For the past four months, The New York Times has been attacked by hackers whose activities have been traced back to China. These attacks coincide with an exposé The Times ran about the vast wealth acquired by the family of Wen Jiabao, the Chinese prime minister, despite his claims that his family was very poor. Experts, who were hired by The Timesto track and expel the intruders, determined that the hackers used techniques that have been associated with the Chinese military, and that these hackers broke into the email accounts of Shanghai bureau chief David Barboza and the South Asia bureau chief, Jim Yardley.
The security company hired by the newspaper, Mandiant, found that the attackers tried to conceal their location by routing their attacks through American universities, a tactic that has been used by other hackers that Mandiant had also traced back to China in previous investigations. The hackers installed a software that would give them access to any computer on The Times’ network, and eventually stole the corporate passwords of every employee. Mandiant claims that the type of software is one that commonly originates in China. Furthermore, the university computers that the hackers used are the same ones that the Chinese military have used to attack American military contractors in the past.
A spokesperson for China’s Military of National Defense claimed that Chinese laws prohibit hacking and that no accusations on China could be valid without more evidence. However, U.S. security experts argued that there have been a growing number of attacks made by Chinese hackers, including one last year on Bloomberg News after it published an article about China’s then prime minister, Xi Jinping. Experts state that there appears to be a spying campaign going on in China that targets American corporations, government agencies, media organizations and activist groups. The goal of the campaign is both to steal trade secrets and to control China’s public image.
Since 2008, Chinese hackers have been targeting Western journalists in order to discourage them from publishing stories that might be harmful to China’s image. However, China is not the only country to use computer hacking as a weapon. Israel, Russia, Iran and the United States are few of the many countries that are believed to be developing means of cyberwarfare. Evidence suggests that in 2008, the U.S. and Israel were behind the release of a computer worm that damaged Iran’s main nuclear enrichment plant. Iran then allegedly responded with computer attacks against the U.S. There is also evidence that indicate Russia’s usage of computer attacks during its war against Georgia in 2008.
“I believe that cyberwarfare has already begun and that governments and corporations are feeling the brunt of the attacks. Unfortunately, there is no one size fits all security solution. The best that organizations can do is to practice defense in depth with multiple layers of protection,” Avi Rubin, a professor of computer science at Hopkins and technical director of the Information Security Institute, wrote in an email to The News-Letter.
Although it isn’t clear how the hackers first breached The Times’ security, investigators suspect that they used a spear-phishing attack, during which the hackers send emails with malicious links to employees. Once someone clicks on the link, hackers can install “remote access tools,” which can provide the attackers with many different types of information.
The Times first began to worry about cyberattacks when they received warnings by Chinese government officials that the publication of an article on Jiabao would have serious consequences. Executives requested that AT&T, which monitors the Times’ computer network, keep a lookout for anything unusual. On October 25th, AT&T informed the newspaper that it had found evidence of attacks similar to those that were believed to have been carried out by the Chinese military.
“It is important to constantly monitor networks, as The Times did. Thanks to the monitoring by AT&T, the Times found out about the attacks,” Rubin wrote.
While The Times notified the FBI about these attacks, AT&T continued to provide the majority of the defense force to expel the hackers. However, by November 7, when it became clear that hackers were still inside the system, the newspaper hired Mandiant, a company that specializes in security breaches.
While working with Mandiant, The Times allowed the hackers to continue working so that they could identify every back door the attackers had used to get in. Computer hackers can be difficult to eliminate and can return to attack a company again later, so security experts at Mandiant wanted to be certain that they had knowledge of the full extent of the hackers’ access.
To investigators, it became apparent that the hackers weren’t interested in destroying the computer systems; the security team found no evidence that any other information besides stories covering Mr. Wen was accessed and no customer data was stolen. The hackers were mostly interested in looking at Barboza’s email correspondence to find the names of people who might have provided information to him. However, most of Barboza’s article was based on public records, including thousands of corporate documents.
To ensure that they had eliminated the hackers, The Times had to block all compromised computers, remove all the back doors into its network, change every employee password and add additional security. However, the newspaper still anticipates that hackers will attempt to return.
“I believe The Times took some very good steps, but nothing is perfect when it comes to security. They just have to remain vigilant,” Rubin wrote.