The New York Times said it had fallen victim to hackers possibly connected to China’s military, linking the attacks to its expose of the vast wealth amassed by a top leader’s family.
The hackers have over the past four months infiltrated computer systems and snatched staff passwords, and their probing has been particularly focused on the emails of Shanghai bureau chief David Barboza, the newspaper said.
Barboza wrote a story published on October 25 that said the relatives of Chinese Premier Wen Jiabao had made billions of dollars in business dealings.
The New York Times said that with the help of outside computer security experts, it had managed to kick out the intruders and prevent them from breaking into its systems again.
“Chinese hackers, using methods that some consultants have associated with the Chinese military in the past, breached The Times’s network,” the newspaper said, citing a wealth of digital evidence gathered by its security consultants.
The hackers stole corporate passwords and targeted the computers of 53 employees including former Beijing bureau chief Jim Yardley, who is now the Times’s South Asia bureau chief based in India.
“Experts found no evidence that the intruders used the passwords to seek information that was not related to the reporting on the Wen family,” the newspaper said, adding that no customer data was stolen either.
The Times said the hackers appeared to be looking for “the names of people who might have provided information to Mr Barboza,” but said there was no evidence that sensitive e-mails or files from the reporting were compromised.
“They could have wreaked havoc on our systems,” Times chief information officer Marc Frons said of the hackers. “But that was not what they were after.”
The newspaper asked AT&T, which monitors its computer network, to watch for unusual activity after learning of warnings from Chinese officials that its investigation into the Wen family’s wealth would have “consequences.”
It also briefed the Federal Bureau of Investigation on the hacking. But with the attacks persisting after the Wen investigation was published, the Times hired IT security firm Mandiant on November 7.
“If you look at each attack in isolation, you can’t say, ‘This is the Chinese military,’” said Mandiant chief security officer Richard Bejtlich.
But he added: “When you see the same group steal data on Chinese dissidents and Tibetan activists, then attack an aerospace company, it starts to push you in the right direction.”
China’s Ministry of National Defense denied any government link to the intrusions, telling the Times that “to accuse the Chinese military of launching cyberattacks without solid proof is unprofessional and baseless.”