New York Times: 'We Were Attacked by Chinese Hackers'

The New York Times Newspaper 2011

Following a front-page expose on the wealth of Chinese Prime Minister Wen Jiabao's family, hackers stole the corporate passwords of all Times reporters.

The New York Times said late Wednesday that Chinese hackers attacked its computer systems over the past four months and that the corporate passwords of all Times reporters were stolen in the breach.

The cyber-attacks first occurred as the Times was conducting investigative reporting for a story that ran on the paper's front page on Oct. 25, revealing that the relatives of Chinese Prime Minister Wen Jiabao had accumulated a private fortune of several billion dollars – most of it through less-than-transparent business dealings.

STORY: Censorship Fears Grow in China After Government Forces Newspaper to Run Editorial

The Times says the hackers infiltrated the e-mail accounts of its Shanghai bureau chief, David Barboza, who wrote the story, and Jim Yardley, the newspaper’s South Asia bureau chief in India, who previously worked as bureau chief in Beijing.

Security experts hired by the New York Times Company to monitor and rectify its compromised computers said that digital evidence suggests the attacks originated from China and could be linked to the Chinese government, as the methods used by the hackers closely resemble those associated with Chinese government cyber-attacks on U.S. military contractors in the past.

The attackers tried to disguise their actions by routing their activity through universities based in the United States. The Times’ attackers channeled their moves through the exact same computers employed in past attacks linked to the Chinese military, the Times said. The hackers also employed a type of malware previously tied to Chinese hackers.

When approached with this evidence, China’s Ministry of National Defense said: “Chinese laws prohibit any action including hacking that damages Internet security.“

“To accuse the Chinese military of launching cyber-attacks without solid proof is unprofessional and baseless,” the Ministry added.

STORY: Chinese Directors Unite in Demand for Censorship Reform

The Times attacks are not the first instance of Chinese hackers targeting American media outlets over reporting that embarrassed the country's leaders.

After Bloomberg News reported on the wealth accumulated by the family of Xi Jinping, China's then heir-apparent and now leader, the company suffered cyber-attacks from unknown Chinese parties. The email accounts of Bloomberg reporters were said to have been compromised then, too.

In its story on the incident, the Times said it received warnings from Chinese government officials that its investigation of the family of Wen would “have consequences.” In response to this vague and ominous statement, the paper says it asked AT&T, which monitors its networks, to keep an eye out for unusual activity that could be consistent with hostile action.

On Oct. 25, the day the Times' hard-hitting expose on the Wen family’s wealth was printed, AT&T informed the paper’s executives that it had observed network activity resembling past attacks linked to the Chinese government.

The Times says it notified the FBI and initially tried, with AT&T's help, to expel the hackers from the company’s computers. But by Nov. 7, the newspaper realized the hackers had reached far deeper into its networks than initially suspected, at which point the paper decided to observe the hackers’ moves, both to learn more about who might be behind the breach and to better understand their methods (and, presumably, to gather information for today’s sensational news piece).

STORY: Chinese Studio Boss Yu Dong Calls For Censorship Reform

The Times tech team and AT&T say hacker teams regularly began activity at 8 a.m. Beijing time and tooled around in the company’s computers for the duration of a regular workday.

The investigators were unable to determine how exactly the Chinese hackers initially snuck past the Times network security, but their assumption is that they employed a ‘spear-phishing’ attack, in which emails are sent to employees with attachments that install a "remote access tool” – or, aptly abbreviated: “RAT” – upon opening.