Over the Past Four Months, Chinese Hackers Attacked NY Times

January 31, 2013 Updated: October 1, 2015
Staffers at the New York Times hold an organized protest outside the New York Times Building in New York on Oct. 8, 2012. (Timothy A. Clary/AFP/GettyImages)

Chinese hackers have carried out attacks on The New York Times’ computer systems for the past four months, stealing account information and passwords of reporters and others who work at the U.S. paper, it said in a report this week.

The Times said that after “surreptitiously tracking” the hackers for a time, the paper’s computer security experts set up better defenses and then ultimately kicked them out of its networks. Customer accounts with the newspaper were not compromised, it said, citing its security experts.

For years, China-based computer hackers have conducted cyberattacks that target the interests of American businesses, groups, and government agencies. The hack against the Times could be mark a potential shift in the hacker’s tactics to go after more United States-based media entities.

Before breaching the systems of the Times, the hackers attempted to “cloak the source” of their wrongdoings by routing their attacks through universities in the United States, according to Mandiant, a firm hired by the paper to look into the breaches. Mandiant, which noted that Chinese hackers have used this tactic before in penetrating the systems of other American companies, said that the same university computers were used by the Chinese military to hack the systems of U.S. military contractors in the past.

When they got into the Times’ systems, the hackers installed malware to gain access to any computer in the company’s network, before stealing corporate passwords for “every Times employee” and then used that information to gain access to the personal computers of 53 employees. Experts also noted that this malicious software was used by Chinese hackers in the past.

But its still unclear how the cyber-assailants initially hacked into the Times’ systems, the paper said. Experts think they used a “spear-phishing attack” that involves sending e-mails to employees with links or attachments that install “remote access tools” to gain entry into their computers.

The Times said that the hack coincided about the paper’s reporting on the family assets belonging to Premier Wen Jiabao in October. However, Jill Abramson, the exclusive editor, said in the report that “computer security experts found no evidence that sensitive e-mails or files from the reporting of our articles about the Wen family were accessed, downloaded or copied.”

The paper said that the e-mail accounts of David Barboza, the Times’ Shanghai bureau chief and who wrote the reports about Wen, as well as Jim Yardley, the Times’ South Asia bureau chief, were both hacked.

The Times, which uses Symantec’s anti-virus program, said the software found only one instance of malware installed by the hackers. They installed more than 45 “pieces of custom malware” on the company’s computers.

Bloomberg News was also hacked last year after it published a report about wealth also accumulated by current leader Xi Jinping’s relatives. At the time, Xi was waiting in the wings to take over the Chinese Communist Party ahead of the 18th National Party Congress, which essentially saw him take the leadership position.

Grahm Culey, who operates the Naked Security blog for security firm Sophos, wrote that while it is still unclear that Chinese government actors were behind the hack, it is extremely likely. 

“Let’s not be too naive,” he wrote, “in all probability, the New York Times’s conclusion is correct, and this attack was sanctioned by the powers that be in Beijing.”

When the Times published its report on Wen, Chinese censors blocked out the paper’s Chinese name on several microblogging websites. They also censored the paper’s website in Chinese, the paper reported in October. 

“This is not the end of the story,” Richard Bejtlich, the head security officer for Mandiant, told the Times. “Once they take a liking to a victim, they tend to come back. It’s not like a digital crime case where the intruders steal stuff and then they’re gone. This requires an internal vigilance model.”

The Epoch Times Chinese website was repeatedly attacked last August when the paper was reporting extensively on the scandal surrounding disgraced Communist Party official Bo Xilai and his wife Gu Kailai, who was given a suspended death sentence for murder. 

[email protected]