Chinese hackers with connections to the country’s military have been accused of hacking into the computers of New York Times journalists as part of a wide-ranging campaign of espionage against US news media.
The accusation made by the New York Times itself, detected in flagrante delicto, is an extraordinary one, not least for the unusually clear suggestion that this was almost certainly the work of the Chinese authorities.
The newspaper said that the attackers had successful penetrated its network and gained access to the logins of 53 employees, including Shanghai bureau chief David Barboza who last October published an embarrassing article on the vast secret wealth of China’s prime minister, Wen Jiabao.
The newspaper was warned that this article would “have consequences,” prompting extra monitoring by AT&T for cyberattacks, it said.
After the telecom company noticed unusual activity which it was unable to trace or deflect, security firm Mandiant was brought into conduct a forensic investigation that uncovered the true extent of what had been going on.
Over four months starting in September 2012, the attackers had managed to install 45 pieces of targeted malware designed to probe for data such as emails after stealing credentials.
Although the staff logins were hashed but that doesn’t appear to have stopped the hackers in this instance, perhaps, the newspaper suggests, because they were able to deploy rainbow tables to beat the relatively short passwords.
Despite this, “computer security experts found no evidence that sensitive emails or files from the reporting of our articles about the Wen family were accessed, downloaded or copied,” said New York Times executive editor, Jill Abramson, in a prominent article in the paper.
Although the attackers tried to hide their origins – hiding behind compromised servers in a number of US universities – the newspapers and its hired security hands are now convinced that Chinese actors were behind the incursion which was monitored by Mandiant to establish its origins.
Apart from the design of the of the attacks and the unusual strain of malware used, the attacks were traced to Chinese university computers used in past attacks on US interests, and even to one hacking group given the moniker “APT Number 12.”
The company’s Symantec antivirus had only detected and quarantined one of the Trojans deployed, the newspaper reported Mandiant as having told them.
“Attackers no longer go after our firewall. They go after individuals. They send a malicious piece of code to your email account and you’re opening it and letting them in,” commented the paper’s chief security officer, Michael Higgins, referring to the simple email attack that probably initiated infection with the malware.
The Chinese have denied official involvement in the attacks, which are believed to be part of a large campaign to target US media.
Accusations of espionage by Chinese hackers against US interests are now routine. The first large US firm to break ranks and throw accusations was Google, which in 2010 accused the authorities of hacking Gmail accounts linked to political dissidents.