HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 4 MINUTES AGO.
You are here: Home / World Wide Web / Wall Street Journal Hacked Again
Close the insights gap
Between you and your customers with Microsoft Dynamics CRM.
See real-time CRM work
Wall Street Journal Hacked Again
Wall Street Journal Hacked Again
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JULY
23
2014


Hacked again. That’s the story at the Wall Street Journal this week as the newspaper reports computer systems housing some of its news graphics were breached.

The systems have been taken offline in an effort to isolate any attacks, according to people familiar with the matter cited in a Wall Street Journal article. The Journal has not found any damage or tampering, these people said, but the matter is not yet closed.

"We are investigating an incident related to wsj.com's graphics systems,” a spokesperson for the Journal said. “At this point we see no evidence of any impact to Dow Jones customers or customer data."

China’s Not to Blame

This is not the first time the Wall Street Journal has been a target of hackers. Both The New York Times and the Wall Street Journal pointed fingers of accusation at China in the wake of hacking incidents in February 2013.

A damaging report from security firm Mandiant made security headlines by suggesting that APT1, a prolific cyber-espionage group that has conducted attacks on a number of victims since at least 2006, is likely sponsored by the Chinese government and is one of the most persistent of China's threat actors. Media groups like the Journal were apparently prime targets.

This time around no one is blaming China. IntelCrawler, a cyberthreat intelligence firm, discovered the breach and notified the Journal. IntelCrawler’s CEO, Andrew Komarov, found the vulnerability the hacker, known as Rev0lver and W0rm, tapped to breach the Journal’s systems.

"We confirmed there is the opportunity to get access to any database on the wsj.com server, a list of over 20 databases hosted on this server," he told the Journal.

Where Did the Journal Go Wrong?

We caught up with Tim Erlin, director of IT risk and security strategy at Tripwire, to get his thoughts on the Wall Street Journal hack. He told us as the demands on Web-based applications increase, so do the systems that support the user experience through the browser.

“An increasingly complex ecosystem of supporting technology allows for far richer interaction, but the cost is often a much larger attack surface,” Erlin said. “This isn't a case where the Wall Street Journal simply failed to apply a patch. These kinds of vulnerabilities can be done directly on the code itself or through interaction with the application, but both approaches have their limitations."

What’s the Motive?

We also asked Ken Westin, a security researcher at Tripwire, to chime in on the incident. He told us the individual or group that is targeting these media sites appear to be taking advantage of vulnerabilities in Web-based applications and platforms.

“At least for now, these attackers also appear to be doing so for notoriety versus a profit or political motive,” Westin said. “The screenshots provided on the Twitter account shows the user on a Mac with Russian characters in the menu and their Pastebin posts are in Russian, so that provides a bit of information on the origin of the group."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.
MORE IN WORLD WIDE WEB

Product Information and Resources for Technology You Can Use To Boost Your Business

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.