The New York Times says its computer systems have been hacked from China over the past four months and that the corporate passwords of its reporters were stolen.
The newspaper believes the attacks are related to an investigative exposé it ran detailing the enormous wealth — several billion dollars — accumulated by the outgoing Chinese prime minister Wen Jiabao and his family while Jiabao has been in power.
Late Wednesday, a report in the Times claimed the first cyber attacks began when it published an front page story on October 25, 2012 revealing the full extent of Jiabao’s relatives less-than-transparent business dealings.
The Times says the hackers penetrated the e-mail accounts of its Shanghai bureau chief, David Barboza, who wrote the investigative expose, and Jim Yardley, the newspaper’s former bureau chief in Beijing.
The Timesclaims the Chinese government had warned them that the exposé would “have consequences.”
Knowing this, the paper asked telecommunications company AT&T (and also the FBI) to monitor its systems for suspicious activity. Unusual activity was spotted on October 25, one day after the Wen exposé story was published.
The Times hired Mandiant, a cyber-security firm, on November 7 after initial efforts to flush out multiple spying viruses in their computer systems proved unsuccessful.
According to The Hollywood Reporter, Mandiant’s investigation found digital evidence that suggested the hacks originated in China and mirrored methods used by the Chinese military in the past to attack US military contractors.
In addition, Mandiant discovered that, although the hackers gained passwords for every Times employee, they only went after information that was related to the Wen story.
Later analysis revealed that hackers first broke into the Times’ internal systems on September 13 when reporting on the Wen story was in its final pre-publishing stages, The Guardian reports.
In the Times’ article, which details the inside story on the hackings, the paper writes:
“To get rid of the hackers the Times blocked the compromised outside computers, removed every back door into its network, changed every employee password and wrapped additional security around its systems.”
The paper adds that because the timing of the first attacks happened around the time of the US presidential elections, at first Times executives thought the attacks were intended to shut down the paper’s entire publishing system.
However, investigations revealed, “the attackers’ movements suggested that the primary target remained Mr Barboza’s email correspondence.”
According to the Times, the hackers used a technique called spear-phishing, which allowed them to install malware on their targets’ computers by using seemingly benign email messages. That malware allowed them to add remote access tools giving the hackers access to data from employees’ computers.
“Attackers no longer go after our firewall. They go after individuals. They send a malicious piece of code to your email account and you’re opening it and letting them in,” said Michael Higgins, the Times’ chief security officer.
In the Times’ article, they gave China’s a right of reply and quoted a ministry of national defense spokesman, who denied the claims, saying, “Chinese laws prohibit any action including hacking that damages internet security,” and that “to accuse the Chinese military of launching cyber-attacks without solid proof is unprofessional and baseless.”
Last year, the US government criticized China for its cyber warfare but didn’t admit that it, too, has been developing cyber weapons. Several years ago, the US government was suspected of working with the Israelis on a project which resulted in the “Stuxnet” worm, which later attacked Iran’s nuclear program, Sky News notes.
If the New York Times’ claims are correct, it means China is now using its cyber resources to control the country’s image externally as well as internally.
Russian, Iranian, US, and British defense sectors are thought to be increasingly focused on matching the cyber technology of rivals. The British Foreign Office is thought to have been cyber attacked by China two years ago, but, for security reasons, details were not made public.
China boasts 540 million internet users and has a labor intensive resources other countries lack. Putting those numbers into perspective, Sky News writes:
“If Luxembourg (population 500,000) had got into the NYT system, finding the source might be easy. If it is China (population 1.3 billion), it is more akin to looking for a digital drip in an electronic waterfall.”