during an investigation by the newspaper into the wealth reportedly accumulated by relatives of the Chinese premier, Wen Jiabao.
The Wall Street Journal reported on Thursday that its computer systems also had been infiltrated by Chinese hackers. The hackers were monitoring the newspaper’s China coverage, according to a written statement from Paula Keve, chief communications officer for parent company Dow Jones & Co.
“Evidence shows that infiltration efforts target the monitoring of the Journal’s coverage of China, and are not an attempt to gain commercial advantage or to misappropriate customer information,” it read.
“If you’re a newspaper focusing on issues that are going to upset governments, then you need to invest in security as well,” Soghoian said.
Chinese authorities responded to the Times’ reports on Wen’s family members by blocking access to The Times’ website in mainland China.
The Times said that it had worked with computer security experts to monitor, study and then eject the attackers. It said that by following their movements, it aimed to “erect better defenses to block them” in the future.
Such efforts are becoming more important as the incidence of hacking appears to grow, Soghoian said.
“The first thing you do is make sure that everything you have is encrypted both in storage or transmission,” he said. That way, if a reporter leaves a laptop in a hotel room in Beijing and the police try to copy it while the reporter is out of the room, it is protected, he said.