For four months, Chinese hackers have been playing The New York Times like a zither.
The hackers have been “infiltrating its computer systems and getting passwords for its reporters and other employees,” according to Nicole Perlroth, writing in The Times.
The attacks began as the newspaper published an exposé of the family of Chinese premier Wen Jiabao October 25. His relatives, according to the article, have amassed a personal wealth in the billions of dollars.
The Times received threats prior to publication through official Chinese government channels that publishing the article would “have consequences.”
The hackers hid malware on company computers through third-party servers and began collecting information.
Among their specific targets were the email accounts of David Barboza, the report’s author and the NYT Shanghai bureau chief, and of former Beijing bureau chief Jim Yardley. However, they stole the corporate passwords for all employees, using them to break into the personal computers of 53 employees, most located outside of the newsroom.
Jill Abramson, The Times‘ executive editor, claimed that the hackers captured no “sensitive emails or files from the reporting of (the) articles about the Wen family.” Nor, the paper claimed, did they steal any customer data.
In conjunction with the security firm it hired, Mandiant, The Times said it monitored the hackers’ activities until it could construct robust roadblocks against them, at which point it ejected them and scrubbed the malware from their systems.
China
Several aspects of the hack indicated its Chinese origin, according to Mandiant. The hackers used “methods that some consultants have associated with the Chinese military in the past.”
These included routing the attacks through the same American university servers Chinese hackers have used in the past to attack defense contractors’ computer systems and employing a malware associated with attacks from China,
When asked for comment by The Times, China’s Ministry of National Defense said, “Chinese laws prohibit any action including hacking that damages Internet security … to accuse the Chinese military of launching cyberattacks without solid proof is unprofessional and baseless.”
The Chinese military has been very active in cyberespionage for several years, targeting private companies, media companies, and activist groups.
China is not sui generis in this regard, although arguably either more active or less successful at covering up their efforts. Countries around the world use both official, military cyberintelligence operatives and ostensibly unofficial cyber “militias” to steal secrets, punish offenders, and deform coverage of the agents’ country.
Users of Sina Weibo, China’s most popular social network, are reporting that the site has already started blocking mentions of the story.
The Times
The account in The Times gives the impression that the newspaper identified the hacks right off the blocks and spent the subsequent four months in a search-and-destroy mission. The Times, the article seems to say, was in control the whole time.
The only problem with that picture, of course, is that America’s “paper of record” was hip-deep in Chinese hackers the whole time, which may indicate slightly less control than it would like to be seen as wielding.
This turn of events makes its publication of an analysis of the news media’s need for real cybersecurity, by privacy researcher Chris Soghoian and published the day after the Wen Jiabao story, more ironic than it otherwise would be, if no less true.
Photo via Wikipedia