New York Times 'hit by hackers from China'
- 31 January 2013
- From the section China
Hackers from China have "persistently" infiltrated the New York Times for the last four months, the US paper says.
It said the attacks coincided with its report into claims that the family of Chinese Premier Wen Jiabao had amassed a multi-billion dollar fortune.
The hackers used methods which have been "associated with the Chinese military" to target the emails of the report's writer, the paper said.
China's foreign ministry dismissed the accusations as "groundless".
"To arbitrarily assert and to conclude without hard evidence that China participated in such hacking attacks is totally irresponsible," said spokesman Hong Lei.
"China is also a victim of hacking attacks. Chinese laws clearly forbid hacking attacks, and we hope relevant parties takes a responsible attitude on this issue."
Beijing has been accused by several governments, foreign companies and organisations of carrying out extensive cyber espionage for many years, seeking to gather information and to control China's image.
According to the Times, the hackers first broke into their computer system in September, as the report on Mr Wen was nearing completion.
The report, which was dismissed as a "smear" by the Chinese government, said Mr Wen's relatives had amassed assets worth at least $2.7bn (£1.7bn) through business dealings. It did not accuse the Chinese premier of wrongdoing.
China is sensitive about reports on its leaders, particularly when it comes to their wealth.
The New York Times said the hacking initially focussed on the computers of David Barboza, the paper's bureau chief in Shanghai who wrote the report, and one of his predecessors, Jim Yardley.
Internet security firm Mandiant, which was hired by the Times to trace the attack, followed the hackers' movements for four months, to try to establish a pattern and block them.
The hackers installed malware which enabled them to access any computer using the New York Times network, steal the password of every employee, and access 53 personal computers, mostly outside the Times offices.
They found the hackers began working for the most part at 08:00 Beijing time. They have not been able to establish how exactly the hackers broke into the system, but believe it may have been through a so-called spear-phishing attack, where an employee clicked on an email or link containing malicious code.
The security firm found that in an attempt to hide the origin of the attack, it had been routed through computers in US universities which, the paper said, "matches the subterfuge used in many other attacks that Mandiant has tracked to China".
The Times said experts had found that the attacks "started from the same university computers used by the Chinese military to attack United States military contractors in the past".
Mandiant's chief security officer, Richard Bejtlich, said that "if you look at each attack in isolation, you can't say, 'This is the Chinese military'," but that the similar patterns and targets of the attacks indicated a connection.
"When you see the same group steal data on Chinese dissidents and Tibetan activists, then attack an aerospace company, it starts to push you in the right direction," he said.
The paper said no personal data of staff or customers was stolen and that no attempt was made to shut down its website.
"They could have wreaked havoc on our systems," said chief information officer Marc Frons. But he said what they appeared to be looking for were "the names of people who might have provided information to Mr Barboza".
There was also no evidence that sensitive emails or files on the Wen family had been accessed, or that the intruders had sought information unrelated to the Wen family, the paper said.