1 of 15Image
Media Outlets: The New York Times, The Wall Street Journal
In January this year, The New York Times, having been the victim of persistent attacks, experienced a breach which lasted four months.
A sophisticated Chinese hacking team slipped past security systems in order to deploy 45 custom malware pieces and access the computers of 53 employees -- before moving on to a domain controller, breaching the system, and gaining the hashed password of every member of staff on The New York Times payroll. Eventually, once the breach was discovered, the hackers were dispelled.
The newspaper said that it may have to do with an investigation carried out in October 2012 concerning a story which said the Chinese Prime Minister had accumulated funds through business dealings. The government official said this accusation was "groundless." However, the publication also pointed the finger at security firm Symantec for failing to protect it against the security breach. In response, the security firm said:
"Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats. We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security.
Anti-virus software alone is not enough."
The Wall Street Journal then came forward, stating that the U.S. publication too had been a victim of attacks designed to monitor reports concerning China, and cyberattacks spanned several years. The WSJ said that "journal sources on occasion have become hard to reach after information identifying them was included in emails," and suggested that information gained by the attackers has worked its way to Chinese authorities, who then took action to silence whistleblowers.
The U.S. Federal Reserve
In February this year, the Federal Reserve acknowledged that hacktivist collective Anonymous had broken in to a number of government websites as part of "Operation Last Resort" -- and managed to both steal and post the sensitive credentials of 4,600 banking executives.
The compromised and exposed database belongs to The St. Louis Federal Emergency Communications System, the communication system used by seventeen states in a time of crisis, allowing financial institutions and government officials to talk through two-way channels.
The hacktivists posted both the login details and private information -- such as IP addresses and contact information -- in to a public dump, all the while demanding U.S. computer crime law reform. Just to further twist the knife, Anonymous used the government website itself to post the spreadsheet containing the stolen data.