CNET News Video
Daily Debrief: Russian hackers target 'BusinessWeek.' Who's next?It sounds like a Cold War tale out of a John leCarre novel. But security researchers have unearthed a real world example of Russian hackers conducting cyberwarfare against unsuspecting Western capitalists. Charles Cooper talks with security reporter Elinor...
[ Music ] ^M00:00:04 >> This one sounds like it could have come out of a John McCrae novel with a mysterious team of Russian hackers targeting a major western business. Welcome to the CNET News Daily Debrief, I'm Charlie Cooper here with my colleague Elinor Mills, and strange story today it concerns our friends over at Business Week. What's going on? >> Elinor: It seems like Business Week and their readers were targeted in an attack, but it's an attack that we don't know if it was pulled off or not, it's sort of a mystery. A researcher from Solfo Security Company discovered some code in a database in the Business Week backend that feeds their website. >> Charlie: Now, this is the general Business Week side or -- >> Elinor: It's the general Business Week site but it's a special section on the site that's for -- it's like recruitment -- it's a place where you can go and find out where -- what NBA programs top companies are recruiting from, so that mitigates the risk a little bit. But, there was code in the database that feeds the website -- that particular part of the site that had links back to a Russian website. >> Charlie: Was this a redirect or was this malware? >> Elinor: It's not a -- it's a redirect in the Vegas sense of the term, but it's malware, it's malicious, it's code that would grab something off that website that's not live right now, but which could be turned on at any time. >> Charlie: Keylogging? >> Elinor: Keylogging code that would steal your data, compromise your machine, take it over, turn it into a botnet, turn it into a spam machine, anything -- basically, it could do anything. It would be downloaded then on the unsuspecting readers computer when they visited that section of the site. >> Charlie: That's lovely >> Elinor: Now, again, we don't know how long the code has been there. We don't know if it ever was live and the attack was actually underway. We don't know if it will be turned on again. Business Week has not cleared that code and cleared up the problem on the backend. We just know that the website in Russia is down. >> Charlie: Do we know anything or does Solfo know anything about the group of hackers behind this? >> Elinor: No, because they can't get to the website. They did -- they do know that it's from a Russian domain, but it's quite typical, they say, these types of attacks are increasing. >> Charlie: There have been reports in the past that organized crime in Russia has been using malware to access passwords -- unsuspecting web surfers -- Is this likely connected to criminal -- >> Elinor: It's criminals -- it's organized crime gangs and a lot of them are in Russia and China and other locations. Basically, they used to -- ya know -- they used to get their information from computer users with phishing attempts and with e-mails that -- ya know -- you'd open and you'd launch something and -- ya know -- you'd get infected or you'd be revealing data. Now, they know that people are more savvy, we know not to click on -- ya know -- suspicious e-mails or from people we don't know, but we're still going to websites that we trust, so they've figured out a way to do this sequel injection attack on websites we go to everyday. >> Charlie: And, there's no way, really, to know that website A is infected and website B is -- >> Elinor: No, an often the website owners themselves don't know -- ya know -- Business Week didn't know until they were told last week by this security researcher. >> Charlie: Are there any defenses that regular web surfer can incorporate into their routine to prevent -- >> Elinor: Keep -- >> Charlie: getting ripped off? >> Elinor: Keep your computer up to date with anti-virus, whatever software you can to protect and -- ya know -- sure up your machine. I mean that's basic advice for anything -- ya know -- any time you get on the internet. Ya know -- just do what you need to, update your security software -- ya know -- in the end Business Week needs to fix that problem on the backend. >> Charlie: Okay -- Elinor thanks a lot. >> Elinor: Thank you >> Charlie: On behalf of my colleague Elinor Mills this is Charlie Cooper. ^M00:03:53 [ Music ]