Symantec denies blame after Chinese govt hacks The New York Times
Summary: After one of the world's most famous newspapers points the finger at Symantec for failing to protect its network against a four-month long Chinese cyberattack, the security firm returns fire.
After The New York Times slyly pointed the finger at Symantec for failing to protect it from a four-month long series of attacks by Chinese hackers, the anti-malware and security firm has fired back with its own critical rhetoric.
Read this
2012: Looking back at the major hacks, leaks and data breaches
ZDNet looks back at the year, on a month-by-month basis, at some of the most publicized hacks, leaks and data breaches of 2012.
Arguably one of the world's most well-regarded and well-known newspapers, The Times exclusively reported yesterday that its own networks have been "persistently attacked" by Chinese hackers, and that they infiltrated computer systems and acquired passwords for its reporters and other employees.
The newspaper, with help from security experts, "expelled the hackers" and "kept them from breaking back in."
The Times believes that the timing of the attacks coincided with an investigation it carried out in late October, which found that the Chinese Prime Minister had accumulated "several billion dollars through business dealings."
Clearly, the Chinese government--specifically the "Chinese military", according to AT&T, which informed the newspaper of the attacks--did not approve of such fine investigative journalism.
But in the report, The Timesalso took the opportunity to prod Symantec with a sharp journalism stick, after the newspaper found that most of the malware floating around on its network wasn't even detected by the security firm's software that it uses on its network.
The prodding commences:
Over the course of three months, attackers installed 45 pieces of custom malware. The Times--which uses antivirus products made by Symantec--found only one instance in which Symantec identified an attacker's software as malicious and quarantined it, according to Mandiant.
When the newspaper spoke to Symantec, the security company declined to offer comment on customers "as a matter of policy."
But then came Symantec's formal response.
Symantec said this morning in a press release that while such a series of attacks "underscore how important it is for companies, countries, and consumers to make sure they are using the full capability of security solutions," the firm noted that security solutions alone will not combat such attacks, and that common sense must prevail and other preventative actions must be employed.
The security firm added:
Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats. We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security.
Anti-virus software alone is not enough.
Ouch.
Chinese Foreign Ministry spokesperson Hong Lei told reporters in Beijing, via Bloomberg BusinessWeek, that The Times' allegations are "groundless."
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
guess that says all there is to say about anti-virus software
Obviously it's still better and more effective to use the healthy mind to prevent attacks than to rely on software only.
Particularly Symantec
Tongue in cheek aside, I'm not sure what to make of the allegations.
But if you are thinking in terms of security it is probably best to now think of Symantec's software as a trojan horse for the Chinese government. Symantec is now a wholly Chinese owned company run by a PLA technologist.
It would be shocking if they didn't have plans to leverage that somehow in the event of a dire run-in with the US (like a blowup over the Senkaku/Diaoyu islands)
We must also protect ourselves...
Symantec: "Anti-virus software alone is not enough"
Nothing!
When you are being attacked . . .
They'd have to pay me a ridiculous amount...
Well...
Insiders
besides 90+% of IT security breaches in a secured local network are done by internal staff according to survey. Sometimes disgruntled employees, sometimes freshly terminated staff who have still their password (HR and IT departmental communication problems)
Economy of China is so huge thanks to the cash inflows from those shiny little iGadgets, they can bribe any NYT staff for their password.
Symantec: "Anti-virus software alone is not enough"
As a Mac user...
As a user of Mac, WIndows and Linux...
Does anyone really think that there were no Macs being attacked in a building full of graphic designers and writers?
And
Really...
If you really want to get the heart of the matter, go the National Vulnerability Database and do a search for Apple vulnerabilities for, say, the past 3 years, and do the same for Microsoft. You, in particular, will be blown away by the results (Apple is actually worse).
The answer doesn't start with any OS when there is a valuable target. A complete security solution is the answer...which doesn't include Symantec for most people that really know their security software.
Nothing...
Were they only using signature based detection?
" The advanced capabilities in our endpoint offerings, including our unique reputation-based technology and behavior-based blocking, specifically target sophisticated attacks. Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats. We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security. Anti-virus software alone is not enough."
Were they only scanning with signatures and not the other tools for detecting new malware based on suspicious behavior? Even after discovering they were a direct target for attack?
but...
Because ...
If signature detection isn't enough, why is that mode even an option ...
Symantec behavior based blocking