The New York Times has revealed that over the last four months, it was repeatedly attacked by Chinese hackers using methods that have been linked to the Chinese military in the past. The timing of the attacks coincided with reporting for an investigative article published on October 24 that revealed Wen Jiabao, China’s prime minister, had tried to hide a massive family fortune.
Mandiant, a computer security company hired by the New York Times, expelled the hackers after surreptitiously tracking their movements, and said that the methods used have been associated with the Chinese military in the past. The hackers tried to obscure the source of the attack by first routing through computers at U.S. universities, which Mandiant experts said matched methods used in other attacks that have been traced to China. Furthermore, the malware installed on by the hackers is a specific strain associated with computer attacks originating in China, and the attacks started from the same university computers used by the Chinese military to attack U.S. military contractors in the past.
Over the course of three months, hackers installed 45 pieces of custom malware–only one instance of which was identified and quarantined by Symantec antivirus products the New York Times used (a Symantec spokesman that the newspaper that, as a matter of policy, the company does not comment on its customers).
Hackers broke into the email accounts of the New York Times’ Shanghai bureau chief, David Barboza, who wrote the Wen Jiabao article, and Jim Yardley, the former Beijing bureau chief and current New York Times South Asia bureau chief in India. They also stole the corporate passwords for every newspaper employee and gained access to the personal computers of 53 employees, most outside of the newsroom.
The New York Times story said that the attacks on it and other organizations suggest a systematic effort to control China’s image by spying on different groups:
The mounting number of attacks that have been traced back to China suggest that hackers there are behind a far-reaching spying campaign aimed at an expanding set of targets including corporations, government agencies, activist groups and media organizations inside the United States. The intelligence-gathering campaign, foreign policy experts and computer security researchers say, is as much about trying to control China’s public image, domestically and abroad, as it is about stealing trade secrets.
Other U.S. news organizations that have been targeted by Chinese hackers include Bloomberg News, which was hacked last year after publishing an article about the family wealth of China’s then-vice president Xi Jinping. In a December report, Mandiant said that Chinese hackers began targeting Western journalists in 2008 as part of an effort to identify and intimidate sources and contacts for articles that might tarnish the reputation of Chinese leaders.
News organizations have not been the only target of Chinese hackers. Last October, the White House confirmed that hackers linked to China’s government had broken into a system used by the White House Military Office for nuclear commands, but downplayed the attack.
Being attacked by hackers is the latest repercussion the New York Times has been dealt for its investigative piece about Wen Jiabao’s wealth. After it was published, the English- and Chinese-language Web sites of the New York Times were blocked in China. At the beginning of this month, New York Times reporter Christopher Buckley left China after he was denied a new journalist’s visa. Though China’s foreign ministry said that Buckley’s visa application had been filed incorrectly, many observers speculated that the situation was related to the Wen Jiabao article. Furthermore, the newspaper’s new Beijing bureau chief, Philip Pan, has been waiting since last March for a visa.