Chinese Hackers Infiltrate New York Times; Wall Street Journal, Too.
The New York Times reports that Chinese hackers targeted its computer systems in an attack that began in September 2012. The attackers managed to gains access to a domain controller that holds account accesscredentials for all Times employees; this particular attack targeted the accounts of the current and former Times Beijing bureau chiefs. The hackers appear to have been looking for information identifying sources
in China who may have provided information to journalists investigating a story about the fortunes amassed by family members of Chinese Prime Minister Wen Jiabao. The hackers took circuitous routes, directing their
attacks through previously compromised systems at several different US universities and shifting IP addresses often. Such deceptive strategy is similar to that used in other cyberattacks that have been linked to
China. Chinese officials deny involvement in the attacks. The Times called in Mandiant to help monitor and block the attacks, gather evidence, and expunge the hackers. The attackers have been ousted from
the system for now and more cyberdefenses have been established, but the Times harbors no illusions that its systems will not be targeted again. Bloomberg was targeted in a similar attack earlier last year after they
published a story about the net worth of then-vice president Xi Jinping's family members.
Alleged Cyberextortionist Arrested
The FBI has arrested a California man in connection with numerous instances of cyberextortion in which he threatened to post compromising pictures of women whose social networking accounts he had hackedhijacked. Investigators believe that Karen "Gary" Kazaryan had more than 350 victims between 2009 and 2011. A recently unsealed indictment charges Kazaryan with 15 counts of computer intrusion and 15 counts of aggravated identity theft.
PayPal Fixes SQL Injection Flaw
PayPal has fixed a SQL injection vulnerability in its e-commerce website application that could have been exploited to compromise company databases and steal sensitive information. PayPal awarded a US $3,000bounty to the organization that discovered the flaw and alerted the company to its existence in August 2012.