Security experts have finally blocked a four-month long, sustained cyberwar on the New York Times by Chinese hackers. The attacks, which kept obtaining reporters’ and other employees’ passwords to its computer system, were firstly routed through U.S. university computer systems in order to throw cybersecurity investigators off the trail. Two of the Times‘ Asia-based correspondents, Shanghai bureau chief David Barboza, and his South Asia equivalent, Jim Yardley, a former Beijing bureau chief, had their email accounts infiltrated.
The newspaper has been a target ever since the New York Times published details of the network of wealth held by former premier Wen Jibao’s family, in October 2012. It is not thought to be a revenge attack, but instead part of a large spy campaign that values controlling China’s public image equally with getting its hands on state and trade secrets. The hacks bear all the hallmarks of state-sponsored attacks, sharing elements of Chinese military hacking: Both the malware was of a specific type peculiar to the People’s Liberation Army; and the university computers used had been implicated in other military-sponsored cyberattacks on U.S. targets. It is, however, a truth universally acknowledged that the attacks cannot be pinned to the Chinese military, but instead emanate from either criminals, or uber-patriotic hackers, maybe financed by the PLA, maybe not.
The biggest casualty of this attack, however, may not be the New York Times, but computer security firm Symantec. Mandiant, the computer security firm hired by the Times to get to the bottom of the cyberassault, discovered that the Symantec anti-virus software identified just one of 45 items of malware installed by the hackers as malicious, before quarantining it. Symantec did not comment on the discovery to the New York Times, saying that it was company policy not to discuss its clients.
[Image by Flickr user tomasdev]