X

Chinese hackers said to wage cyberwar on The New York Times

Unusual activity was seen in the paper's computer systems during a probe on China's prime minister. The Times then discovered that the corporate passwords for every employee had been stolen.

Dara Kerr Former senior reporter
Dara Kerr was a senior reporter for CNET covering the on-demand economy and tech culture. She grew up in Colorado, went to school in New York City and can never remember how to pronounce gif.
Dara Kerr
3 min read

After a lengthy newspaper investigation on China's prime minister, The New York Times claims, the newspaper's computer systems were infiltrated and attacked by Chinese hackers.

The attacks began four months ago and culminated with hackers stealing the corporate password for every Times employee, according to the paper. The personal computers of 53 of these employees were also broken into and spied on.

The Times discovered the attacks after observing "unusual activity" in its computer system. Security investigators were then able to get into the system and track the hackers' movements, see what the infiltrators were after, and eventually "expel them."

Hackers penetrated the newspaper's computers as one of its reporters, David Barboza, was wrapping up an investigation into the family wealth of Chinese Prime Minister Wen Jiabao. Once the story published in October, the hackers' activity intensified. According to The New York Times, they were after information on the sources and contacts for Barboza's story.

In order to find out more of who was behind the cyberattacks, The Times hired computer security firm Mandiant. Experts from this firm were able to detect and block the attacks, while watching the hackers' every move, the paper said.

The newspaper's executive editor, Jill Abramson, said, "no evidence that sensitive e-mails or files from the reporting of our articles about the Wen family were accessed, downloaded, or copied."

According to the Times, the methods these hackers used were similar to past attacks by the Chinese military. These methods include routing attacks through U.S. university computers, constantly changing IP addresses, using e-mail malware to get into the computer system, and installing custom software to target specific individuals and documents.

China's Ministry of National Defense has denied that the government had anything to do with the hacking spree. "Chinese laws prohibit any action including hacking that damages Internet security," the Ministry told the Times. "To accuse the Chinese military of launching cyberattacks without solid proof is unprofessional and baseless."

It's not unusual for governments to wage cyberattacks against other country's media, agencies, and facilities. Iran allegedly waged an attack on the U.K.'s BBC News last March; and earlier this month, the U.S. government claimed Iran was responsible for a massive wave of cyberattacks on U.S. banks. The U.S. has also allegedly waged its own hacking war against Iranian power plants, oil companies, and nuclear facilities with three viruses called Flame, Stuxnet, and Duqu.

Chinese cyberespionage against the U.S. has reportedly been a growing threat for some years now. The U.S. Economic and Security Review Commission on China sent a report to Congress in November that urged lawmakers to take preventative action. The report called China the "most threatening actor in cyberspace" and found that in 2012, Chinese state-sponsored hackers continued to target computer systems run by the U.S. government and military, as well as the private sector.

Despite the Times being able to shut out the hackers for now, it doesn't mean the newspaper won't become the target of another attack.

"This is not the end of the story," Mandiant's chief security officer, Richard Bejtlich, told the Times. "Once they take a liking to a victim, they tend to come back. It's not like a digital crime case where the intruders steal stuff and then they're gone. This requires an internal vigilance model."