Tech

Forbes' 'Thought of the Day' Used To Hack Readers

Forbes' "Thought of the Day" was used in a sophisticated hack that targeted U.S. defense contractors and financial companies.

Forbes' 'Thought of the Day' Used To Hack Readers
Forbes
SMS

One of the most popular websites in the United States — Forbes.com — was recently the target of an exploit aimed at gathering data from U.S. defense contractors and financial companies.

According to cyber intelligence firm iSight Partners — one of two firms that discovered the attack — a Chinese cyber espionage team used a vulnerability in Adobe's Flash player and Microsoft's Internet Explorer browser to plant malware in Forbes' "Thought of the Day" splash page. (Video via Microsoft)

iSight says it can confirm the attack took place between Nov. 28 and Dec. 1 of 2014, but it may have lasted longer.

Fortunately, Adobe was quick to fix its Flash player — an update was released on Dec. 9 that patched the vulnerability.

But as you know, that update would have to be installed in order for the vulnerability to be patched. So the exploit may have been available to the hackers for more than the few days between Nov. 28 and Dec. 9.

According to The Wall Street Journal, Forbes refrained from notifying readers of the vulnerability during its duration. Though the article quotes a Forbes spokesperson who has now confirmed the hack and said, when Forbes found out on Dec. 1, it "took immediate actions to remediate the incident."

If you visited the Forbes site between Nov. 28 and Dec. 1 on an Internet Explorer browser with Adobe Flash installed, you were vulnerable to the attack. But should you be concerned? Well, yes. But should you be set-fire-to-your-computer-and-change-all-your-credit-card-numbers distraught? No, and here's why:

The second security firm, Invincea, says the hackers executed what's called a watering hole attack. 

Basically, the hackers are after a specific group and are certain people within that group will visit the site — or watering hole — they've loaded with malware. Once those group members drink from the watering hole, they become infected with the malware and subsequently infect the rest of the group. (Video via National Geographic)

In other words, the Forbes hackers probably weren't after your data.

Still, you should always keep up with the latest updates to your browser, your computer, your antivirus and plug-ins like Adobe Flash Player. On Tuesday, Microsoft released a patch for its Internet Explorer browser.

This video includes images from Getty Images.