Stories about wealth of outgoing premier Wen Jiabao appeared to be catalyst for attack, possibly by military, says paper
Jonathan Kaiman in Beijing
- guardian.co.uk, Thursday 31 January 2013 01.02 EST
Hackers with possible ties to the Chinese military have repeatedly attacked the New York Times‘ computer systems over the past four months, possibly in retaliation for a series of stories that the paper ran exposing vast wealth accumulated by the family of outgoing premier Wen Jiabao, the newspaper has reported.
The hackers gained entry to the newspaper’s internal systems and accessed the personal computers of 53 employees including David Barboza, its Shanghai bureau chief and author of the Wen exposé, and Jim Yardley, a former Beijing bureau chief.
An investigation by Mandiant, a cyber-security company hired by the New York Times, concluded that the hacks were likely part of an elaborate spy campaign with links to the country’s military. The company traced the source of the attacks to university computers that the “Chinese military had used to attack United States Military contractors in the past”, the Times said.
Although the hackers gained passwords for every Times employee, Mandiant found that they only sought information that was related to the Wen story.
The Times said it worked with telecommunications company AT&T and the FBI to trace the hackers after AT&T noticed suspicious activity on the paper’s computer networks on 25 October, one day after the article appeared in print. A later analysis concluded that hackers initially broke into Times computers on 13 September when reporting for the Wen story was in its final pre-publishing stages.
The Times hired Mandiant on 7 November when management realised initial efforts to expel the hackers from the company’s computer systems had been unsuccessful.
“To get rid of the hackers the Times blocked the compromised outside computers, removed every back door into its network, changed every employee password and wrapped additional security around its systems,” said the article.
While Times executives worried that a flurry of hacker activity around the time of the US presidential elections may have indicated that the hackers were intent on shutting down the paper’s publishing systems, “the attackers’ movements suggested that the primary target remained Mr Barboza’s email correspondence”.
The Chinese government had warned the Times that the exposé would “have consequences”, according to the report.
The hackers used a technique called spear-phishing, according to the article, allowing them to install malware on their targets’ computers via seemingly innocuous email messages. The malware allowed them to add remote access tools that gave them access to data from employees’ computers.
“Attackers no longer go after our firewall. They go after individuals. They send a malicious piece of code to your email account and you’re opening it and letting them in,” said Michael Higgins, the Times’ chief security officer.
Chinese hackers began targeting western journalists in 2008 as part of a possible campaign to pre-empt stories that could damage the leadership’s reputation at home and abroad, the article said. Bloomberg was also a victim of cyber-attacks after the newswire published a report on the vast wealth of incoming president Xi Jinping’s family last summer.
In response to allegations that the Chinese military was behind the attacks, China‘s ministry of national defence told the New York Times that “Chinese laws prohibit any action including hacking that damages internet security” and that “to accuse the Chinese military of launching cyber-attacks without solid proof is unprofessional and baseless”.