Hacker worms his way into WSJ computer systems

Hacker worms his way into WSJ computer systems

Summary: The Wall Street Journal is a fresh target in what appears to be a renewed assult against media publications online.

SHARE:
TOPICS: Security
5
it-security

The Wall Street Journal was forced to take systems offline following a security breach, as yet another online publication suffers cyberattack.

According to the paper's publisher Dow Jones & Co, computer systems hosting the WSJ's news graphics were infiltrated by outside parties, and the security breach resulted in systems being taken offline to isolate the cyberattack.

The publication says that no damage or altering of news graphics has been found, although the systems are still being reviewed for signs of tampering.

A spokeswoman for the Journal commented:

We are investigating an incident related to wsj.com's graphics systems. At this point we see no evidence of any impact to Dow Jones customers or customer data.

The statement follows tweets by a Twitter user called w0rm, who posted messages and screenshots documenting the security breach. The hacker claims to have hacked the website, and is offering user credentials and the information required to control the server — for a price. w0rm is offering access for payment in one Bitcoin, which is approximately $620 at the time of writing.

db

Andrew Komarov, CEO of cybersecurity firm IntelCrawler told the publication that this information could be used to "modify articles, add new content, insert malicious content in any page, add new users, delete users and so on."

In addition to the WSJ hack, news, arts and culture site Vice.com was also compromised. A Vice.com spokesperson said that a security exploit was used to access a list of Vice.com content management system (CMS) users, but the vulnerability was patched before any compromisation took place.

w0rm, which appears to be the alias of an exploit-dealing Russian hacking collective as well as the controller of vulnerability market Worm.in, also targeted CBS Interactive-owned domain CNET.com last week. A representative of the group told the site that it had stolen a database of usernames, emails, and encrypted passwords from CNET's servers.

Media outlets are a well-known target for cybercriminals. If a system is compromised, these outlets can be used to gain attention and exposure and hackers can not only spread false information to readers, but also steal user accounts. The WSJ, MSNBC.com, CNN and BBC are only a handful of outlets that have experienced security breaches in the past several years, ranging from Twitter accounts being taken over to Facebook pages being controlled, as well as malvetising and page redirection.

Erik Cabetas, managing partner at security consulting firm Include Security, told eWEEK:

"I'd like to pretend that there is some quick prescriptive advice for media companies to stop getting hacked, but there isn't. It's a pervasive problem that affects all major media outlets, and this situation won't change short of sweeping changes to the way risk is managed in media companies."

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • Is that even a real word?

    I understand the point of the story but I'm trying to figure out whether compromisation is a real word or not. At any rate, i don't see a change occurring anytime soon with some of these companies. There are risks they are willing to accept to ensure that bottom line isn't affected too much.
    jimcolv
  • Technically, compromisation isn't a word..

    ..but you could use it in that way. It would be defined as 'the act of compromising'. It probably would have been better to end that sentence with...."before anything was compromised."
    omahapianist
    • Couldn't use it in scrabble

      So it isn't a word. The correct phrase it "before anything was compromised." She is a journalist and a teacher, she should know better.
      brant@...
  • Drops

    thats a rite word compromised ..
    drops in uk
    slt vc
  • hi

    rajeshroy3003@gmail.com
    slt vc