Forbes Website Was Hacked in Targeted Attack on Its Visitors

Forbes Website Was Hacked in Targeted Attack on Its Visitors Advertising Security & Privacy With splash pages which subject new website visitors to a "Thought of the Day", Forbes has one of the more annoying ad policies of the major news sites. And now hackers have found a way to make it even worse.

The WSJ reports that late last year hackers believed to be based in China had used the Forbes website as a conduit in their attack on a defense contractor. For several days following Thanksgiving, the hackers subverted Forbes servers and used the "Thought of the Day" ad page to deliver malware to a select group of targeted computers.

Internet Explorer users were targeted in what is believed to be an attack on defense contractors:

Invincea said it responded to a hacking incident at a defense contractor in late November, and traced the malware to employees visiting Forbes. Working with iSight, which has close ties to official Washington, the two firms also found evidence of malware from the Forbes site on computers in the American financial services sector.

The links to China are indirect. ISight says it has linked the Forbes hack to the malware and tactics used in a string of intrusions at defense contractors, a Hong Kong think tank and the Nobel Peace Prize website shortly after the award went to a Chinese dissident in 2010.

Luckily the hackers were not interested in infecting everyone, but that doesn't change the fact that they were still able to use weak security on the Forbes website and a previously unknown Adobe Flash security hole to potentially infect millions of computers.

That Flash security hole, in case you were wondering, was patched in January. Update: Conflicting reports say that it was patched in early December.

Forbes Website Was Hacked in Targeted Attack on Its Visitors Advertising Security & Privacy

Forbes said it counted more than 31 million website visitors in November, and given that IE is still one of the leading web browsers, the potential impact measured in the millions.

To be fair to Forbes, this is honestly nothing new. Hackers have long used compromised websites to spread malware and attack more computers. Historically, this is an older problem than the rising issue of malware-infested ad networks.

But even though this isn't new, it's still a reminder that when browsing online, security is paramount. And that's why I use an ad blocker, among other security measures.

images  by Kris Krugaag_photos

About Nate Hoffelder (9946 Articles)
Nate Hoffelder is the founder and editor of The Digital Reader:He's here to chew bubble gum and fix broken websites, and he is all out of bubble gum. He has been blogging about indie authors since 2010 while learning new tech skills at the drop of a hat. He fixes author sites, and shares what he learns on The Digital Reader's blog. In his spare time, he fosters dogs for A Forever Home, a local rescue group.

1 Trackbacks & Pingbacks

  1. Forbes is Blocking Ad-Blockers | The Digital Reader

Leave a comment

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Tweet
Share
+1
Pin
Share
0 Shares
%d bloggers like this: