Hacked again. That’s the story at the Wall Street Journal this week as the newspaper reports computer systems housing some of its news graphics were breached.
The systems have been taken offline in an effort to isolate any attacks, according to people familiar with the matter cited in a Wall Street Journal article. The Journal has not found any damage or tampering, these people said, but the matter is not yet closed.
"We are investigating an incident related to wsj.com's graphics systems,” a spokesperson for the Journal said. “At this point we see no evidence of any impact to Dow Jones customers or data."
China’s Not to Blame
This is not the first time the Wall Street Journal has been a target of hackers. Both The New York Times and the Wall Street Journal pointed fingers of accusation at China in the wake of hacking incidents in February 2013.
A damaging report from firm Mandiant made security headlines by suggesting that APT1, a prolific cyber-espionage group that has conducted attacks on a number of victims since at least 2006, is likely sponsored by the Chinese government and is one of the most persistent of China's threat actors. Media groups like the Journal were apparently prime targets.
This time around no one is blaming China. IntelCrawler, a cyberthreat intelligence firm, discovered the breach and notified the Journal. IntelCrawler’s CEO, Andrew Komarov, found the vulnerability the hacker, known as Rev0lver and W0rm, tapped to breach the Journal’s systems.
"We confirmed there is the opportunity to get access to any database on the wsj.com server, a list of over 20 databases hosted on this server," he told the Journal.
Where Did the Journal Go Wrong?
We caught up with Tim Erlin, director of IT risk and security strategy at Tripwire, to get his thoughts on the Wall Street Journal hack. He told us as the demands on Web-based applications increase, so do the systems that support the user experience through the browser.
“An increasingly complex ecosystem of supporting technology allows for far richer interaction, but the cost is often a much larger attack surface,” Erlin said. “This isn't a case where the Wall Street Journal simply failed to apply a patch. These kinds of vulnerabilities can be done directly on the code itself or through interaction with the application, but both approaches have their limitations."
What’s the Motive?
We also asked Ken Westin, a security researcher at Tripwire, to chime in on the incident. He told us the individual or group that is targeting these media sites appear to be taking advantage of vulnerabilities in Web-based applications and platforms.
“At least for now, these attackers also appear to be doing so for notoriety versus a profit or political motive,” Westin said. “The screenshots provided on the Twitter account shows the user on a Mac with Russian characters in the menu and their Pastebin posts are in Russian, so that provides a bit of information on the origin of the group."