Why Antivirus Software Didn’t Save The New York Times From Hackers

Gerry Smith


Posted: 01/31/2013 2:31 pm EST  |  Updated: 01/31/2013 3:19 pm EST

Antivirus Software Hackers

The New York Times revealed Wednesday night that Chinese hackers had persistently gained entry into its computer systems to get passwords for its reporters and other employees. Its antivirus vendor did not detect many of the attacks, the paper said. (AP Photo/Mark Lennihan)

There is a booming industry that sells computer security products to consumers and businesses. But antivirus companies have a problem: Their software often can’t prevent hackers from breaking into your computer and snooping around.

The New York Times was the latest victim to discover the limitations of antivirus software. The Times revealed Wednesday night that Chinese hackers had gained entry into its computer network for four months in hopes of identifying a reporter’s sources for an investigation into the business dealings of relatives of China’s prime minister.

The Times’ antivirus vendor, Symantec, did little to stop the hackers, the paper said. Of the 45 different kind of malicious software — or malware — the hackers used in their attack, Symantec only detected one of them.

The finding raises questions about the effectiveness of the $7.4 billion antivirus industry. Experts say antivirus software is failing to keep pace with the innovative methods used by sophisticated hackers like those from China.

Traditional anti-virus software relies on a list of “signatures” to identify and stop known viruses. But today’s hackers are creating new malware faster than vendors can list them. AV-Test, a German research institute that tests antivirus products, says more than 100,000 new kinds of viruses are created every day.

Hackers also use websites like Virus Total to test their attacks, ensuring new viruses go unnoticed by current antivirus products. That is why many cybersecurity professionals don’t use antivirus software on their own computers — the pace of innovation for new malware moves too quickly.

Last year, the security firm Imperva found antivirus software detected only 5 percent of newly created viruses. Some antivirus companies can take up to four weeks to detect a new virus. Often, the most effective software is available for free from companies like Avast and Emisoft, according to the study by Imperva, which is also in the business of selling security solutions.

“Most capable hackers can bypass virus scanners,” said Tom Kellermann, vice president of cybersecurity for Trend Micro, a cybersecurity company. “Antivirus is not the solution to these types of attacks.”

Symantec said Thursday the company also offers sophisticated security software to thwart “advanced attacks” like those against The Times.

“We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security,” a Symantec spokeswoman said. “Antivirus software alone is not enough.”

The hackers who targeted The Times may have used a technique called “spear phishing,” in which they send targeted emails that appear to be from a trusted source. When the victim opens a link or attachment, the hackers install malicious software — known as malware — onto their computer to steal documents, log keystrokes, or collect usernames and passwords.

Many of the most sophisticated cyber attacks against U.S. companies come from hackers employed by the Chinese government, experts say. Industry experts say Chinese hackers typically research their targets to find out who has access to the documents they want and then use a variety of methods to infiltrate their network. Chinese officials have repeatedly denied sponsoring hackers.

But it’s not just media outlets or Fortune 500 companies with valuable intellectual property who are in hackers’ crosshairs. Increasingly, small businesses are being targeted by hackers because they can’t afford more advanced computer security.

Experts say there is no foolproof solution, but the computer security industry says their new line of products — called “advanced threat protection” — is better equipped to catch Chinese cyber-spies and other hackers.

Some companies, like Bit9, offer what is called “white-listing,” which only allows good files onto computer networks, instead of trying to block the bad ones. Others plant fake data on a company’s servers to trick hackers and frustrate them into giving up. Kellermann calls it “building a better prison rather than building a better fortress.”

“These tools will help you, but there’s no such thing as a silver bullet,” said Paul Carugati, a security expert for Motorola Solutions. “That’s why we need to be innovating more and get ahead of the constant-changing nature of these threats.”

Antivirus is not intrusion detection. I would bet NYT was not that difficult to hack into in the first place. Most companies are pretty unsophisticated in terms of security, most do not have unified security plans. They also do not separate well internal networks from external internet, or don’t use IDS tools.
Security costs money and until companies are hacked they are reluctant to spend the money on good networking and security. Also more businesses are laying off and outsourcing. Less money for IT security staff and cutting corners does not help them to keep their private information secure. 
I see this very often, instead of using “prevention” the company “ignores” or “procrastinates” about obtaining better security for their system.
I do not have any faith in Symantec or Norton Anti-virus software. Some of the systems that I have worked with used them, and they did not stop the malware or viruses. I prefer AVG which is free software from cnet.com~~http://download.cnet.com/AVG-AntiVirus-Free-2013/3000-2239_4-10320142.html?tag=mncol;1
But….just anti-virus software is NOT enough…you need to also run anti-malware software to detect the things that just anti-virus alone does not catch. I prefer Advanced System Care free anti-malware software also from cnet.com website~~http://download.cnet.com/Advanced-SystemCare/3000-2086_4-10407614.html?tag=mncol;4
Advanced SystemCare Antivirus 2013AVG

NYT alleges Chinese hackers have attacked it

Chinese hackers infiltrated computers systems at the New York Times over the past four months, stealing the passwords of employees and reporters, The New York Times reported Wednesday.

The attackers have been expelled from the system and no sensitive documents, emails or customer data were downloaded or copied by the attackers, according to security experts hired by the Times.

“The timing of the attacks coincided with the reporting for a Times investigation, published online on Oct. 25, that found that the relatives of Wen Jiabao, China’s prime minister, had accumulated a fortune worth several billion dollars through business dealings,” the paper reports.

While the Chinese Ministry of National Defense denied the allegations, calling them “unprofessional and baseless,” the Times maintains that the attacks were part of a larger espionage campaign against American media companies. Bloomberg suffered a similar attack in 2012.

Read more: http://dailycaller.com/2013/01/31/nyt-alleges-chinese-hackers-have-attacked-it/#ixzz2JikCKfWL


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s