The Inquirer-Home

New York Times attacked by Chinese hackers

Could be military
Thu Jan 31 2013, 09:42
China flag

NEW YORK NEWSPAPER OF RECORD the New York Times reports that it has been the victim of a prolonged cyber attack by Chinese hackers.

The company has been under attack for four months, but so far it is winning the battle. According to a report published yesterday on the New York Times website the newspaper and a team of security experts have been able to keep the attackers at bay despite persistent cyber attacks on its systems and staff.

The New York Times says that the attacks began around the time it began an investigation into reports that relatives of China's prime minister, Wen Jiabao, had accumulated a fortune worth several billion dollars through business dealings.

Working with security experts it was able to trace the attacks back to China and recognise that they used methods that have been associated with the Chinese military.

China's Ministry of National Defence issued a statement in response that denied any involvement. "Chinese laws prohibit any action including hacking that damages Internet security," it said. "To accuse the Chinese military of launching cyberattacks without solid proof is unprofessional and baseless."

The first accounts to be attacked were those of the New York Times' Shanghai bureau chief, David Barboza, who wrote the reports, and Jim Yardley, who previously held the same role. Nothing sensitive was taken, according to the New York Times' executive editor, Jill Abramson.

Attacks were routed to the New York Times via compromised machines at United States universities. This cloaking device is a favourite of the Chinese, according to Mandiant, the security firm that the New York Times hired to help resolve the problem.

"If you look at each attack in isolation, you can't say, 'This is the Chinese military,'" said Richard Bejtlich, Mandiant's chief security officer. "When you see the same group steal data on Chinese dissidents and Tibetan activists, then attack an aerospace company, it starts to push you in the right direction."

The hackers stole a large number of corporate passwords, one for every 53 employees, and they were persistent in their attempts to find documents relating to the Wen family report and its sources. Again, there was no evidence that anything sensitive was taken.

Over time Mandiant was able to trace attacks and build up a profile of their opponents and their methods of attack. It said that the hackers would start work at 8am Beijing time and "usually" work a standard working day, but sometimes working until midnight.

It thinks that the hackers were able to get into the New York Times through a spear-phishing attack, and it let them carry on their business for four months so that it could get a clear idea of where they were getting in and close that gap off.

"Attackers target companies for a reason - even if you kick them out, they will try to get back in," said Mandiant security consultant Nick Bennett. "We wanted to make sure we had full grasp of the extent of their access so that the next time they try to come in, we can respond quickly." µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?