The recent cyber attacks on the Wall Street Journal and New York Times from China are nothing new. These “widespread” attacks have been happening for a few years now, according to the WSJ. Not only are these cyber-criminals reaching major US media outlets, but they also extend into banks, universities, the private sector, and even the government. So, what are they after? Can we really link so many separate events to one source?
We all know about China’s censorship issues, so naturally the US has asked China what the deal is. Their official statement is that they did not sanction the attacks and are working diligently to prevent them. What a surprise! The WSJ states that the attacks on their specific members coincide with their research on Chinese focused content. What we do know is that the attacks, while mainly originating in China, also come from other locations, like Africa and Russia.
These attacks cannot all be thrown under the same blanket cause. Not only because it is really hard to track all the individual sources of the attacks, but also because the hackers focus on different targets and likely with different objectives. The attacks on the WSJ and NY Times certainly seem to fit with the M.O. of China’s censorship practices, but we obviously need some hard evidence before any accusations can be made.
The US is considering these events an assault on our economy and forming an investigative team to look into it. What can we do in the meantime? What is an appropriate response from media outlets and their viewers? We can’t be bullied into ceasing reporting on China. There’s far too much interest, not only from American citizens, but from the citizens whose options for uncensored reporting are severely limited in their own country. We can’t ignore how our freedom of press effects other countries.
It falls to the businesses to focus on how secure their content is. The specific actions of these hackers is unclear, but it doesn’t seem like they are doing much more than gathering data. It could be an attempt to pre-emptively block the content, or something more nefarious and hidden. If monitoring data isn’t the name of the game, then these incursions become more troublesome and less obvious. It’s important not to sensationalize the actions of these hackers.
While these attacks are definitely cause for attention, response and tightening of cyber-security, it’s no reason to cry, “The sky is falling!” and retreat into our underground bunkers. The government talks will likely lead nowhere, the US’s investigation will either lead to a dead end or writing a strongly worded letter, and media outlets will increase cyber-security and probably report on it with either result. The attacks will continue, though the increase in security will probably reduce and delay them a bit. The good news is that the importance of cyber-security for businesses, media related or not, will be highlighted. It’s important that businesses understand what risks being on the web pose, what kind of systems are affected, and the likelihood of attack.