It was a busy night for IT employees across America last night, as three major organizations — NBC, the Aspen Institute think tank and the customer-support specialist Zendesk — disclosed or found out that their systems had been hacked.
While NBC is the best-known brand, the Zendesk hack may ultimately affect more people, as it turned out customer data belonging to Zendesk clients Pinterest, Tumblr and Twitter had been stolen.
Users of each of those three social-media services should be on the alert for phishing emails pretending to come from Pinterest, Tumblr or Twitter asking users for their account passwords.
The more you know
First to make the news was NBC, whose main website at NBC.com was observed yesterday (Feb. 21) to be harboring the RedKit browser exploit kit, which triggers drive-by downloads of malware onto vulnerable computers.
"There were two exploit links on the NBC website. The first one was on the main default (entry) page. And the second one was located on hxxp://www.nbc.com/assets/core/js/s_wrapper.js," said the HitmanPro blog. "It serves both Java (CVE-2013-0422) and PDF exploits. The exploit drops the Citadel Trojan, which is used for banking fraud and cyberespionage."
The Java exploit referred to, which affects Macs, Windows PCs and Linux boxes alike, was responsible for the recently announced hacks into Apple's, Facebook's and Twitter's employee networks.
The HitmanPro posting noted that RedKit was also installing the ZeroAccess malware, which "moderates an affected user's Internet experience by modifying search results, and generates pay-per-click advertising revenue for its controllers," as well an unknown form of malware.
Stand-alone NBC TV network sites, such as those for "Late Night With Jimmy Fallon" and one featuring "Tonight Show" host Jay Leno's collection of vintage cars, were also said to be compromised.
An NBC spokeswoman confirmed the hacks to Bloomberg News. All the affected sites were cleaned and back up Friday morning.
(The NBCNews.com website, with which TechNewsDaily has a professional relationship, was not affected.)
Service with a frown
Next to fall was San Francisco-based Zendesk, which makes behind-the-scenes software that handles Web-based customer-service queries for more than 25,000 companies.
"We've been hacked," founder and chief executive officer Mikkel Svane announced in a Zendesk company blog posting yesterday evening.
"Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system," Svane wrote. "We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support-email subject lines."
Svane didn't name the three affected companies, but Wired News quickly named them as Pinterest, Tumblr and Twitter, and enclosed texts of the emails each was sending affected members.
"Zendesk's breach did not result in the exposure of information such as Twitter account passwords," read Twitter's email, according to Wired. "It may, however, have included contact information you provided when submitting a support request such as an email, phone number or Twitter username."
Pinterest's and Tumblr's messages said roughly the same thing, with both reminding customers to watch out for phishing emails capitalizing on the data breach and reaffirming that neither company would ever ask customers to disclose their account passwords via email.
None of the official emails or posting from Zendesk or its clients indicated how the intruders got into Zendesk's systems, or how many individuals' email addresses had been exposed.
Crashing the A list
Shortly afterward, The Huffington Post published a story that said the Washington, D.C., think tank The Aspen Institute had also been hacked.
Aspen Institute IT director Trent Nichols told The Huffington Post that hackers, apparently from China, used spear-phishing emails to steal login information for three institute employees, including President and Chief Executive Officer Walter Isaacson.
Nichols said he'd learned of the intrusion from the Department of Homeland Security and the FBI.
"We were shocked," Nichols told The Huffington Post, adding that the intruders "would just go in, read their emails and get out. They were basically snooping around to see what they could find."
Isaacson is one of the most well connected journalists in America. He is the author of the best-selling 2011 biography of Apple founder Steve Jobs, and was formerly managing editor of Time magazine and chairman of CNN.
The intrusion broadly resembles the one suffered by The New York Times this past fall.
In that case, hackers, also apparently from China, established a beachhead in the company network, then fanned out searching for information on a story the Times was working on concerning corrupt members of the family of Chinese Premier Wen Jiabao.
The Times brought in security-forensics firm Mandiant to clean up the mess, but The Aspen Institute doesn't have such deep pockets.
"We don't have the money to pay for a forensic team to find this sort of thing," Nichols told The Huffington Post. "We don’t have the manpower. I've got one network administrator and he's juggling email and firewalls. He's very busy."