The Washington Post: Latest US News Organization Cyber-Attacked By Suspected Chinese Hackers

If The Washington Post and The Wall Street Journal’s claims that their computer systems have been attacked by Chinese hackers are correct, just as the New York Times recently claimed — then America, we have a problem.

In an article that was published yesterday The Washington Post claimed it had been attacked by what it strongly believes are Chinese hackers. The paper goes on to say the attackers gained access to their computer systems as early as 2008 or 2009, but that the infiltration was only discovered in 2011.

After employing Mandiant — the same Alexandria based cyber security firm that the New York Times and the Journal used — The Post’s computer systems were cleansed of the malware which had been sending a signal to an Internet command-and-control server associated with a Chinese hacking group.

Post spokeswoman Kris Coratti said:

“Like other companies in the news recently, we face cybersecurity threats. In this case, we worked with Mandiant to detect, investigate, and remediate the situation promptly at the end of 2011. We have a number of security measures in place to guard against cyberattacks on an ongoing basis.”

Specific details about the cyber attack on The Post’s came from anonymous sources who wished to remain confidential, but the paper’s parent company has confirmed the hacks attacks took place.

These sources say it’s likely that security passwords were compromised, which would have given the hackers “potentially wide-ranging access to The Post’s systems before the computers were taken offline and enhanced monitoring was put in place to prevent a recurrence. It was not clear what information, if any, was stolen by the hackers.”

Speaking of Chinese government hackers, Grady Summers, vice president at Mandiant, said that as a rule Chinese government hackers “want to know who the sources are, who in China is talking to the media … they want to understand how the media is portraying them, what they’re planning and what’s coming.”

CNET reports that The Post’s calls to the Chinese Embassy in Washington and officials in Beijing were not been returned. However, on Thursday, China’s Defense Ministry released a statement that read:

“The Chinese military has never supported any hack attacks. Cyberattacks have transnational and anonymous characteristics. It is unprofessional and groundless to accuse the Chinese military of launching cyberattacks without any conclusive evidence.”

Although the National Security Agency and the Defense Department have declined to comment, seen together with the attacks on the New York Times’, the Journal’s and now ThePost, there are rising concerns that some sort of critical mass as regards cyber attacks has been reached.

Steven Chabinsky, a former senior FBI cyber-official who now works for the security company CrowdStrike, said, “What we’re seeing now is the end of a decade-long drive toward complete visibility into all computer networks of interest.

With China clearly not opposed to stringent monitoring and control of its own population, many analysts believe China has extended that control beyond its borders.

In January 2010, Google voluntarily disclosed that it had been hacked from a source originating in China. The company also said that in its investigations, it was revealed that many other companies had also been penetrated by Chinese hackers.

Yet another official speaking on condition of anonymity said,”If every company reported when it was hacked and who it was hacked by, it would be harder [for China] to get away with it.”

Chabinsky agrees.

“It’s easy to dismiss one or two companies. It’s harder if 100 companies come together and say, we’ve analyzed where it’s coming from and it’s you, and it has to stop.”

This tide of revelation comes as Eric Schmidt, Google’s executive chairman, has described China as the most “sophisticated and prolific” hacker of foreign companies in his forthcoming book co-authored by Jared Cohen.

According to The Telegraph, Schmidt argues that Chinese state backed cyber crime is the biggest online threat in the world. An extract from it reads:

“The disparity between American and Chinese firms and their tactics will put both the government and the companies of the United States at a distinct disadvantage.”