Chinese hackers attacked NYT, WSJ: reports

The New York Times has revealed that Chinese hackers have been attacking the publication's systems

SECURITY COMPROMISED. The New York Times has revealed that Chinese hackers have been attacking its computer systems.

MANILA, Philippines – Chinese hackers have been attacking the New York Times, the newspaper revealed in an article posted on its web site. They have been allegedly attacking the publication’s computer systems and acquiring passwords used by reporters and employees.

“For the last four months, Chinese hackers have persistently attacked The New York Times, infiltrating its computer systems and getting passwords for its reporters and other employees,” according to the report.

The report said the attacks coincided with the publication’s report on former Prime Minister Wen Jiabao.

“The New York Times published an article in October about the wealth of the family of China’s prime minister, Wen Jiabao, in both English and Chinese,” the report added.

Published online on Oct. 25, the story reported how relatives of Wen Jiabao, China’s prime minister, had accumulated a fortune worth several billion dollars through business dealings.

Security experts at Mandiant discovered the Chinese hackers “using methods that some consultants have associated with the Chinese military in the past, breached The Times’s network,” the report added.

The hackers supposedly broke into the email accounts of David Barboza, the Shanghai bureau chief and writer of the reports on Wen Jiabao and his relatives, as well as Jim Yardley, who used to be bureau chief in Beijing and is currently the South Asia bureau chief.

Security experts mentioned that since 2008, Chinese hackers targeted Western journalists to find sources and contacts and get them to back down. The attacks also allowed hackers to keep tabs on stories potentially damaging to Chinese leaders’ reputations.

Working with AT&T and Mandiant, the New York Times worked to find out the extent of the breach across the span of four months. The groups then “blocked the compromised outside computers removed every back door into its network, changed every employee password and wrapped additional security around its systems.”

It was also of note that this was no ordinary attack, as the hackers installed 45 pieces of custom malware that allowed for the searching and grabbing of Barboza and Yardley’s emails and documents.

Despite having protection from Symantec, Mandiant says it only counted one time when Symantec noticed attacking malware and quarantined it.

The report from the New York Times states that while they got rid of the hackers, they expect more attacks in the future.

“Once they take a liking to a victim, they tend to come back,” Richard Bejtlich, chief security officer for Mandiant, explained. “This requires an internal vigilance model.”

Update: Poynter.org notes some additional reports on the Chinese hacking issue.

The Wall Street Journal also revealed last Thursday that it was also targeted by Chinese hackers, though it also pointed out that the hackings were apparently done to allow for “monitoring of the Journal’s coverage of China, and are not an attempt to gain commercial advantage or to misappropriate customer information.

An Associated Press report mentions that foreign reporters and news media, “including The Associated Press, have been among the targets of attacks intended to uncover the identities of sources for news stories and to stifle critical reports about the Chinese government.”

The Associated Press report adds how, despite hacking accusations by the US, other foreign governments, and computer security experts, China’s defense ministry denied military involvement in the hackings. Rappler.com