New York Times Hit by Hackers

Security experts hired by the paper say Chinese hackers breached its network.

The New York Times newspaper has accused hackers traced to China of "persistently" infiltrating its computer networks over the last four months, sparking an angry denial from Beijing.

"Chinese hackers have persistently attacked The New York Times, infiltrating its computer systems and getting passwords for its reporters and other employees," the paper reported.

The paper had hired a team of computer security experts to trace the attacks and block any back doors through which they were gaining access to the system, it said.

"The Times and computer security experts have expelled the attackers and kept them from breaking back in," the report said.

It said the timing of the attacks came as the paper's journalists were researching several billion dollars' worth of assets it later reported were held secretly by relatives of outgoing premier Wen Jiabao.

By the time the paper published the results of its investigation on Oct. 25, the security of its' employees e-mail accounts had already been compromised.

The paper hired security experts who had gathered evidence that Chinese hackers breached the paper's network, the report said.

"They broke into the e-mail accounts of its Shanghai bureau chief, David Barboza, who wrote the reports on Mr. Wen’s relatives, and Jim Yardley, The Times’s South Asia bureau chief in India, who previously worked as bureau chief in Beijing," the paper reported.

However, a spokeswoman for the papers said no evidence had been found that outsiders had accessed sensitive information or files from the research effort.

Cover their tracks

According to experts at Mandiant, the security firm that investigated the security breach, the hackers tried to cover their own tracks by routing the attacks through compromised computers at U.S. universities.

"This matches the subterfuge used in many other attacks that Mandiant has tracked to China," the New York Times' own article said.

It said the malware used to install spyware on the paper's network was also of a type previously associated with Chinese hacker attacks.

It quoted Mandiant as saying that the attacks started from the same university computers used by the Chinese military to attack U.S. military contractors in the past.

The paper said there appeared to be a "broader computer espionage campaign" against American news media companies that have reported on Chinese leaders and corporations.

It cited Chinese hacker attacks on Bloomberg News after Bloomberg published an article on June 29 about the wealth accumulated by relatives of president-in-waiting Xi Jinping.

An employee at the New York Times in China, who declined to be named, confirmed that the e-mail accounts of "some colleagues" had been taken over by hackers.

But he declined to speculate on whether the Chinese government was involved.

Meanwhile, a German foreign correspondent based in Beijing said his e-mail had been hacked several times before.

"My e-mail account has been taken over at least four times," the journalist said, including, "Once from Hong Kong, once from Taiwan and once from mainland China."

"My e-mails were opened," he added.

Revenge attack unlikely

Beijing-based scholar Chen Yongmiao, who follows cyber-security issues, said he believed that official military involvement in a revenge attack on the Times' networks wasn't very likely.

But he said that didn't rule out privately motivated attacks by people affected by the Times' recent reporting on China, who might well have a military background.

"I don't think that the military would target a specific company simply because of some media reports about corruption," Chen said.

"Unless it was someone from one of the families accused of corruption, who used his military connections to get revenge on the New York Times."

The Chinese government has repeatedly denied any involvement in hacker activities, saying it is opposed to them.

Chinese foreign ministry spokesman Hong Lei said on Thursday that the suggestion that China was involved in the hacker attacks on The New York Times was "irresponsible."

"To arbitrarily assert and to conclude without hard evidence that China participated in such hacking attacks is totally irresponsible," Hong told a regular news briefing in Beijing.

"China is also a victim of hacking attacks," he said. "Chinese laws clearly forbid hacking attacks, and we hope the relevant parties will take a responsible attitude on this issue."

A similar denial was quoted in the New York Times from the defense ministry in Beijing.

Significant threat

A U.S. security watchdog reported last year that China has advanced its computer network capabilities to the extent that they pose a significant threat to U.S. military operations in the event of a conflict.

The U.S.-China Economic and Security Review Commission report detailed how China is advancing its capabilities in computer network attack, defense, and exploitation and examines issues related to cybersecurity and potential risks to U.S. national security and economic interests.

In August 2011, China rejected suggestions that it was behind a massive cyberspying initiative reported earlier that month by security firm McAfee.

McAfee said in a report titled "Operation Shady RAT" that hackers compromised computer security at more than 70 global organizations, including the U.N. and U.S. government bodies, sparking speculation that China was behind the attacks.

McAfee did not identify any country behind the hacking campaign, but its security experts had said in February last year that hackers working from China had targeted the computers of oil and gas companies in the U.S., Greece, Taiwan, and Kazakhstan.

The “coordinated, covert, and targeted” attacks began in November 2009, and the hackers succeeded in stealing sensitive information, it said.

Reported by Grace Kei Lai-see for RFA's Cantonese service. Translated and written in English by Luisetta Mudie.