Fool me twice shame on me…
Numerous news sources are reporting today that the New York Times has once again been hacked by foreign intruders, and, fingers are being pointed at the Russians as the source of the attack. This attack comes fresh on the heels of earlier cyber attacks…also blamed on Russian Intelligence…on the Democratic National Committee and the Error! Hyperlink reference not valid that brought down prominent leaders in that party. Writing for CNN this afternoon, Katie Williams writes “The attack, discovered in recent months, is thought by investigators to be part of a broader hacking campaign targeting reporters at the Times and other news outlets as well as Democratic Party organizations…” The FBI is investigating this new attack and details/damage of the breach are currently not available.
This is not the first time the NY Times has been attacked. Following a breach of the Times in 2013, Dan Kaplan wrote “Stealthy and sophisticated hackers spent four months infiltrating computer networks at The New York Times, ripping off passwords of reporters in an attempt to uncover information…”. There is an old saying ‘Fool me once shame on you…fool me twice shame on me’. After the 2013 breach one would assume that the NY Times would have hardened its cyber defenses to prevent such incursions.
What the attackers were seeking is yet unknown, but the reporters of major news services traditionally have a great deal of information in their files. Considering their many contacts in government agencies and in politics, much of it may be sensitive or provide leads that attackers can leverage to greater advantage.
If nothing else this latest attack highlights the fact that organizations need to be ever vigilant in the protection of their data and closely question their CISOs when they claim “Nothing to worry about…we are covered”. Often…they aren’t.
Kaplan, D. (2013). New York Times breach opens anti-virus, attribution debate. Retrieved from the Internet at http://www.scmagazine.com/new-york-times-breach-opens-anti-virus-attribution-debate/article/278481/
Williams K. (2016). Hackers breach New York Times: report. Retrieved from the Internet at http://thehill.com/policy/cybersecurity/292362-russian-hackers-breach-new-york-times-report