Hackers linked to the Chinese military have repeatedly accessed the New York Times computer system using computers located at US universities, according to an extended investigation by the Times.
The hackers managed to obtain files containing the usernames and passwords of all New York Times employees through a persistent effort that spanned four months following the publication on October 25 of an investigative piece revealing several billion dollars worth of investments belonging to the relatives of premier Wen Jiabao.
Within hours of the article’s publication the Chinese government had blocked its citizens from accessing both the English and Chinese editions of the Times inside China. The sites remain blocked in China.
Upon suspecting computer intrusions the Times hired security experts. For months the experts tracked the hackers activities surreptitiously in order to gather knowledge about their methods. They were able to determine that the hackers operated in a manner that security experts in the past had associated with attacks launched on other systems by the Chinese military.
The hackers routed their attacks through computers they had accessed at US universities much in the same way previous attacks on US military networks had been carried out, according to the experts at Mandiant, the firm hired by the Times. They began by installing Trojan horses that enabled them to access any computer on the paper’s network. Their virus was identified as being of the same strain linked to past attacks originating in China. The attacks also started from the same university computers used in past attacks by the Chinese military against US military contractors.
The attackers hacked into the e-mail accounts of the paper’s Shanghai bureau chief, David Barboza, who wrote the Wen wealth piece, and Jim Yardley, the South Asia bureau chief in India, who had previously worked as bureau chief in Beijing. However, they seemed to have done no damage beyond the inflicting the sense of vulnerability and the large costs associated with addressing it.
“Computer security experts found no evidence that sensitive e-mails or files from the reporting of our articles about the Wen family were accessed, downloaded or copied,” said Times executive editor Jill Abramson.
The hackers also stole the file containing the passwords for every Times employee and used to them to access the personal computers of 53 employees. Most of them worked outside The Times’s newsroom. The passwords were apparently used only to seek information related to the reporting on the Wen family, possibly in an effort to track the sources of the reported information. No Times subscriber or advertiser data appears to have been stolen, according to the experts.
Upon concluding the investigation the experts implemented new security measures to block the vulnerabilities that had been exploited and to prevent further intrusions.
“Chinese laws prohibit any action including hacking that damages Internet security,” said a China National Defense Ministry spokesperson, adding that “to accuse the Chinese military of launching cyberattacks without solid proof is unprofessional and baseless.”
The Times report suggests that the hacking was part of a larger pattern of seeking to use computer attacks to control the media’s publication of information revealing evidence of corruption at high levels of government. Bloomberg’s computers had been attacked in a similar fashion, albeit unsuccessfully, after it had published an article on June 29 about the wealth amassed by the family of Xi Jinping, China’s new leader.
China has embarked on a campaign to expand secret access to US corporations, government agencies, activist groups and media organizations inside the United States to control China’s public image and to access trade secrets, the Times piece concludes. If it succeeds in getting the upper hand over the ability of those entities to defend against such attacks, it may succeed in scaring Chinese sources into not supplying inside information to outside media.