For the past four months, Chinese hackers have persistently attacked the New York Times, infiltrating its computer systems and getting passwords for its reporters and other employees, the paper said today.
After surreptitiously tracking the intruders to study their movements and help erect better defences to block them, the New York Times and computer security experts have expelled the attackers and kept them from breaking back in.
The timing of the attacks coincided with the reporting for a New York Times investigation, published online October 25th, that found that the relatives of Wen Jiabao, China's prime minister, had accumulated a fortune worth several billion dollars through business dealings.
Security experts hired by the New York Times to detect and block the computer attacks gathered digital evidence that Chinese hackers, using methods that some consultants have associated with the Chinese military in the past, breached paper’s network.
They broke into the email accounts of its Shanghai bureau chief, David Barboza, who wrote the reports on Wen's relatives, and Jim Yardley, the New York Times' South Asia bureau chief in India, who previously worked as bureau chief in Beijing.
"Computer security experts found no evidence that sensitive emails or files from the reporting of our articles about the Wen family were accessed, downloaded or copied," said Jill Abramson, executive editor of the paper.
The hackers tried to cloak the source of the attacks on the New York Times by first penetrating computers at US universities and routing the attacks through them, said computer security experts at Mandiant, the company hired by the New York Times.
This matches the subterfuge used in many other attacks that Mandiant has tracked to China. The attackers first installed malware - malicious software - that enabled them to gain entry to any computer on the New York Times' network. The malware was identified by computer security experts as a specific strain associated with computer attacks originating in China.
More evidence of the source, experts said, is that the attacks started from the same university computers used by the Chinese military to attack US military contractors in the past.
Security experts found evidence that the hackers stole the corporate passwords for every New York Times employee and used those to gain access to the personal computers of 53 employees, most of them outside the New York Times' newsroom.
Experts found no evidence that the intruders used the passwords to seek information that was not related to the reporting on the Wen family.
No customer data was stolen from the New York Times, security experts said.
Asked about evidence that indicated the hacking originated in China, and possibly with the military, China's Ministry of National Defence said, "Chinese laws prohibit any action including hacking that damages Internet security."
It added that "to accuse the Chinese military of launching cyberattacks without solid proof is unprofessional and baseless."
The attacks appear to be part of a broader computer espionage campaign against US media companies that have reported on Chinese leaders and corporations.
New York Times