To contact us Click HERE
Even though Jeffrey Carr beat me to it, I'm going to write a post on this. That New York Times article describing how it got hacked actually contains no content.
Attackers and victims see things differently. Victims invariably put together complex conspiracy theories about what happened. That's what's wrong with the NYTimes story about its hack: the evidence of a Chinese conspiracy is so poor that even a UFOologist wouldn't find it credible. It may be true that the NYTimes was targeted by the Chinese government, but the story cites no adequate evidence supporting that conclusion.
What the story does cite is "security experts". But it waves hands over which specific expert made which specific claim. It's hard judging who they are, their expertise, or the evidence that leads them to make that conclusion.
The problem with our industry is that it's full of self-styled "experts" who are adept at slinging buzzwords and cliches. These people are skilled at tricking the masses, but they have actually zero expertise in cybersecurity.
Take, for example, the NYTimes description of "rainbow tables". This is a common buzzword repeated by non-experts, but the concept doesn't have value among real experts, as I explain here. This is strong evidence that some of the unnamed "experts" cited in the NYTime story are of the "pseudo-expert" kind.
The story describes how hackers hid their attacks by going through proxies. It goes into great detail about these proxies, but then says that that according to experts that the source must've been China. It doesn't describe how the experts know that for sure. For all we know, the expert is only guessing. Every hacker hides through proxies. We use the "open proxy" lists and "The Onion Router" to hide our attacks, it's not remarkable.
The NYTimes writing preys upon the ignorance of the masses. For example, it describes how Symantec's anti-virus detected only one of the 45 pieces of malicious software the hackers installed on machines. This is perfectly normal and means nothing. The unwashed masses have the impression that anti-virus is nearly 100% effective (it's not) and that it must take some sort of genius to bypass anti-virus (it doesn't). Every hacker puts anti-virus evading malware on machines, it's not remarkable.
The story mentions "custom software" that harvests emails. This implies some great feat of coding. But every hacker knows how to write code. We'll often whip together a script in JavaScript or VisualBasic or something to accomplish a task. Every hacker attack contains many such scripts, it's not remarkable.
Chinese made tools and techniques, such as the malware used in the attacks against the NYTimes, is used by hackers around the world. You'll find Chinese malware used by Russian hackers, for example. Assuming Chinese-made tools means the Chinese attacked is like assuming U.S. made products means a hacker attack came from the U.S.
Like Jeffrey Carr, I distrust Mandiant. Sure, these guys are the experts, and if you have a major data breach you want investigated, these guys are the first that you should call. But, I distrust their motivations. Every time I see Mandiant quoted linking an attack to a Chinese conspiracy, the story is full of holes and non-information, just like this NYTimes article.
Because it's a hack against themselves, the NYTimes has no excuse for creating such a craptastic story. Instead of citing experts evaluation and guesses about the data, the NYTimes can disclose the raw data itself. They can dump the password hashes the hackers stole, the exact malware samples, the list of proxy IPs, and so on. Then, instead of having to take the "expert's" word, we can look at the raw data ourselves.
Hiç yorum yok:
Yorum Gönder