Why Chinese hackers stole the passwords of New York Times employees
An investigation into the financial dealings of a leading Chinese lawmaker apparently made The Grey Lady the target of cyberspies
The New York Times dropped a bombshell late Wednesday, publishing a story admitting that Chinese hackers had infiltrated the newspaper's computer systems to steal the passwords of reporters. According to the report, the timing of the attacks coincided with the Times' investigation of Wen Jiabao, China's prime minister. The paper of record had found that the lawmaker's relatives "had accumulated a fortune worth several billion dollars through business dealings." Here's what you should know:
What exactly was stolen from the Times?The corporate password for every New York Times employee, which were then used to gain access to 53 computers. Specifically, hackers targeted the email accounts of Times' Shanghai bureau chief David Barboza, who spearheaded the Wen investigation, and Jim Yardley, South Asia bureau chief. New York Times executive editor Jill Abramson says that "computer security experts found no evidence that sensitive emails or files from the reporting of our articles about the Wen family were accessed, downloaded, or copied." Unlike a recent Los Angeles Times breach that was used to burglarize the homes of subscribers taking vacations, no New York Times subscriber information was compromised.
How do they know who was behind it?The timing of the attacks coincided with this story, published on Oct. 25. Security experts hired by The Times monitored the attacks, and gathered evidence against the hackers to build better defenses for the future. The perpetrators allegedly used techniques associated with the Chinese military.
How did the hackers break in?According to The Times, the attackers first installed malware on the newspaper's computer network, which security experts identified as a specific strain similar to computer attacks originating from China in the past. The attacks were routed through computers at American universities — a deception tactic that was once used to attempt to break into the networks of U.S. military contractors. Overall, 45 pieces of custom malware were identified.
Have similar things happened in the past?Last year, Bloomberg News was targeted by Chinese hackers, after it published an article about the wealth accumulated by relatives of Xi Jinping, China's vice president. And more broadly, Chinese hackers reportedly began targeting American journalists as far back as 2008, anticipating stories that might damage the reputations of the country's high-ranking officials.
What tipped The Times off?Before publishing the Oct. 25 story on Prime Minister Wen, the newspaper was warned by Chinese officials that reporting the story would have "consequences." On Oct. 24, the newspaper asked AT&T, the company that monitors its computer networks, to keep an eye out for signs of suspicious activity. Sure enough, after the article was published, AT&T told The Times that there were signs of attacks. The paper alerted the FBI, and called on security firm Mandiant to investigate.
How long did the attacks go on for?Four months, at least. The security team hired by The Times allowed the hacks to go on so they could identify all the "digital back doors" used by infiltrators. Each day, attacks would begin around 8 a.m. Beijing time, and usually lasted throughout a standard work day. Once the hackers were finally shut out, all the compromised computers were replaced, and new defenses were set up. "They could have wreaked havoc on our systems," said Marc Frons, chief information officer of The Times. "But that was not what they were after."