view counter

China syndromeChinese hackers attack the New York Times

Published 1 February 2013

Since 2008, Chinese government hackers have been targeting Western news organizations to identify and intimidate their Chinese sources and contacts, as well as to anticipate stories that could hurt the reputation of Chinese leaders. Chinese hackers have repeatedly infiltrated the computer systems of the New York Times over the last four months, following an investigation by the paper that revealed that the relatives of Wen Jiabao, China’s prime minister, had accumulated a fortune worth several billion dollars through business dealings. Security experts hired by the Times have determined that the attacks started from the same university computers used by the Chinese military to attack U.S. military contractors in the past.

Chinese hackers have repeatedly infiltrated the computer systems of the New York Times  over the last four months, gaining access to passwords of reporters and other employees.

The Times reported late Wednesday that the paper has been tracking the intruders in order to study their movements and use better defenses against them. The Times, along with computer security experts have thwarted the attackers and have prevented them from breaking back in.

The attacks started around the same time as the reporting for an investigation by the paper that revealed that the relatives of Wen Jiabao, China’s prime minister, had accumulated a fortune worth several billion dollars through business dealings.

The hackers used malicious software, or  malware, to gain access to any computer on the Times’ network. The malware was identified as a specific strain that has been associated with other attacks  originating in China.

According to Mandiant, a computer security company, the Chinese hackers tried to hide the source of their attacks by infiltrating computers at several universities in the United States and running the attacks though them. The method has been tied to many other attacks that Mandiant has traced back to China

According to the experts, another sign the attacks originated in China was that the attacks started from the same university computers used by the Chinese military to attack U.S. military contractors in the past.

The hackers broke into the e-mail accounts of the Times Shanghai bureau chief, David Barboza, who wrote reports on Wen’s relatives, and Jim Yardley, the South Asia bureau chief in India, who previously worked as bureau chief in Beijing

“Computer security experts found no evidence that sensitive e-mails or files from the reporting of our articles about the Wen family were accessed, downloaded or copied,” said Jill Abramson, executive editor of the Times.

The Times hired security experts to detect and block the attacks and collect digital evidence that indicated Chinese hackers infiltrated the Times network using many of the same tactics that some experts have associated with the Chinese military. .

The hackers stole corporate passwords of every employee and used the passwords to gain access to personal computers of fifty-three  employees, most of which were outside the Times’s newsroom.  There was no evidence that the hackers used the passwords for anything outside of the reporting that was done on the Wen family and no customer data was stolen.

 

Last year Bloomberg News was hit by Chinese hackers and some employee’s computers were infected, according to a person with knowledge of the company’s investigation on the issue. The attack began as the organization published an article in June on the wealth accumulated by relatives of Xi Jinping, China’s vice president at the time.  Xi became general secretary of the Communist Party in November and is expected to become president in March.

Security experts told the Times that since 2008, Chinese hackers have been targeting Western news organizations to identify and intimidate sources and contacts as well as to anticipate stories that could hurt the reputation of Chinese leaders.

In a intelligence report for clients released late last year, Mandiant stated that over the course of several investigations it found evidence that Chinese hackers had stolen e-mails, contacts, and files from more than thirty journalists and executives at Western news organizations, and had maintained a short list of journalists whose accounts they repeatedly attack.

view counter
view counter