NYT claims China hacking
January 31, 2013The US daily paper the New York Times on Thursday said hackers, possibly connected to China's military, stole their reporters' email passwords, alleging it was linked to an earlier feature article exploring Chinese Premier Wen Jiabao's amassed wealth.
The computer security firm Mandiant, which was hired to investigate and block the breach, found that the attacks used strategies similar to ones used in previous hacking incidents traced to China, the New York Times report said.
The Chinese government responded that it was "irresponsible" to jump to unproven conlusions.
According to Mandiant's report, the hackers routed the attacks through computers at US universities and installed a strain of malicious software, or malware, to gain access to The Times's network. The attacks reportedly started from the same university computers that, in the past, had been used by the Chinese military to attack US military contractors.
“If you look at each attack in isolation, you can't say, ‘This is the Chinese military,'” said Mandiant chief security officer Richard Bejtlich. However he added that "when you see the same group steal data on Chinese dissidents and Tibetan activists, then attack an aerospace company, it starts to push you in the right direction.”
Confusion over target, no data accessed
The attacks reportedly began in mid-September, coinciding with the newspaper's investigation into how the relatives of Wen Jiabao built a fortune worth more than $2 billion (1.47 billion euros). The report was posted online on Oct. 25, ahead of China's once-in-a-decade leadership transition, and it prompted the Communist Party to block the paper's website, which remains inaccessible.
A Chinese Foreign Ministry spokesman called the hacking accusations “groundless” and said China has also been a victim of repeated hacking.
"To rashly jump to conclusions based on investigation results which have not been proved by evidence is totally irresponsible behavior," the spokesman, Hong Lei, said at a routine daily media briefing. "China is also a victim of cyber-attacks. Chinese laws specifically stipulate that cyber-attacks are prohibited."
Security exports said the hackers stole the corporate passwords for every Times employee and used them to gain access to the personal computers of 53 employees. Shanghai-based correspondent David Barboza, the main author of the newspaper's reports on Wen's family wealth, was one of the employees. The Times said the hackers appeared to be looking for "the names of people who might have probided information to Mr. Barnoza."
However, the report said information from the investigation into the Wen family remained protected.
"Computer security experts found no evidence that sensitive e-mails or files from the reporting of our articles about the Wen family were accessed, downloaded or copied," the report quoted executive editor Jill Abramson as saying.
The paper also wrote in its Thursday report, however, that there was no evidence of other senstive or customer data being accessed. Chief information officer Mark Frons, who confessed that with the access attained the hackers "could have wreaked havoc on our system," said he thought they might have been looking for names of people who provided information to Barboza.
hc/msh (AP, AFP, dpa)