Just read a very interesting article about the New York Times falling victim to cyber attacks from China – and allowing it! As the article states, the Times took a gamble for a period of four months, allowing these hackers to repeatedly penetrate their servers and steal information. This was a calculated decision by the NY Times, however, made with the assistance of a cyber security firm, and with the intentions of analyzing patterns to build better defenses. Essentially, it seems, the cyber security firm used by the Times would deftly parry certain attacks by the hackers, allowing some blows through their defenses and letting a bit of blood. Slowly, as the patterns of attack were recognized, the firm would tighten up their defenses until they shut down the attack completely. A dangerous gamble, given the information the NY Times may have on its computers, but seemingly worthwhile. An interesting bit of information from the article was that the hackers installed 45 pieces of custom malware over this period of time, with only one of them being recognized and stopped by their Symantec antivirus software.
I commend the NY Times for this effort, but certainly don’t recommend it! It’s a heck of a gamble and a great deal of damage could have been done.