Hackers infect Forbes.com to spy on visitors: researchers

[BOSTON] The Forbes.com financial news site was infected by Chinese hackers with spying software that targeted specific visitors, including those at US financial services and defense firms, according to two cybersecurity firms.

The hackers infected Forbes.com in November by inserting malware into a Forbes.com "Thought of the Day" widget that appears when any page on Forbes.com is accessed, cybersecurity firms iSight Partners Inc and Invincea Inc said on Tuesday. It automatically attacked visitors by exploiting security flaws in Microsoft Corp's Internet Explorer browser and Adobe Systems Inc's Flash software, they said.

The firms said they only had a limited view into the attacks based on customer data and other intelligence.

They said they only identified a few organizations in the defense and financial services sectors that were targeted and declined to name them. They said they did not know if the hackers had succeeding in stealing any data, though they believed other visitors to Forbes.com were affected.

Forbes.com is the most popular website known to be compromised as part of an espionage campaign, said iSight researcher John Hultquist. Previous cyberattacks on popular websites have involved malware used by criminals, not spies, he said.

Espionage campaigns typically target smaller websites catering to targeted communities using a technique known as a"watering hole" attack, Hultquist said. For example, hackers looking to spy on aerospace firms have been known to infect sites of associations and news blogs that focus on the industry.

Forbes.com spokeswoman Laura Daunis said in a statement on Tuesday that the company on Dec 1 identified an "incident" that occurred on Nov. 28 and immediately responded. "A file had been modified on a system related to the Forbes website," she said. "The investigation has found no indication of additional or ongoing compromise." She declined to elaborate.

ISight said it believed a Chinese group known as Codoso, or Sunshop, was responsible.

The firm said it believes the group was responsible for similar recent attacks on a think tank site, Cefc.com.hk, as well as Turkkonseyi.com and Gokbayrak.com, which focus on issues of interest to China's Uighur and Turkic minorities.

Codoso is responsible for attacks dating back to 2010 on the energy and financial services sectors, government agencies, dissidents and think tanks, according to iSight.

Microsoft released an update on Tuesday to fix the bug in Internet Explorer. Adobe fixed the Flash vulnerability in December.

Forbes.com, which said it had about 33 million unique visitors in September, is majority owned by Hong Kong-based Integrated Whale Media Investments.

REUTERS