Lessons from the New York Times Chinese hack

On Wednesday night, The New York Times announced it had been the target of attacks from hackers in China for the past four months. The hackers were reportedly able to steal the corporate passwords of every Times employee, as well as break into the personal computers of 53 employees.

Security experts hired by The Times to detect and block the computer attacks gathered digital evidence that Chinese hackers, using methods that some consultants have associated with the Chinese military in the past, breached The Times's network. They broke into the e-mail accounts of its Shanghai bureau chief, David Barboza, who wrote reports about the personal wealth of Chinese Prime Minister Wen Jiabao.

It is supposed that this was a "spear-phishing" attack, which means emails with malicious links or attachments were sent to employees. Once inside the system, the tools can be used to steal tons of data, and capture passwords, keystrokes, screen images, documents, and, in some cases, recordings from computers' microphones and Web cameras.

Meanwhile, yesterday, The Wall Street Journal announced that it had been hacked, too. The hackers were monitoring the newspaper's China coverage, according to a written statement from Paula Keve, chief communications officer for parent company Dow Jones & Co.

"Evidence shows that infiltration efforts target the monitoring of the Journal's coverage of China, and are not an attempt to gain commercial advantage or to misappropriate customer information," the statement read, according to The Journal.

Read more -here-
See also: Full detail of the 4-month attack