New York Times 'hit by hackers from China'

New York Times building (March 2011) The New York Times said the attacks targeted its Shanghai bureau chief

Related Stories

Hackers from China have "persistently" infiltrated the New York Times for the last four months, the US paper says.

It said the attacks coincided with its report into claims that the family of Chinese Premier Wen Jiabao had amassed a multi-billion dollar fortune.

The hackers used methods which have been "associated with the Chinese military" to target the emails of the report's writer, the paper said.

China's foreign ministry dismissed the accusations as "groundless".

"To arbitrarily assert and to conclude without hard evidence that China participated in such hacking attacks is totally irresponsible," said spokesman Hong Lei.

"China is also a victim of hacking attacks. Chinese laws clearly forbid hacking attacks, and we hope relevant parties takes a responsible attitude on this issue."

Beijing has been accused by several governments, foreign companies and organisations of carrying out extensive cyber espionage for many years, seeking to gather information and to control China's image.

'China-based subterfuge'

According to the Times, the hackers first broke into their computer system in September, as the report on Mr Wen was nearing completion.

The report, which was dismissed as a "smear" by the Chinese government, said Mr Wen's relatives had amassed assets worth at least $2.7bn (£1.7bn) through business dealings. It did not accuse the Chinese premier of wrongdoing.

China is sensitive about reports on its leaders, particularly when it comes to their wealth.

Alleged China-based hacks

  • China was widely believed to be the source of major cyber attacks between 2006 and 2011 targeting 72 organisations including the International Olympic Committee, the UN and security firms
  • In 2011, Google said hackers based in Jinan province had compromised personal email accounts of hundreds of top US officials, military personnel and journalists
  • South Korea blamed Chinese hackers for stealing data from 35 million accounts on a popular social network in July last year
  • Chinese-based computers seized "full functional control" of computers at Nasa in 2011, the US body said
  • In 2011 US media reported that Chinese-based hackers were suspected of a "significant" cyber attack on defence firm Lockheed Martin.
  • Coca-cola says its systems were breached in 2009 by Beijing-backed hackers, while it was trying to buy China's Huiyuan Juice Group
  • The US Pentagon said it was hacked by the Chinese military in 2007
  • China says hacking is illegal under its laws and that it is a victim of such attacks itself

The New York Times said the hacking initially focussed on the computers of David Barboza, the paper's bureau chief in Shanghai who wrote the report, and one of his predecessors, Jim Yardley.

Internet security firm Mandiant, which was hired by the Times to trace the attack, followed the hackers' movements for four months, to try to establish a pattern and block them.

The hackers installed malware which enabled them to access any computer using the New York Times network, steal the password of every employee, and access 53 personal computers, mostly outside the Times offices.

They found the hackers began working for the most part at 08:00 Beijing time. They have not been able to establish how exactly the hackers broke into the system, but believe it may have been through a so-called spear-phishing attack, where an employee clicked on an email or link containing malicious code.

The security firm found that in an attempt to hide the origin of the attack, it had been routed through computers in US universities which, the paper said, "matches the subterfuge used in many other attacks that Mandiant has tracked to China".

The Times said experts had found that the attacks "started from the same university computers used by the Chinese military to attack United States military contractors in the past".

Mandiant's chief security officer, Richard Bejtlich, said that "if you look at each attack in isolation, you can't say, 'This is the Chinese military'," but that the similar patterns and targets of the attacks indicated a connection.

The BBC's Damian Grammaticas: "On the day it (NY Times) published, its computers came under attack"

"When you see the same group steal data on Chinese dissidents and Tibetan activists, then attack an aerospace company, it starts to push you in the right direction," he said.

The paper said no personal data of staff or customers was stolen and that no attempt was made to shut down its website.

"They could have wreaked havoc on our systems," said chief information officer Marc Frons. But he said what they appeared to be looking for were "the names of people who might have provided information to Mr Barboza".

There was also no evidence that sensitive emails or files on the Wen family had been accessed, or that the intruders had sought information unrelated to the Wen family, the paper said.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More China stories


Features & Analysis

Elsewhere on the BBC

  • Audi R8Best in show

    BBC Autos takes a look at 10 of the most eye-catching new cars at the 2015 Geneva motor show


  • A robotClick Watch

    The latest in robotics including software that can design electronics to solve problems

Try our new site and tell us what you think. Learn more
Take me there

Copyright © 2015 BBC. The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.