On Wednesday night, after enduring four months of hacking, the New York Times finally reported that its computer network had been infiltrated and that it had ousted its attackers, who it linked to the Chinese military. In the meantime, hackers stole every Times employee’s corporate password, and used them to get into 53 employees’ personal computers. The attacks started as the paper wrapped up reporting on its bombshell investigative piece about the family wealth of Chinese Prime Minister Wen Jiabao, and ramped up after publication of the story that, it was warned, would “have consequences.”
Among the evidence pointing to Chinese government hackers, in addition to increasingly familiar tactics and the targeting of the reporters on the Wen story, was the fact that the attacks tended to start at 8 a.m. Beijing time and generally lasted for a workday before easing off. There was also this:
The attackers first installed malware — malicious software — that enabled them to gain entry to any computer on The Times’s network. The malware was identified by computer security experts as a specific strain associated with computer attacks originating in China. More evidence of the source, experts said, is that the attacks started from the same university computers used by the Chinese military to attack United States military contractors in the past.
The paper had been monitoring the hackers as they roamed through its systems, in order to “identify every digital back door the hackers used” before replacing compromised computers and installing new security measures. “I would like to apologize to the NYT computer support folks I snapped at after they reset my password without warning,” tweeted Times national correspondent John Schwartz after the story dropped on Wednesday night.
While the hackers could have “wreaked havoc on our systems,” according to Times chief information officer Marc Frons, they didn’t do so, nor did they access any customer data, the paper reports. Rather, they targeted the e-mail accounts of Shanghai bureau chief David Barboza, who wrote the Wen story, and former Beijing bureau chief Jim Yardley. “What they appeared to be looking for were the names of people who might have provided information to Mr. Barboza.” Executive editor Jill Abramson said there was “no evidence” sensitive files or messages were accessed.
One obvious casualty of the attack: Symantec, maker of the Times’s anti-virus software, which found just one of the 45 pieces of custom malware installed on the Times servers. Not a ringing endorsement.
Update: China, meanwhile, is throwing up its hands. “Chinese law forbids hacking and any other actions that damage Internet security,” the Defense Ministry said in a statement, according to the AP. “The Chinese military has never supported any hacking activities. Cyber-attacks are characterized by being cross-national and anonymous. To accuse the Chinese military of launching cyber-attacks without firm evidence is not professional and also groundless.” The Times, as we all know, does not take kindly to having its integrity questioned, so expect a follow-up.