BEIJING (TheBlaze/AP) — Chinese hackers repeatedly penetrated The New York Times’ computer systems over the past four months, stealing reporters’ passwords and hunting for files on an investigation into the wealth amassed by the family of a top Chinese leader, the newspaper reported Thursday.
Security experts hired to investigate and plug the breach found that the attacks used tactics similar to ones in previous hacking incidents traced to China, the report said. It said the hackers routed the attacks through computers at U.S. universities, installed a strain of malicious software, or malware, associated with Chinese hackers and initiated the attacks from Chinese university computers previously used by the Chinese military to attack U.S. military contractors.
The attacks, which began in mid-September, coincided with a Times investigation into how the relatives and family of Premier Wen Jiabao built a fortune worth over $2 billion. The report, which was posted online Oct. 25 by Shanghai bureau chief David Barbosa and South Asia bureau chief Jim Yardley, embarrassed the Communist Party leadership, coming ahead of a fraught transition to new leaders and exposing deep-seated favoritism at a time when many Chinese are upset about a wealth gap.
The Chinese foreign and defense ministries called the Times’ allegations baseless, and the Defense Ministry denied the military’s involvement in the breach.
“Chinese law forbids hacking and any other actions that damage Internet security,” the Defense Ministry said in a statement, according to the Associated Press. “The Chinese military has never supported any hacking activities. Cyber-attacks are characterized by being cross-national and anonymous. To accuse the Chinese military of launching cyber-attacks without firm evidence is not professional and also groundless.”
Over the months of cyber-incursions, the hackers eventually lifted the computer passwords of all Times employees and used them to get into the personal computers of 53 employees. After months of investigation by the computer security firm Mandiant, experts are still unsure how the hackers initially infiltrated the Times’ computer systems, the report said. Here’s more from the Times:
They suspect the hackers used a so-called spear-phishing attack, in which they send e-mails to employees that contain malicious links or attachments. All it takes is one click on the e-mail by an employee for hackers to install “remote access tools” — or RATs. Those tools can siphon off oceans of data — passwords, keystrokes, screen images, documents and, in some cases, recordings from computers’ microphones and Web cameras — and send the information back to the attackers’ Web servers.
The report said none of the Times’ customer data was compromised and that information about the investigation into the Wen family remained protected, though it left unclear what data or communications the infiltrators accessed.
“Computer security experts found no evidence that sensitive emails or files from the reporting of our articles about the Wen family were accessed, downloaded or copied,” the report quoted executive editor Jill Abramson as saying. A Times spokeswoman declined to comment further.
China has been accused by the U.S., other foreign governments and computer security experts of mounting a widespread, aggressive cyber-spying campaign for several years, trying to steal classified information and corporate secrets and to intimidate critics. Foreign reporters and news media, including The Associated Press, have been among the targets of attacks intended to uncover the identities of sources for news stories and to stifle critical reports about the Chinese government.
“Attacks on journalists based in China are increasingly aggressive, disruptive and sophisticated,” said Greg Walton, a cyber-security researcher who has tracked Chinese hacking campaigns. China’s cyber-spying efforts have excelled in part because of the government’s “willingness to ignore international norms relating to civil society and media organizations,” he said.
The Times reported that executives became concerned just before the publication of the Wen investigation after learning that Chinese officials had warned of unspecified consequences. Soon after the Oct. 25 publication, AT&T, which monitors the Times’ computer networks, notified the company about activity consistent with a hacking attack, the report said.
The Times reported Chief Information Officer Marc Frons saying the hackers “could have wreaked havoc on our systems,” but it turns out they were really after the names of people who might have provided Barboza with information. The Times noted though that Barboza’s research for the story was based on public records.
Read more details about the New York Times system hack here.
- Revealed: Chinese Hackers Broke Into NASA and Controlled the Jet Propulsion Lab
- Confirmed: China Attempted to Infiltrate White House Network that Includes Nuclear Commands
- Security Company: China Linked to Cyberattacks on 48 Chemical and Defense Companies
- ‘Operation Shady Rat’: World’s Biggest Hacking Operation Hails From China?