Online assaults: Attacking the hackers: New York Times turns tables on Chinese cyber spies: Paper claims Wen expose led to internet espionage Scepticism greets Beijing denial of breaches: News groups on the frontline
(Guardian (UK) Via Acquire Media NewsEdge) Revelations that Chinese hackers apparently targeted the New York Times in a campaign of cyber espionage have cast a rare spotlight on efforts by Beijing to crack down on criticism of its ruling elite.
The spying, which was detected and monitored by Times digital staff, is believed to have been linked to the newspaper's hard-hitting October expose of the vast wealth accumulated by the family of outgoing president Wen Jiabao.
Beijing officials have denied the allegations, though that has prompted scepticism among Times executives who devoted weeks to tracking, checking and ultimately exposing the move.
"This is business as usual from what we can tell for aspects of the Chinese government," said Marc Frons, the newspaper's chief information officer. Frons said the paper expected further attempts on its computer systems. "It is really spy versus spy," he said. "I don't think we can relax. I am pretty sure that they will be back."
The hackers gained entry to the newspaper's internal systems and accessed the personal computers of 53 employees including David Barboza, its Shanghai bureau chief and author of the Wen expose. An investigation by Mandiant, a cyber-security company, traced the source of the attacks to university computers that the "Chinese military had used to attack United States military contractors in the past", the Times said.
Although the hackers gained passwords for every Times employee, Mandiant found that they only sought information related to the Wen story. "They were after David Barboza's source list; confidential names and numbers and looking to find out who he was talking to," said Frons.
The Times said it worked with telecommunications company AT&T and the FBI to trace the hackers after AT&T noticed suspicious activity on the paper's computer networks on 25 October, one day after the article appeared in print. A later analysis concluded that hackers initially broke into Times computers on 13 September when reporting for the Wen story was in its final pre-publishing stages.
The Times decided to monitor the hackers. "We let them play in our environment so that we could watch what tools they were using and watch what they were doing," Frons said.
Despite the vociferous denials, the revelations are likely to embarrass Beijing. Yet they are unlikely to blunt its extensive activities in cyber warfare. Experts say the hallmarks of a Chinese cyber attack have become familiar. They begin with slightly malfunctioning networks. Sensitive files might go missing; servers may crash. Most targeted groups could pose some threat to the Chinese government. They include US military contractors, Tibetan and Uighur independence groups, activist networks, and lately, western media organisations. Bloomberg was hacked after publishing a similar expose last summer.
According to the UK-based cyber-security researcher Greg Walton, western experts know a fair amount about Chinese hackers' methods - their "tools, techniques and procedures . . . but we know very little about the people behind these machines". He said: "If we want to tackle a problem of such complexity, and of such danger to civil society networks transnationally, we are going to have to do a tremendous amount of research into the people behind these programs."
Experts suggest that the Chinese government and military employ a vast army of hackers. They operate in places such as Shanghai and coastal Shandong province, but usually avoid detection by tunnelling through easily infiltrated computers at servers and universities in the US. The Times investigation found that they typically begin working at 8:00am and adhere to a standard office schedule. Their organisational structure is unclear - the hackers could be on the payroll of the People's Liberation Army, or just as easily be loosely-affiliated vigilante organisations operating with tacit government approval.
"If anything, the fact that these groups aren't being run by the Chinese government makes the problem worse," Bruce Schneier, a cybersecurity expert in London, wrote on the Discovery Channel's tech blog last year. "Without central political coordination, they're likely to take more risks, do more stupid things and generally ignore the political fallout of their actions."
The hackers frequently use a technique called "spear phishing," in which they send a piece of malware to a target via email; the hapless user may then download malicious files by clicking on a seemingly innocuous attachment. Chinese hackers have used this technique to compromise the Gmail accounts of senior US, South Korean and Australian government officials, and have attempted to access the White House's Military Office, home to the US's nuclear launch codes.
In November, Bloomberg reported that a Silicon Valley-based software engineer was hacked shortly after filing a civil lawsuit against Chinese authorities. The firm spent months under digital siege - hackers shut down its web servers, gained access to confidential files, and spied on an employee with her own webcam.
The intrusions drove the company to the brink of bankruptcy. "If they could just put the company out of business, the lawsuit goes away," the engineer told Bloomberg. "They didn't need guys with guns or someone to break my kneecaps."
The paper said hackers were after the sources used by David Barboza (left) for his story on the Wen family's wealth
The elaborate breach of the New York Times's computers by hackers with possible links to the Chinese military is the latest in a spate of cyber-attacks directed at the news media.
"We've seen a real escalation of attacks that seem to be designed to steal information rather than make money," said internet security expert Graham Cluley, of research firm Sophos.
Some of the world's biggest and most powerful news organisations have fallen victim over the past year.
The BBC revealed in March that the communications system of its Farsi-language service in London had been disrupted by a "sustained" attack that temporarily took out its telephone lines and email access.
The attack happened 48 hours after the BBC boasted of a huge rise in the audience for its Persian TV service - an announcement that will no doubt have irritated state officials in Tehran. Other online assaults have silenced news websites at key moments: the Russian radio station Moscow Echo was taken offline by an attack on the day of the country's election in 2011, amid claims of poll violations and arrests.
In October hackers gained access to Reuters' systems at least twice in a fortnight, publishing an article that falsely claimed Saudi Arabia's foreign minister had died.
Cluley said journalists should take extra precautions to protect sources. "I know some journalists who use encryption software and other tools and I would recommend that - especially when you're dealing with stories that are potentially life and death, like the New York Times on China."
David Garfield, managing director of cyber security at defence firm BAE Systems Detica, said media groups were vulnerable to "bespoke" attacks. "We have investigated intrusions, from similar origins, against media organisations - attacks devised to steal sensitive information such as correspondence around a specific topic of interest between journalists and their sources," he said. "These attacks aim to view the content of conversations, who the sources are." Josh Halliday
The New York Times said it expected further attempts on its computer networks. 'It is spy versus spy,' said its chief information officer Photograph: Alamy
(c) 2013 Guardian Newspapers Limited.
[ Back To Technology News's Homepage ]