The New York Times revealed today that the paper has been persistently hacked by Chinese hackers for the last four months. The hackers were purportedly going after David Barboza, the New York Times correspondent based in Shanghai, and his Chinese contacts who fed him information for his article on the Chinese premier’s hidden wealth and alleged connections to corruption.
The paper said, “Over the course of three months, attackers installed 45 pieces of custom malware” in order to access New York Times databases. The attack was identified by the security firm Mandiant, which worked with the paper to track the hackers. Today’s article explains:
The hackers tried to cloak the source of the attacks on The Times by first penetrating computers at United States universities and routing the attacks through them, said computer security experts at Mandiant… which matches the subterfuge used in many other attacks that Mandiant has tracked to China.
The attackers first installed malware – malicious software – that enabled them to gain entry to any computer on The Times’s network. The malware was identified by computer security experts as a specific strain associated with computer attacks originating in China. More evidence of the source, experts said, is that the attacks started from the same university computers used by the Chinese military to attack United States military contractors in the past.
As the hackers sought information on its sources for the New York Times reporting on Premier Wen, they “found evidence that the hackers stole the corporate passwords for every Times employee and used those to gain access to the personal computers of 53 employees, most of them outside The Times’s newsroom.” Only information about the Wen story was being sought.
The New York Times says that it has now fended off the hack attacks, which included persistent attempts to access the email accounts of Barboza and South Asia bureau chief Jim Yardley.
In June last year, the New York Times created a brand page on Chinese social site Sina Weibo but that was soon deleted by Sina. That Weibo outreach was ahead of the launch of the Chinese version of the website, but that got blocked – along with the English site – on the day in October that the Wen wealth revelations were published. Both sites remain blocked by the Great Firewall.
Sina Weibo has apparently already started blocking the New York Times article from being posted, according to users:
Post the NYT Chinese hacker story then got a notification from Sina, it is inappropriate, so they blocked it. twitter.com/MissXQ/status/…
— XQ (@MissXQ) January 31, 2013
It’s not clear if the hacks are supported by Beijing authorities or the military, and the paper made no such claim. But it did say that the attacks “appear to be part of a broader computer espionage campaign against American news media companies that have reported on Chinese leaders and corporations.”