NEW YORK—The New York headquarters of Epoch Media Group has been targeted by large-scale cyberattacks for nearly a month. The attacks, which appear aimed at disrupting daily operations and steal sensitive information, according to technical personnel, bear similarities to earlier efforts orchestrated by hackers in China.
The cyberattacks began soon after three publications of the media group—Dajiyuan, Epoch Times, and New Tang Dynasty Television (NTD)—in January launched a series examining the historical record of the communist movement. The attacks were particularly concentrated near and during events that the Chinese communist regime would consider politically sensitive.
Two of the above organizations, Dajiyuan and NTD, are some of the few Chinese-language media companies independent of the Chinese regime; both seek to provide uncensored coverage about China. The media properties have extensively covered ongoing atrocities in China, including organ harvesting from prisoners of conscience. For years, the Chinese regime has pressured advertisers and potential advertisers with the media group in an attempt to deny them funding.
The websites of Dajiyuan and Epoch Times were first hit on the morning of Feb. 7 with crippling Distributed Denial of Service (DDoS) attacks, said NTD technician Nan Wu in an interview. The cyberattack, which lasted several days, prevented visitors from properly accessing the websites.
Over the next several weeks, Epoch Media Group suffered smaller DDoS attacks aimed at disrupting internal company communications.
Then in the early hours of March 1, the servers of this newspaper and NTD were hit with another potent DDoS attack. Nan Wu said this attack was aimed at stealing source code and other sensitive information, as well as to interrupt regular television broadcasting.
The hackers kept changing their attack vectors, and appeared to be launching their attacks from public servers and zombie computers, Nan Wu said. He added that the massive scale of the cyberattack suggested that it was not the work of individual hackers or a team, but rather an operation using the resources of a state. He added that, as on every other occasion, the only logical suspect is China.
The hackers have thus far been unsuccessful in stealing information or gaining access to internal communications. “The technical team has strived to ensure that the company is operating normally,” Wu said.
Individual reporters were also targeted by apparent phishing attempts.
Joshua Philipp, Epoch Times’s national security reporter, received an alert on Feb. 22 about an attempt to login to his Facebook account from a computer in Shanghai.
Then on March 2, Philipp, who is based in New York City, received a Dropbox alert that a computer in Los Angeles had gained access to his account. The previous day, he had published a story indicating that the Chinese Consulate was behind protests against the Dalai Lama giving a commencement address at the University of California, San Diego in June. The Dalai Lama is Tibet’s top spiritual leader in exile, and is a top target of Chinese regime subversion and censorship.
“The hacking needs to be viewed in the broader context of the attacks against Dajiyuan, Epoch Times, and New Tang Dynasty Television,” Philipp said in an interview. “The Chinese regime appears to be going after all our networks, as well as the individual reporters who are exposing them.”
Stephen Gregory, publisher of the English-language edition of Epoch Times, said: “The attacks on our internet server started just when Epoch Times began publishing a new series on the Communist Party. The strength and persistence of these attacks are an indication of how much the Chinese regime fears an honest discussion of communism and its legacy.”
At the time of writing, Epoch Media Group is still being targeted by the latest DDoS cyberattack.
“We have contacted the federal government about these internet attacks,” Gregory said. “It is unacceptable for a foreign government to attempt to silence a free press here in the United States.”