Chinese hackers infiltrate The New York Times, Wall Street Journal
The New York Times | WSJ | Associated Press | Forbes
In the months just before and since The New York Times published an investigation of Chinese prime minister Wen Jiabao's family, hackers have been "infiltrating its computer systems and getting passwords for its reporters and other employees," the paper reports.
They broke into the e-mail accounts of its Shanghai bureau chief, David Barboza, who wrote the reports on Mr. Wen’s relatives, and Jim Yardley, The Times’s South Asia bureau chief in India, who previously worked as bureau chief in Beijing.
“Computer security experts found no evidence that sensitive e-mails or files from the reporting of our articles about the Wen family were accessed, downloaded or copied,” said Jill Abramson, executive editor of The Times. ...
Security experts found evidence that the hackers stole the corporate passwords for every Times employee and used those to gain access to the personal computers of 53 employees, most of them outside The Times’s newsroom. Experts found no evidence that the intruders used the passwords to seek information that was not related to the reporting on the Wen family.
No customer data was stolen from The Times, security experts said.
The Wall Street Journal revealed late Thursday that it too had been targeted by Chinese hackers:
Paula Keve, chief spokeswoman for the Journal's parent company, Dow Jones & Co., said in a written statement: "Evidence shows that infiltration efforts target the monitoring of the Journal's coverage of China, and are not an attempt to gain commercial advantage or to misappropriate customer information."
The WSJ and Times are not the only news organizations to be targeted. The Journal, which wrapped up its security overhaul Thursday, says the FBI has been investigating the intrusions for more than a year "and considers the hacking a national-security case against U.S. interests."
China has been accused by the U.S., other foreign governments and computer security experts of mounting a widespread, aggressive cyber-spying campaign for several years, trying to steal classified information and corporate secrets and to intimidate critics. Foreign reporters and news media, including The Associated Press, have been among the targets of attacks intended to uncover the identities of sources for news stories and to stifle critical reports about the Chinese government.
“Attacks on journalists based in China are increasingly aggressive, disruptive and sophisticated,” said Greg Walton, a cyber-security researcher who has tracked Chinese hacking campaigns. China’s cyber-spying efforts have excelled in part because of the government’s “willingness to ignore international norms relating to civil society and media organizations,” he said.
The attacks against journalists started in 2008, says the Times:
In a December intelligence report for clients, Mandiant said that over the course of several investigations it found evidence that Chinese hackers had stolen e-mails, contacts and files from more than 30 journalists and executives at Western news organizations, and had maintained a “short list” of journalists whose accounts they repeatedly attack.
Bloomberg News was among those hacked last year, the Times reports.
The recent attack against the Times, which started around Sept. 13, was focused on the Wen stories and tracking sources who spoke with the lead reporter:
The attackers were particularly active in the period after the Oct. 25 publication of The Times article about Mr. Wen’s relatives, especially on the evening of the Nov. 6 presidential election. That raised concerns among Times senior editors who had been informed of the attacks that the hackers might try to shut down the newspaper’s electronic or print publishing system. But the attackers’ movements suggested that the primary target remained Mr. Barboza’s e-mail correspondence.
“They could have wreaked havoc on our systems,” said Marc Frons, the Times’s chief information officer. “But that was not what they were after.”
What they appeared to be looking for were the names of people who might have provided information to Mr. Barboza.
The Times used Symantec as antivirus protection, but it failed, they say. "Over the course of three months, attackers installed 45 pieces of custom malware. The Times ... found only one instance in which Symantec identified an attacker’s software as malicious and quarantined it, according to Mandiant."
Related: 3 men have been arrested for burglarizing print subscribers of the L.A. Times, allegedly stealing $1 million worth of property in three years by using "vacation hold" notices that told them when homeowners would be away.