Report: Chinese hackers attacked the New York Times

The reporting on Jiabao was already being monitored before publication.
Source: New York Times The New York Times has reported that Chinese hackers targeted and spied on the paper for four months. The attacks are believed to have been prompted by an article on the assets of prime minister Wen Jiabao's relatives that was published on 25 October 2012 and subsequently blocked by China.

Intrusions began about two weeks before the release of the article, said the paper. At that time, the responsible editors had already been told by the Chinese government that any potential articles on Jiabao would have consequences. In response, the New York Times asked to have its network monitoring increased, and unusual data traffic was indeed registered soon afterwards. The paper then asked security firm Mandiant to analyse the attacks.

Reportedly, the attackers first breached – probably using a specially crafted and targeted email (spear phishing) – the email account of the paper's Shanghai correspondent and chief editor, David Barboza, who had reported on Wen Jiabao's relatives. They also obtained access to the email account of a former chief editor of the Beijing office and used this vector to install malware that granted them access to any computer on the Times network. The perpetrators tried to conceal the origin of their attacks by using hijacked computers located at universities in the US.

They managed to obtain the passwords of all Times employees and access to around 53 computers for further trawling. However, the New York Times says that the intruders copied no customer data and weren't interested in any information other than the research on Jiabao. Barboza's computer was, in particular, searched for potential clues.

Mandiant found that 45 different types of malware had been installed within the paper's company network – the Symantec security software that had been implemented to protect the network recognised only one. According to the Times, Symantec declined to comment, saying that it does not comment on its customers as a matter of policy.

This report is also said to have triggered attacks from China.
Source: Bloomberg The Times and Mandiant have no doubt that the attacks originated from China. Apparently, the attack types and the tools that were used had previously been used by the Chinese military to attack US targets. Among the techniques employed is the use of university computers to conceal the origin of data traffic.

Bloomberg press agency registered a similar attack after publishing an article on then vice president Xi Jinping's fortune on 29 June 2012. However, the company said that the attackers weren't able to gain access to Bloomberg's network. The suspected spear-phishing attack and subsequent spying activities on the Times' network are also reminiscent of the Coca Cola hack that made headlines in 2012.

(djwm)