Cyberspies who breached computer networks of The New York Times
and Wall Street Journal are part of a far larger global campaign of
intrusions targeting news organizations worldwide that report on
China, according to cybersecurity experts and China policy analysts.
Early Thursday, the Times reported that cyberintruders last fall
infiltrated its networks via Internet domains and addresses based in
China, attempting to remove notes files and other information
related to its reporting on the fortunes amassed by relatives of
China's premier, Xi Jinping. Later in the day, the Journal reported
that its networks, too, had been hacked by intruders from China.
Yet to be confirmed are reports Friday by a well-regarded
cybersecurity researcher that the Washington Post also was
infiltrated by Chinese cyberspies for an extended time last year.
Brian Krebs, the researcher, reported the infiltration, quoting a
former Post technology expert on his blog. "We have nothing to share
at this time, a Post spokesman told Mr. Krebs.
Chinas apparent motives in infiltrating major news organizations,
experts say, are to anticipate and respond to negative coverage of
the country, and, perhaps no less importantly, to deter Chinese
citizens from speaking openly with Western news organizations.
While news organizations have long known their China-based
correspondents are spied upon at times, outlines of a far-larger
global campaign targeting news organizations that report on China
are now emerging, cybersecurity experts told the Monitor. It is part
of a massive effort identified since about 2007 that these experts
call the "advanced persistent threat."
That label once referred to unknown cyberhackers invading a
corporate network, creating digital backdoors, and spending months
or years sending intellectual property data like oil bid data and
pharmaceutical formulas back through the Internet to points
unknown. But now the "A.P.T." is seen in the cybersecurity industry
as a mere shorthand for "getting hacked by the Chinese."
"We have data that to me makes it definitely clear that there's a
pattern here hacks on industry, activists, government and
journalists around the world," says Joe Stewart, a cybersecurity
expert with Dell Secureworks who has tracked cyberespionage attacks,
including a number against news organizations, back to Internet
addresses in China.
In late 2011 and early 2012, he says, cyberintruders whose
digital signatures he tracked back to China invaded newspapers in
Vietnam and Japan. In those cases, he said, he attempted to contact
the news organizations to let them know successfully in the case of
the Japanese newspaper.
In August 2011, the Associated Press was reported to be among 72
companies and government agencies targeted in a broad-based global
cyberespionage campaign identified by McAfee, the cybersecurity
company. McAfee, which dubbed the China-based campaign "ShadyRAT,"
did not identify the AP by name in its report.
AP spokesman Jack Stokes said the company was aware of the
"We do not comment on network security," he told the Washington
Post at the time.
Ronald Deibert, director of the Citizen Lab at the Munk Centre
for International Studies at the University of Toronto, says current
revelations about media organizations targeted by the Chinese fit
into a much larger picture that his group just scratched the surface
of in 2009, when they looked into an espionage campaign dubbed
Dr. Deibert, who coauthored a report on GhOstNet, says Canadian
researchers investigating Chinese espionage against the Dali Lama
and the Tibetan community found that computer systems in AP offices
in Hong Kong and London were compromised.
The "common thread" in the GhOstNet campaign was that all of the
targets involved Chinese concerns including the attack on the AP,
Deibert says. The AP servers in Hong Kong and London were
compromised, he believes, "so the attackers would have had access to
stories and contacts in the stories before the stories were