Chinese hackers repeatedly penetrated The New York Times’ computer systems over the past four months, stealing reporters’ passwords and hunting for files on an investigation into the wealth amassed by the family of a top Chinese leader, the newspaper reported Thursday.
Security experts hired to investigate and plug the breach found that the attacks used tactics similar to ones used in previous hacking incidents traced to China, the report said. It said the hackers routed the attacks through computers at U.S. universities, installed a strain of malicious software, or malware, associated with Chinese hackers and initiated the attacks from Chinese university computers previously used by the Chinese military to attack U.S. military contractors.
The attacks, which began in mid-September, coincided with a Times investigation into how the relatives and family of Premier Wen Jiabao built a fortune worth over $2 billion. The report, which was posted online Oct. 25, embarrassed the Communist Party leadership, coming ahead of a fraught transition to new leaders and exposing deep-seated favoritism at a time when many Chinese are upset about a wealth gap.
Over the months of cyber-incursions, the hackers eventually lifted the computer passwords of all Times employees and used them to get into the personal computers of 53 employees.
The report said none of the Times’ customer data was compromised and that information about the investigation into the Wen family remained protected, though it left unclear what data or communications the infiltrators accessed.
“Computer security experts found no evidence that sensitive emails or files from the reporting of our articles about the Wen family were accessed, downloaded or copied,” the report quoted executive editor Jill Abramson as saying. A Times spokeswoman declined to comment further.
The Chinese foreign and defense ministries called the Times’ allegations baseless, and the Defense Ministry denied any involvement by the military.
“Chinese law forbids hacking and any other actions that damage Internet security,” the Defense Ministry said in a statement. “The Chinese military has never supported any hacking activities. Cyber-attacks are characterized by being cross-national and anonymous. To accuse the Chinese military of launching cyber-attacks without firm evidence is not professional and also groundless.”
China has been accused by the U.S., other foreign governments and computer security experts of mounting a widespread, aggressive cyber-spying campaign for several years, trying to steal classified information and corporate secrets and to intimidate critics. Foreign reporters and news media, including The Associated Press, have been among the targets of attacks intended to uncover the identities of sources for news stories and to stifle critical reports about the Chinese government.
“Attacks on journalists based in China are increasingly aggressive, disruptive and sophisticated,” said Greg Walton, a cyber-security researcher who has tracked Chinese hacking campaigns. China’s cyber-spying efforts have excelled in part because of the government’s “willingness to ignore international norms relating to civil society and media organizations,” he said.
The Times reported that executives became concerned just before the publication of the Wen investigation after learning that Chinese officials had warned of unspecified consequences. Soon after the Oct. 25 publication, AT&T, which monitors the Times’ computer networks, notified the company about activity consistent with a hacking attack, the report said.
After months of investigation by the computer security firm Mandiant, experts are still unsure how the hackers initially infiltrated the Times’ computer systems, the report said.