Symantec denies blame after Chinese govt hacks The New York Times

Symantec denies blame after Chinese govt hacks The New York Times

Summary: After one of the world's most famous newspapers points the finger at Symantec for failing to protect its network against a four-month long Chinese cyberattack, the security firm returns fire.

SHARE:
TOPICS: Security, Malware
36

After The New York Times slyly pointed the finger at Symantec for failing to protect it from a four-month long series of attacks by Chinese hackers, the anti-malware and security firm has fired back with its own critical rhetoric.

nyt-banner
The New York Times newsroom. (Credit: The New York Times)

Read this

2012: Looking back at the major hacks, leaks and data breaches

2012: Looking back at the major hacks, leaks and data breaches

ZDNet looks back at the year, on a month-by-month basis, at some of the most publicized hacks, leaks and data breaches of 2012.

Arguably one of the world's most well-regarded and well-known newspapers, The Times exclusively reported yesterday that its own networks have been "persistently attacked" by Chinese hackers, and that they infiltrated computer systems and acquired passwords for its reporters and other employees.

The newspaper, with help from security experts, "expelled the hackers" and "kept them from breaking back in."

The Times believes that the timing of the attacks coincided with an investigation it carried out in late October, which found that the Chinese Prime Minister had accumulated "several billion dollars through business dealings."

Clearly, the Chinese government--specifically the "Chinese military", according to AT&T, which informed the newspaper of the attacks--did not approve of such fine investigative journalism.

But in the report, The Timesalso took the opportunity to prod Symantec with a sharp journalism stick, after the newspaper found that most of the malware floating around on its network wasn't even detected by the security firm's software that it uses on its network.

The prodding commences:

Over the course of three months, attackers installed 45 pieces of custom malware. The Times--which uses antivirus products made by Symantec--found only one instance in which Symantec identified an attacker's software as malicious and quarantined it, according to Mandiant.

When the newspaper spoke to Symantec, the security company declined to offer comment on customers "as a matter of policy."

But then came Symantec's formal response.

Symantec said this morning in a press release that while such a series of attacks "underscore how important it is for companies, countries, and consumers to make sure they are using the full capability of security solutions," the firm noted that security solutions alone will not combat such attacks, and that common sense must prevail and other preventative actions must be employed.

The security firm added:

Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats. We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security.

Anti-virus software alone is not enough.

Ouch.

Chinese Foreign Ministry spokesperson Hong Lei told reporters in Beijing, via Bloomberg BusinessWeek, that The Times' allegations are "groundless."

Topics: Security, Malware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

36 comments
Log in or register to join the discussion
  • guess that says all there is to say about anti-virus software

    While it is definitely another league to discover professional intruders compared to simple malware provided by websites it however shows how poorly such anti-malware still performs.
    Obviously it's still better and more effective to use the healthy mind to prevent attacks than to rely on software only.
    EnticingHavoc
    • Particularly Symantec

      In other words, the Chinese governments security software failed to detect Chinese malware that the Chinese government did not want detected. :)

      Tongue in cheek aside, I'm not sure what to make of the allegations.

      But if you are thinking in terms of security it is probably best to now think of Symantec's software as a trojan horse for the Chinese government. Symantec is now a wholly Chinese owned company run by a PLA technologist.

      It would be shocking if they didn't have plans to leverage that somehow in the event of a dire run-in with the US (like a blowup over the Senkaku/Diaoyu islands)
      SlithyTove
      • We must also protect ourselves...

        ... from the comunists. Who knows what kind of malware the comunists must be developing in their secret labs?
        erick.mendes
  • Symantec: "Anti-virus software alone is not enough"

    Please tell us what IS enough?
    Rabid Howler Monkey
    • Nothing!

      Nothing is ever enough! There isn't one thing that will totally and completely protect.
      jetsethi
      • When you are being attacked . . .

        . . . by the Chinese government who can spend a few thousand or a few hundred thousand to buy someone in your IT department, you are completely hosed.
        sporkfighter
        • They'd have to pay me a ridiculous amount...

          ...since I'm my own IT department. ;)
          P.F. Bruns
          • Well...

            I think if I was my own company (and thus my own IT department) I could probably be convinced to become a double agent and take my webpage offline for a few hundred thousand. :)
            SlithyTove
        • Insiders

          Good point sporkfighter,
          besides 90+% of IT security breaches in a secured local network are done by internal staff according to survey. Sometimes disgruntled employees, sometimes freshly terminated staff who have still their password (HR and IT departmental communication problems)

          Economy of China is so huge thanks to the cash inflows from those shiny little iGadgets, they can bribe any NYT staff for their password.
          Martmarty
    • Symantec: "Anti-virus software alone is not enough"

      For Starters try using a Mac.
      fairplay500
      • As a Mac user...

        ...I'd amend that to "For starters, try using any non-Windows computer or device."
        P.F. Bruns
        • As a user of Mac, WIndows and Linux...

          I'd have to amend that to "For starters, try using your head."


          Does anyone really think that there were no Macs being attacked in a building full of graphic designers and writers?
          mrefuman
          • And

            what do you want to bet that they use Linux servers; because, well you know - everybody does!
            Mujibahr
      • Really...

        You still think Apple is immune to malware and trojans? Just a simple google search will disprove that nonsense.

        If you really want to get the heart of the matter, go the National Vulnerability Database and do a search for Apple vulnerabilities for, say, the past 3 years, and do the same for Microsoft. You, in particular, will be blown away by the results (Apple is actually worse).

        The answer doesn't start with any OS when there is a valuable target. A complete security solution is the answer...which doesn't include Symantec for most people that really know their security software.
        unbound55
    • Nothing...

      Its been common practice to get rid of, or downsize internal IT departments. company's love to outsource. Im sure the NYT is no different. But lets be far, both parties are at fault. I'll go out on the limb and say the NYT IT security is a bit undermanned, and Symantec products are POS...a complete waste of IT budget money
      Paul Steven
  • Were they only using signature based detection?

    I went to Symantec's statement and found the first line of this quote very interesting:

    " The advanced capabilities in our endpoint offerings, including our unique reputation-based technology and behavior-based blocking, specifically target sophisticated attacks. Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats. We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security. Anti-virus software alone is not enough."

    Were they only scanning with signatures and not the other tools for detecting new malware based on suspicious behavior? Even after discovering they were a direct target for attack?
    RandomAdmin
    • but...

      If signature detection isn't enough, why is that mode even an option for Symantec's AV?
      gdstark13
      • Because ...

        Some companies employ other software / hardware for that purpose and only use symantec for virus scanning.
        mrefuman
      • If signature detection isn't enough, why is that mode even an option ...

        Because some customers demand it. Of course, the customers then turn around and blame the security vendor when malware isn't detected.
        Consimplar
    • Symantec behavior based blocking

      the only behavior based blocking i noticed from Symantec is that it blocks autorun.
      abpbl6