January 24, 2022

Wall Street Journal Reports Attack by China Hackers

On Thursday, The Journal reported that it had been attacked by Chinese hackers who were trying to monitor the company’s coverage of China. It said hackers had broken into its network through computers in its Beijing bureau.

In a written statement, the business newspaper owned by News Corporation described the attack as an “ongoing issue” and said it was working closely with authorities and security specialists to clean up its systems. It said that it completed a “network overhaul” on Thursday in an effort to rid its systems of hackers.

China’s Ministry of National Defense has denied any involvement in the cyberattack at The Times or any other American corporations.

But security experts said that in 2008, Chinese hackers began targeting American news organizations as part of an effort to monitor coverage of Chinese issues.

In a report for clients in December, Mandiant, a computer security company, said that over the course of several investigations it found evidence that Chinese hackers had stolen e-mails, contacts and files from more than 30 journalists and executives at Western news organizations, and had maintained a “short list” of journalists for repeated attacks. Among those targeted were journalists who had written about Chinese leaders, political and legal issues in China and the telecom giant Huawei.

Bloomberg News, another American news organization, was targeted by Chinese hackers last year, and some computers were infected, according to a person with knowledge of the company’s internal investigation. The attack occurred after Bloomberg published an article on June 29 about the wealth accumulated by relatives of Xi Jinping, a Chinese official who is expected to become president in March.

Bloomberg has confirmed that hackers had made attempts but said that “no computer systems or computers were compromised.”

The timing of the attacks on The New York Times coincided with the reporting for an investigation, published online on Oct. 25, that found that the relatives of Wen Jiabao, China’s prime minister, had accumulated a fortune worth several billion dollars through business dealings.

Security experts hired by The Times to detect and block the computer attacks found digital evidence that Chinese hackers, using methods that some consultants have associated with the Chinese military in the past, breached The Times’s network.

The Associated Press reported Thursday that officials in the Obama administration were considering more assertive action against Beijing to stop Chinese computer espionage campaigns.

The Secretary of State, Hillary Clinton, said Thursday a global effort was needed o establish “rules of the road” for cyber activity.  In her final meeting with reporters at the State Department, Mrs. Clinton addressed a question about China’s efforts to infiltrate computer systems at The New York Times. 

 “We have seen over the last years an increase in not only the hacking attempts on government institutions but also non-governmental ones,” Mrs. Clinton said.

The Chinese, she said, “are not the only people who are hacking us.” 

 “There is a lot that we are working on that will be deployed in the event that we don’t get some kind of international effort under way,” Mrs. Clinton added without elaborating.

The United States has been increasingly vocal about such efforts against government and private industry. In a November 2011 intelligence report, government officials specifically accused China and Russia of stealing intellectual property for economic gain.

Michael Gordon contributed reporting from Washington.

Article source: http://www.nytimes.com/2013/02/01/technology/wall-street-journal-reports-attack-by-china-hackers.html?partner=rss&emc=rss

Common Sense: H.P.’s Autonomy Blunder Might Be One for the Record Books

The deal was considered so bad, and such an object lesson for a generation of deal makers and corporate executives, that it seemed likely never to be repeated, rivaled or surpassed.

Until now.

Hewlett-Packard’s acquisition last year of the British software maker Autonomy for $11.1 billion “may be worse than Time Warner,” Toni Sacconaghi, the respected technology analyst at Sanford C. Bernstein, told me, a view that was echoed this week by several H.P. analysts, rivals and disgruntled investors.

Last week, H.P. stunned investors still reeling from more than a year of management upheavals, corporate blunders and disappointing earnings when it said it was writing down $8.8 billion of its acquisition of Autonomy, in effect admitting that it had overpaid by an astonishing 79 percent.

And it attributed more than $5 billion of the write-off to what it called a “willful effort on behalf of certain former Autonomy employees to inflate the underlying financial metrics of the company in order to mislead investors and potential buyers,” adding, “These misrepresentations and lack of disclosure severely impacted H.P. management’s ability to fairly value Autonomy at the time of the deal.”

