New York Times on cybersecurity: More like war propaganda

The New York Times loves “dog bites man” stories, especially if they can say that the dog might be named Russia.

In journalism, you may have heard, if a dog bites a man that’s nothing; but if a man bites a dog, that’s news, in the words of Charles Dana, editor of the New York Tribune in the 1850s.

So why would the Times make any noise at all about a “dog bites man” story? The dog, in this case, is somebody or a group of somebodies who are trying to do a simple cyber break-in. The target (the “man”) is a Microsoft cloud system. 

The Times even says that U.S. officials consider this to be a routine, “unsophisticated, run-of-the-mill operation that could have been prevented if the cloud service providers had implemented baseline cybersecurity practices.”

The break-in attempt, as described by Microsoft, is a simple password phishing attack on user logins. This is the most common type of break-in attempt that is carried out tens of thousands of times daily across the internet.

The Times story says that Microsoft recently notified more than 600 organizations that they had been the target of about 23,000 attempts to enter their systems. Yawn, this is news?

What Microsoft adds to its press release is that they think the source of these attempts is a group based in Russia. No proof of this assertion is offered, and the Times gladly repeats this as if it were fact.

That’s a stretch. 

Weapons of mass distraction

The Times’ writer is David Sanger, a sort of hired gun for war jingoism. Sanger, along with Judith Miller, created the legendary “weapons of mass destruction” reports on Iraq for the New York Times. All of it was fiction.

Sanger was also an originator and promoter of the false claim of a Russian hack of the Democratic National Committee and top officials in the 2016 Hillary Clinton campaign. That accusation was used as a distraction after it was learned that WikiLeaks was about to publish emails that showed how Clinton and the DNC had intervened to block Bernie Sanders.

Too many still believe the Russia hacking and Trump campaign conspiracy story. But, like the weapons of mass destruction, it never happened. 

What is real news, which was ignored by Sanger, is that Microsoft admitted that its weak security policies meant that a break-in was possible.

Microsoft says: “The attacks we’ve observed in the recent campaign against resellers and service providers have not attempted to exploit any flaw or vulnerability in software but rather used well-known techniques, like password spray and phishing, to steal legitimate credentials and gain privileged access.”

Microsoft adds that it had updated its security requirements in September 2020 to reduce its vulnerability to “password spray and phishing,” but it had failed to enforce these policies. “We will [now] take the necessary and appropriate steps to enforce these security commitments.”

So why was the Times’ headline “Russia Challenges Biden Again With Broad Cybersurveillance Operation”? The only challenge was anonymous, not necessarily Russian, and the only target was Microsoft. And even Microsoft said it wasn’t a serious or significant challenge. 

But as we’ve seen over the years, when the capitalists want war propaganda, truth is always the first casualty.