Table of Contents
Abstract
The New York Times computer systems have fallen victim to cybersecurity attacks, following certain vulnerabilities that have allowed the hackers to infiltrate and access the sensitive information to the organization, such as the employees’ passwords and the employees’ personal computers. The vulnerability of the New York Times computer systems is traceable to its external connectivity with other universities computer systems within the United States, whose computers may not be adequately protected from the threat of internet malware attack. Thus, the Chinese hackers who accessed and attacked the New York Times computer systems used the vulnerability of the universities computers to install malware software, which was then routed directly to the New York Times computer systems computer systems. Once access was gained to the New York Times computer systems, the hackers specified and selected the computers used by the New York Times China Bureau and the South Asia New York Times Bureau in India, which were the target locations for the information the hackers were seeking. The Perimeter eSecurity Vulnerability Assessment (PeSVA) tool is one of the effective organizational vulnerability and risks assessment tools that can be used to assess all the external vulnerabilities of the New York Times computer systems. The PeSVA tool specializes in assessing the external computer connection and the internet connectivity vulnerabilities, making it the most appropriate to assess and recommend appropriate measures to the nature of vulnerability manifested by the New York Times system.
Real world example of vulnerability, risks and threats
The New York Times has been one of the recent victims of computer and cyber-security vulnerability, which has occasioned its systems to be infiltrated by Chinese hackers and the documents, records and other important information assets of the organization to be tampered with (PERLROTH, 2013). The Chinese hackers exploited the vulnerability of the New York Times staff email system, thereby being able to infiltrate the e-mails of the South Asia New York Times Bureau Chief in India as well as the Chinese New York Times Bureau chief, tracing and gaining access to several documents and information that was communicated from the bureaus to the New York Times head quarters in the U.S. However, the vulnerability of the New York Times computer and information systems was not traceable to the company’s computers and information systems in China and India where the hacking was successfully done, but rather back to the United States. Therefore, the Chinese hackers traced the vulnerability of the New York Times systems to certain United States university computers that were connected to the New York Times systems, which the hackers first used as the entry point and then routed their attack to the actual New York Times computer systems. The hackers penetrated through the universities computers and then routed their attacks to the New York Times computers, through the subterfuge technique (PERLROTH, 2013).
The connections to a computer system can open a gate way to the flow of attacks, if the computers connected to the system are not fully protected from cybersecurity threats and attacks (Lioschute, 2007). Therefore, the interconnectedness of an organization’s computer system to other external computers and information technology devices poses the risk of possible infiltration of the system through the attack on the externally connected devices and computers. The attack on an organizations system through its externally connected networks can arise from the vulnerability in the internet threats protection systems of the externally connected computers and devices, especially where such computers and devices are not adequately protected through the installation of up-ton date antivirus, firewalls or other effective internet threats-blocking mechanisms (Lioschute, 2007). Thus, the vulnerability of the New York Times computer systems was traceable to the lack of proper internet connectivity protections for the universities computers that were connected to the New York Times computer systems. Consequently, the Chinese hackers first identified this vulnerability, and then devised and programmed malware software, which they installed into the computers of the universities that were connected to the New York Times computer systems (PERLROTH, 2013). Once the malware software was installed into the universities computers through the internet, the Chinese hackers were subsequently able to gain access to any of the computers within the New York Times computer systems, whether in the United States or internationally in its external bureaus (PERLROTH, 2013).
Once the hackers were able to gain entry into any of the computers within the New York Times computer systems, they were able to specify and select the computers specifically attached to the Chinese New York Times computer bureau in China and those used by the south Asia New York Times computer bureau in India. After selecting these computers, the hackers were then able to infiltrate into the emails of the two bureau chiefs and find access to the documents that they were seeking. Further, vulnerability of the New York Times computer system was pitched on the fact that the passwords for its entire staff was formulated and maintained within the internal computer systems of the organization, as opposed to off-site servers and computer storages (PERLROTH, 2013). Therefore, once the Chinese hackers were able to infiltrate into the New York Times computer systems, they were subsequently able to retrieve all the passwords of the New York Times employees. The access to the employees passwords allowed the hackers to hack into 53 of the New York Times employees’ personal computers, most of them outside of the New York Times headquarters and newsrooms, and access a myriad of information (PERLROTH, 2013).
The risk posed by the nature of the vulnerability associated with the New York Times computer systems is that such a vulnerable system is open to theft and retrieval of very vital information to the organization, which can be used to harm the organization significantly. For example, the motivation for the Chinese hackers to infiltrate into the New York Times computer systems was the nature of sensitive information that both the Chinese and the South Asia Bureaus of the New York Times were communicating to the New York Times headquarters in the U.S. The information related to the family Chinese Prime Minister Wen Jiabao, which was associated with accumulating a high value of wealth worth billions of dollars from business dealings that were considered questionable (PERLROTH, 2013). Therefore, the vulnerability of the New York Times computer systems posed the risk of a possible theft and retrieval of such vital information, although the computer experts hired by New York Times said that there was no sensitive information or data that was retrieved or stolen by the hackers (PERLROTH, 2013).
The other major threats posed by the nature of vulnerability manifested by the New York Times computer system include the threats of organizational systems and operations disruptions, where the attackers can disrupt the entire operations of the organization and bring the organization to a standstill (PERLROTH, 2013). The other major threat to an organization caused by the nature of vulnerability manifested by the New York Times computer systems is the threat of financial fraud. The threat of financial fraud is real, especially considering that the infiltration into the organizational systems and the retrieval of sensitive information such as the passwords of all the employees and the use of such passwords to gain access to personal computers of 53 employees can result in financial fraud occurring to these employees.
One of the possible beneficial risk assessments that can help to counter the vulnerabilities manifested by the New York Times computer systems is the Perimeter eSecurity Vulnerability Assessment (PeSVA) tool, which is a computer system vulnerability assessment that focuses on analyzing all the security features of an organization, ranging from the organization’s internet connectivity vulnerabilities to its antivirus vulnerability (Lioschute, 2007). Most specifically, the PeSVA tool is designed to probe the external environment and connectivity of an organization, to identify the vulnerabilities of the organization specifically from its external internet connections and other computer systems connected to the organizational systems externally to the organization (Lioschute, 2007).
The major focus of the PeSVA tool is to identify, trace and too define the potential weaknesses associated with an organization’s external computer connections and internet connections, and specify the different loopholes that can be used by attackers to infiltrate into the systems and attack the organization (Lioschute, 2007). The PeSVA also analyses the vulnerabilities associated with the external serves of the organizational computer systems, to detect any vulnerability associated with the system. Once the vulnerabilities are determined, the PeSVA tool then recommends the appropriate measures for mitigating the vulnerabilities.
- Lioschute, R. P. (2007). ARE YOU AN EASY TARGET?. Personal Computer Magazine, 26(7/8), 48.
- PERLROTH, N. (JAN. 30, 2013). Hackers in China Attacked The Times for Last 4 Months. New York Times.