Posts Tagged: Department of Defense


1
Feb 13

Source: Washington Post Also Broadly Infiltrated By Chinese Hackers in 2012

The Washington Post was among several major U.S. newspapers that spent much of 2012 trying to untangle its newsroom computer networks from a Web of malicious software thought to have been planted by Chinese cyberspies, according to a former information technology employee at the paper.

twpOn Jan. 30, The New York Times disclosed that Chinese hackers had persistently attacked the Gray Lady, infiltrating its computer systems and getting passwords for its reporters and other employees. The Times said that the timing of the attacks coincided with the reporting for a Times investigation, published online on Oct. 25, that found that the relatives of Wen Jiabao, China’s prime minister, had accumulated a fortune worth several billion dollars through business dealings.

The following day, The Wall Street Journal ran a story documenting similar incursions on their network. Now, a former Post employee is coming forward with information suggesting that Chinese hacker groups had broadly compromised computer systems within the Post’s newsroom and other operations throughout 2012.

According to a former Washington Post information technology employee who helped respond to the break-in, attackers compromised at least three servers and a multitude of desktops, installing malicious software that allowed the perpetrators to maintain access to the machines and the network.

“They transmitted all domain information (usernames and passwords),” the former Post employee said on condition of anonymity. ” We spent the better half of 2012 chasing down compromised PCs and servers.  [It] all pointed to being hacked by the Chinese. They had the ability to get around to different servers and hide their tracks. They seemed to have the ability to do anything they wanted on the network.

The Post has declined to comment on the source’s claims, saying through a spokesman that “we have nothing to share at this time.” But according to my source, the paper brought in several computer forensics firms – led by Alexandria, Va. based Mandiant – to help diagnose the extent of the compromises and to evict the intruders from the network. Mandiant declined to comment for this story.

Update, Feb. 2, 7:42 a.m. ET: The Post has published its own story confirming my source’s claims.

Continue reading →


23
Sep 11

Arrested LulzSec Suspect Pined for Job at DoD

A 23-year-old Arizona man arrested on Thursday in connection with the hack of Sony Pictures Entertainment last May was a model student who saw himself one day defending networks at the Department of Defense and the National Security Agency.

Wired.com’s Threat Level, the Associated Press, and other news outlets are reporting that Tempe, Ariz. based Cody Andrew Kretsinger is believed to be a member of the LulzSec group, an offshoot of the griefer collective Anonymous. According to the indictment against Kretsinger, he was involved in executing and later promoting the high-profile and costly attack on Sony’s networks. Sony estimates that the breaches would cost it more than $170 million this year.

UAT interview with Kretsinger

Kretsinger is a network security student at Tempe, Ariz. based University of Advancing Technology, according to Robert Wright, director of finance for UAT.  A cached page from UAT’s Web site shows that Kretsinger was named student of the month earlier this year. That page, which indicates Kretsinger was to graduate from the institution in the Fall semester of 2011, includes an interview with the suspected LulzSec member. In it, Kretsinger says he would like to work at the DoD after graduating.

Where do you want to work after graduation?

“I hope that I’ll be able to work for the Department of Defense. From what I hear, they’re pretty good at what I want to do.

Where do you see yourself in 5 years?

“Traveling, doing Network Security as a profession with the Department of Defense. While I wouldn’t mind being a penetration tester, I think it’s a lot more fun to try to build and secure a network and its devices from the ground up. I suppose I wouldn’t mind being in management, either.”

Continue reading →