Chinese Hackers Infect Forbes, Spy on Visitors

John Lister's picture

Chinese spies have reportedly infected the Forbes website in order to steal data from staff at defense and finance organizations. The attack is unlike most attacks on large websites, as the motive was for intelligence, rather than profit.

The Forbes website attack reportedly took place in November 2014, with the security gap plugged by approximately three days later. To propagate the attack, hackers replaced a legitimate file on the web server used for the "Thought of the Day" feature, which appeared on every page of the Forbes website. The malicious file was then automatically downloaded to every user that visited the site, which then took advantage of known flaws in Internet Explorer and Adobe Flash to provide unrestricted access to visitors' computers.

Forbes Website Attack due to Adobe, Internet Explorer Flaw

While Forbes had kept the attacks under wraps, two cyber security firms have now revealed some of the details. They had waited until this week when Microsoft fixed the Internet Explorer bug in question. The Adobe bug had already been fixed in December. (Source:

iSight Partners, Inc. and Invincea, Inc. say they still don't have a complete picture of the hack, but they claim that attackers were targeting specific firms in defense and finance. It's thought to be the work of a Chinese hacking group that's been active since 2010. (Source:

"Watering Hole" Tactic Used to Target Visitors

Cyber security firms described the attack as a "watering hole" tactic, which is a reference to the wildlife kingdom where predators know that prey will gather in a particular place at regular intervals and thus be more vulnerable.

In an online context, the logic is that high-value security targets are likely to visit particular websites and thus be open to the attacks. The Chinese hackers are believed to have used a similar approach in targeting websites visited by the country's political opposition.

Intellectual Property An Increasing Target

While Forbes is a hugely popular website with tens of millions of visitors each month, this wasn't the more familiar type of attack typically used on large websites. Such attacks usually target secure personal financial data and security information of web visitors, such as user names and passwords. In those cases, the theory is that even if only a small proportion of the audience falls prey, the profits can soon mount up.

Instead, hackers were specifically going after high-value targets whose computers likely house confidential business details and intellectual property. It's not yet confirmed if the hacking group is indeed state-sponsored, as many analysts suspect.

What's Your Opinion?

Should US officials put more pressure on American firms to help lower the number of security vulnerabilities, now that attacks of this nature have come to light -- especially if it's a matter of national security? Do you believe that such attacks deter people from visiting high-profile sites?

Rate this article: 
Average: 4.8 (5 votes)


Dennis Faas's picture

Here's hoping that one day you can use a web browser to visit a website and never worry it will infect your PC. Sandboxing the browser from the rest of the operating system seems like a good idea, but most likely isn't a practical solution as it would be far too restrictive in terms of plugins and extended functionality.