H.P. has declined to document the basis for its charges, saying it has turned the results of its internal investigation over to the Securities and Exchange Commission and Britain’s Serious Fraud Office “for civil and criminal investigation.” In an unusually aggressive public relations counterattack, Autonomy’s founder, Michael Lynch, a Cambridge-educated Ph.D., has denied the charges and accused Hewlett-Packard of mismanaging the acquisition. H.P. asked Mr. Lynch to step aside last May after Autonomy’s results fell far short of expectations.

But others say the issue of fraud, while it may offer a face-saving excuse for at least some of H.P.’s huge write-down, shouldn’t obscure the fact the deal was wildly overpriced from the outset, that at least some people at Hewlett-Packard recognized that, and that H.P.’s chairman, Ray Lane, and the board that approved the deal should be held accountable.

A Hewlett-Packard spokesman said in a statement: “H.P.’s board of directors, like H.P. management and deal team, had no reason to believe that Autonomy’s audited financial statements were inaccurate and that its financial performance was materially overstated. It goes without saying that they are disappointed that much of the information they relied upon appears to have been manipulated or inaccurate.”

It’s true that H.P. directors and management can’t be blamed for a fraud that eluded teams of bankers and accountants, if that’s what it turns out to be. But the huge write-down and the disappointing results at Autonomy, combined with other missteps, have contributed to the widespread perception that H.P., once one of the country’s most admired companies, has lost its way.

Hewlett-Packard announced the acquisition of Autonomy, which focuses on so-called intelligent search and data analysis, on Aug. 18, 2011, along with its decision to abandon its tablet computer and consider getting out of the personal computer business. H.P. didn’t stress the price — $11.1 billion, or an eye-popping multiple of 12.6 times Autonomy’s 2010 revenue — but focused on Autonomy’s potential to transform H.P. from a low-margin producer of printers, PCs and other hardware into a high-margin, cutting-edge software company. “Together with Autonomy we plan to reinvent how both structured and unstructured data is processed, analyzed, optimized, automated and protected,” Léo Apotheker, H.P.’s chief executive at the time, proclaimed.

Autonomy had already been shopped by investment bankers by the time H.P. took the bait. The pitch book was prepared by Qatalyst Partners, founded by Frank Quattrone, the Silicon Valley investment banker whose 2004 conviction on witness tampering and obstruction of justice was reversed on appeal. Qatalyst projected double-digit revenue and earnings growth in both 2011 and 2012, and suggested a visionary future of great opportunities: “The secular migration towards unstructured data has created a large and meaningful addressable opportunity in managing, regulating and monetizing the use of information.”

Article source: http://www.nytimes.com/2012/12/01/business/hps-autonomy-blunder-might-be-one-for-the-record-books.html?partner=rss&emc=rss

Citi Says Many More Customers Had Data Stolen by Hackers

Previously, Citigroup said that more than 200,000 cardholders, or about 1 percent of its 21 million North American cardholders, were affected. The new revelations come as the bank was forced to respond to Connecticut’s attorney general and several other state regulators who have opened inquiries into the breach. They join federal authorities, including the Secret Service and the Federal Bureau of Investigation, who have been conducting investigations into how the bank was attacked.  

In the statement, Citigroup also pinpointed May 10 as the date when it discovered the breach, and it said that it had immediately rectified the problem and began an internal investigation. By May 24, bank officials concluded that the data thieves had captured the names, account numbers, and e-mail addresses of about 360,000 customers. Social security numbers, expiration dates, and the three-digit security password found on the back of the card were not exposed — a finding that security experts have said would make it hard for the thieves to commit fraud.

As of May 24, the bank began preparing to replace about 218,000 credit cards and to prepare notification letters to its customers. Those were mailed beginning June 3, but itwaited to notify the public until June 9.

Citigroup said it implemented “enhanced procedures” to prevent similar incidents from happening and also notified law enforcement and government officials. It did not indicate when they were contacted, however.

In its statement, Citigroup reassured customers that they would not be held liable for fraudulent charges and could take advantage of free identity theft protection assistance, available via a phone number on the back of their credit card, if they believed they were a victim. The bank also encouraged its customers to review their account statements and report any suspicious activity.

Citigroup, citing the ongoing law enforcement investigation, provided no additional details about how their system was left vulnerable.  

Article source: http://feeds.nytimes.com/click.phdo?i=89501f186083a2788aef061e75069198

Shake-Up at Renault Over ‘Chain of Failures’

In particular, the audits faulted “the supervision and control of the activities of the management of the company’s security department.”

The company said it had accepted the resignation of Patrick Pélata, the chief operating officer. It did not say when Mr. Pélata would leave or who would succeed him.

The shake-up was perhaps inevitable after the fiasco embarrassed both the company and President Nicolas Sarkozy’s government and led to a chilling of relations with Beijing after unfounded talk of a Chinese connection to the affair.

The French government, which owns about 15 percent of Renault’s stock, has long indicated its unhappiness with how the company has handled the case. Ministers were not informed of the supposed spying until months after the internal investigation began, and intelligence officials were not brought aboard until after the company had already suspended the three employees.

Éric Besson, the French industry minister, told the television station LCI on Monday that the audits had shown “areas of grave dysfunction within the company’s management.” Christine Lagarde, the finance minister, told France Inter radio that “if mistakes were made, then those who made them should go.”

But the buck stopped short of Carlos Ghosn, one of France’s best paid and most visible businessmen. Renault, along with its Japanese affiliate, Nissan Motor, is making a bid for leadership in the electric car market, and Mr. Ghosn is the chief executive of both companies. Mr. Besson hinted last month that Mr. Ghosn would be allowed to stay, saying it was important not to further destabilize the company at a critical time.

The board has “turned a painful page in the history of Renault,” Mr. Ghosn said in the carmaker’s statement on Monday, adding that the management overhaul was necessary “to restore confidence in the company.”

Even before the debacle, the work force at Renault’s Technocenter research facility was disgruntled. “We aren’t confronted here with simple failures limited to a few managers,” the Renault chapter of the Confédération Générale du Travail union said, “but rather managerial practices that extend throughout the enterprise.”

It added that “the departure of a certain number of executives” would not change anything “without an overhaul of the function and structure of management at every level.”

The affair started last August, when Renault executives received an anonymous letter denouncing certain employees as spies. After an internal investigation, the company in January fired three men it said had been caught trying to sell secrets related to its electric car program overseas.

Mr. Ghosn and Mr. Pélata proclaimed their certainty of the employees’ guilt in news media interviews, despite questions about the evidence and the three men’s protestations of innocence. The men — Michel Balthazard, Bertrand Rochette and Matthieu Tenenbaum — found themselves jobless and under media scrutiny.

But the case started to come apart as soon as French prosecutors and intelligence officials began a criminal investigation and were unable to find the Swiss and Liechtenstein bank accounts the men were said to have maintained.

Rather than signs of espionage, the authorities found evidence suggesting a scheme to defraud the company; Renault’s bill for the investigation came to about 700,000 euros, or $1 million, the Paris prosecutor said in March, and it is still unclear where that money went.

The French authorities are now investigating two men in connection with the apparent fraud: a Renault security official, Dominique Gevrey, and another man, a private investigator. Mr. Gevrey, his boss, Rémi Pagnie, and another security official, Marc Tixador, are all leaving the company, Renault said.

Also leaving as part of the shake-up are Christian Husson, the chief legal counsel; Jean-Yves Coudriou, the head of human resources; and Laurence Dors, the general secretary.

Renault also said Monday that it had reached “an agreement in principle” with the three men regarding compensation for their wrongful dismissal, subject to final approval. The company did not say what the payout would be, but the French news media have reported that 11 million euros, or $15.9 million, would be split among the three. A Renault spokeswoman, Caroline de Gézelle, declined to comment on the amount.

Renault also said it had reached an agreement with another former executive, Philippe Clogenson, who left in 2009 after being accused of receiving bribes from suppliers. Mr. Clogenson will return to Renault in a consulting capacity, the company said.

Article source: http://feeds.nytimes.com/click.phdo?i=511735c16df39d68447f987018bd5acd