For the past four months, Chinese hackers have persistently attacked the New York Times, infiltrating its computer systems and getting passwords for its reporters and other employees.
After surreptitiously tracking the intruders to study their movements and help erect better defenses to block them, the Times and computer security experts have expelled the attackers and kept them from breaking back in.
The timing of the attacks coincided with the report of a Times investigation, published online on Oct. 25, that found that the relatives of Chinese Premier Wen Jiabao (溫家寶) had accumulated a fortune worth several billion of US dollars through business dealings.
Security experts hired by the Times to detect and block the computer attacks gathered digital evidence that Chinese hackers, using methods that some consultants have associated with the Chinese military in the past, breached the Times’ network.
They broke into the e-mail accounts of its Shanghai bureau chief, David Barboza, who wrote the reports on Wen’s relatives, and Jim Yardley, the Times’ South Asia bureau chief in India, who previously worked as bureau chief in Beijing.
“Computer security experts found no evidence that sensitive e-mails or files from the reporting of our articles about the Wen family were accessed, downloaded or copied,” Times executive editor Jill Abramson said.
The hackers tried to cloak the source of the attacks on the Times by first penetrating computers at US universities and routing the attacks through them, said computer security experts at Mandiant, the company hired by the Times. This matches the subterfuge used in many other attacks that Mandiant has tracked to China.
The attackers first installed malicious software, or malware, that enabled them to gain entry to any computer on the Times’ network. The malware was identified by computer security experts as a specific strain associated with computer attacks originating in China. More evidence of the source, experts said, is that the attacks started from the same university computers used by the Chinese military to attack US military contractors in the past.
Security experts found evidence that the hackers stole the corporate passwords of every Times employee and used those to gain access to the computers of 53 employees, most of them outside the Times’ newsroom.
Experts found no evidence that the intruders used the passwords to seek information that was not related to the reporting on the Wen family.
No customer data was stolen from the Times, they said.
Asked about evidence that indicated the hacking originated in China, China’s Ministry of National Defense on Wednesday said that “to accuse the Chinese military of launching cyberattacks without solid proof is unprofessional and baseless.”
In Beijing, Chinese Ministry of Foreign Affairs spokesman Hong Lei (洪磊) told reporters: “The competent Chinese authorities have already issued a clear response to the groundless accusations made by the New York Times.”
Asked about cyberspying and hacking accusations made against China in general, he said: “To arbitrarily assert and to conclude without hard evidence that China participated in such hacking attacks is totally irresponsible.”
“China is also a victim of hacking attacks. Chinese laws clearly forbid hacking attacks, and we hope relevant parties takes a responsible attitude on this issue,” he said.