Hackers break into New York Times, steal employee passwords

31 Jan 2013

The New York Times has claimed that hackers based in China managed to infiltrate its computer network and access employee emails.

The New York Times said today that for the past four months it has been under persistent cyber attacks from hackers based in China.

It said the timings of the attacks coincided with an investigation into the business dealings of relatives of China’s Prime Minister Wen Jiabao, who are understood to have accumulated wealth through business dealings.

Security experts commissioned by The New York Times said the style of attacks were similar to previous attacks on its executives in Shanghai and India, and that methods used were associated with the Chinese military.

It is understood the attackers tried to cloak their attacks by first penetrating computers in US universities and routing the attacks through them.

Malware installed on the newspaper’s network enabled the attacks to gain entry to every computer on the network.

Security experts hired by the newspaper said they found evidence that the hackers stole the corporate passwords of every employee and gained access to 53 employees’ email systems.

China’s Ministry of National Defense refuted the attacks, according to the newspaper.

Similar attacks were directed at news agency Bloomberg, which at the time was investigating the wealth accumulated by relatives of China’s then-vice president Xi Jimping.

The New York Times executive editor Jill Abramson said experts found no evidence that sensitive emails or files from the reporting on the Wen family were accessed, downloaded or copied.

“You can understand why people who might have provided information for the investigation into Wen Jiabao’s family would want to be reassured that their identities had not been revealed to whoever was behind the hack,” said Graham Cluley of the Sophos Naked Security blog.

A total of 45 custom-written malware samples were found on the network.

Were the attacks on The New York Times sanctioned by Chinese state?

New York Times

“Security experts brought in by the newspaper have pointed the finger of blame at China. And, in all likelihood, they’re right,” Cluley said.

“However, it must be remembered that it is extremely difficult to prove who is behind an internet attack like this. That’s because it’s so easy to use compromised computers around the world to route attacks through – disguising the true origin.

“Of course, even if China is identified as the starting point of an attack – it doesn’t necessarily prove that the operation is backed by the Chinese government or intelligence services. It could just as easily be a patriotic group of skilled, independent Chinese hackers upset with how the Western media is portraying their country’s rulers.

“But let’s not be too naive … In all probability, The New York Times’ conclusion is correct, and this attack was sanctioned by the powers that be in Beijing,” Cluley said.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years