Gerry Smith Headshot

Why Antivirus Software Didn't Save The New York Times From Hackers

Posted: Updated:
ANTIVIRUS SOFTWARE HACKERS
The New York Times revealed Wednesday night that Chinese hackers had persistently gained entry into its computer systems to get passwords for its reporters and other employees. Its antivirus vendor did not detect many of the attacks, the paper said. (AP Photo/Mark Lennihan) | AP

There is a booming industry that sells computer security products to consumers and businesses. But antivirus companies have a problem: Their software often can't prevent hackers from breaking into your computer and snooping around.

The New York Times was the latest victim to discover the limitations of antivirus software. The Times revealed Wednesday night that Chinese hackers had gained entry into its computer network for four months in hopes of identifying a reporter's sources for an investigation into the business dealings of relatives of China's prime minister.

The Times' antivirus vendor, Symantec, did little to stop the hackers, the paper said. Of the 45 different kind of malicious software -- or malware -- the hackers used in their attack, Symantec only detected one of them.

The finding raises questions about the effectiveness of the $7.4 billion antivirus industry. Experts say antivirus software is failing to keep pace with the innovative methods used by sophisticated hackers like those from China.

Traditional anti-virus software relies on a list of "signatures" to identify and stop known viruses. But today's hackers are creating new malware faster than vendors can list them. AV-Test, a German research institute that tests antivirus products, says more than 100,000 new kinds of viruses are created every day.

Hackers also use websites like Virus Total to test their attacks, ensuring new viruses go unnoticed by current antivirus products. That is why many cybersecurity professionals don't use antivirus software on their own computers -- the pace of innovation for new malware moves too quickly.

Last year, the security firm Imperva found antivirus software detected only 5 percent of newly created viruses. Some antivirus companies can take up to four weeks to detect a new virus. Often, the most effective software is available for free from companies like Avast and Emisoft, according to the study by Imperva, which is also in the business of selling security solutions.

"Most capable hackers can bypass virus scanners," said Tom Kellermann, vice president of cybersecurity for Trend Micro, a cybersecurity company. "Antivirus is not the solution to these types of attacks."

Symantec said Thursday the company also offers sophisticated security software to thwart "advanced attacks" like those against The Times.

"We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security," a Symantec spokeswoman said. "Antivirus software alone is not enough."

The hackers who targeted The Times may have used a technique called "spear phishing," in which they send targeted emails that appear to be from a trusted source. When the victim opens a link or attachment, the hackers install malicious software -- known as malware -- onto their computer to steal documents, log keystrokes, or collect usernames and passwords.

Many of the most sophisticated cyber attacks against U.S. companies come from hackers employed by the Chinese government, experts say. Industry experts say Chinese hackers typically research their targets to find out who has access to the documents they want and then use a variety of methods to infiltrate their network. Chinese officials have repeatedly denied sponsoring hackers.

But it's not just media outlets or Fortune 500 companies with valuable intellectual property who are in hackers' crosshairs. Increasingly, small businesses are being targeted by hackers because they can't afford more advanced computer security.

Experts say there is no foolproof solution, but the computer security industry says their new line of products -- called "advanced threat protection" -- is better equipped to catch Chinese cyber-spies and other hackers.

Some companies, like Bit9, offer what is called "white-listing," which only allows good files onto computer networks, instead of trying to block the bad ones. Others plant fake data on a company's servers to trick hackers and frustrate them into giving up. Kellermann calls it "building a better prison rather than building a better fortress."

"These tools will help you, but there's no such thing as a silver bullet," said Paul Carugati, a security expert for Motorola Solutions. "That's why we need to be innovating more and get ahead of the constant-changing nature of these threats."

Around the Web

Symantec Gets A Black Eye In Chinese Hack Of The New York Times

Your antivirus software probably won't prevent a cyberattack

Hackers using e-cards to steal computer access

The New York Times says hackers attacked its systems for months, suspects ...

New York Times computer network breached by Chinese hackers, paper says

New York Times hacked again, allegedly by Chinese

Cybercrime the focus of a new government security initiative

Hackers in China Attacked The Times for Last 4 Months

The New York Times Was Attacked By Chinese Hackers Over Four Months

 
From Our Partners