For the second time in recent months, The Washington Post has experienced a breach at the hands of cyber attackers.
The paper revealed in a Wednesday article that hackers breached servers belonging to the company and in the process accessed employee’s user names and encrypted passwords.
Mandiant, an incident response and forensic firm which monitors The Post’s networks, discovered the intrusion. The breach is believed to have lasted “a few days at most,” according to a company spokeswoman, who was quoted by The Post.
“This more recent hack…began with an intrusion into a server used by The Post‘s foreign staff, but eventually spread to other company servers before being discovered,” the Wednesday article revealed.
The Post does not believe data of its subscribers, such as credit card information or mailing addresses, was compromised, or that sensitive data from the company’s publishing system, like emails or employee information, was gleaned due to the breach.
The company has suspected that the incursion may have been carried out by Chinese hackers, citing that “evidence strongly pointed to Chinese hackers in a 2011 intrusion of The Post‘s network and in hacks against The New York Times, The Wall Street Journal and a wide range of Washington-based institutions, from think tanks to human rights groups and defense contractors,” the article said.
The earlier espionage attacks on major media companies weren’t uncovered until late January 2013.
Even more recently, however, The Post suffered a compromise in August, which was believed to have been carried out by the Syrian Electronic Army (SEA), a pro-Assad hacker collective that reportedly redirected Post site visitors to pages it controlled. While in that attack the pages showed political messages, it did not serve any malicious content.
SEA took claim for the attacks via Twitter, and said they got in by compromising a third-party content recommendation service, called Outbrain, that The Post used.
On Thursday, Nick Levay, CSO at Bit9, a Waltham, Mass.-based endpoint and server security firm, told SCMagazine.com that if the attackers in the recent Post breach are, in fact, a Chinese hacking group, that their mode of operation has typically been to sift through dumps of data, like login credentials, to crack passwords for increased access to organizational information.
“They can use those credentials to access other servers,” Levay said.
He added that even technically sophisticated organizations can fall victim to common attack methods, like phishing emails, for instance, and that organizations need a “mixture of user training, tight operational practices and good technology,” to strengthen their overall defense from sophisticated attacks.
“All of those pieces are necessary,” Levay said. “You can’t just go out and buy a high-tech solution. And The Washington Post is the type of organization that knows that. I think [the breach] speaks more to the skill of advanced attackers,” Levay said.