Newspaper article The Christian Science Monitor

N.Y. Times Hacked: How Large Is China's Campaign to Control, Intimidate?

Newspaper article The Christian Science Monitor

N.Y. Times Hacked: How Large Is China's Campaign to Control, Intimidate?

Article excerpt

Cyberspies who breached computer networks of The New York Times and Wall Street Journal are part of a far larger global campaign of intrusions targeting news organizations worldwide that report on China, according to cybersecurity experts and China policy analysts.

Early Thursday, the Times reported that cyberintruders last fall infiltrated its networks via Internet domains and addresses based in China, attempting to remove notes files and other information related to its reporting on the fortunes amassed by relatives of China's premier, Xi Jinping. Later in the day, the Journal reported that its networks, too, had been hacked by intruders from China.

Yet to be confirmed are reports Friday by a well-regarded cybersecurity researcher that the Washington Post also was infiltrated by Chinese cyberspies for an extended time last year. Brian Krebs, the researcher, reported the infiltration, quoting a former Post technology expert on his blog. "We have nothing to share at this time, a Post spokesman told Mr. Krebs.

Chinas apparent motives in infiltrating major news organizations, experts say, are to anticipate and respond to negative coverage of the country, and, perhaps no less importantly, to deter Chinese citizens from speaking openly with Western news organizations.

While news organizations have long known their China-based correspondents are spied upon at times, outlines of a far-larger global campaign targeting news organizations that report on China are now emerging, cybersecurity experts told the Monitor. It is part of a massive effort identified since about 2007 that these experts call the "advanced persistent threat."

That label once referred to unknown cyberhackers invading a corporate network, creating digital backdoors, and spending months or years sending intellectual property data like oil bid data and pharmaceutical formulas back through the Internet to points unknown. But now the "A.P.T." is seen in the cybersecurity industry as a mere shorthand for "getting hacked by the Chinese."

"We have data that to me makes it definitely clear that there's a pattern here hacks on industry, activists, government and journalists around the world," says Joe Stewart, a cybersecurity expert with Dell Secureworks who has tracked cyberespionage attacks, including a number against news organizations, back to Internet addresses in China.

In late 2011 and early 2012, he says, cyberintruders whose digital signatures he tracked back to China invaded newspapers in Vietnam and Japan. In those cases, he said, he attempted to contact the news organizations to let them know successfully in the case of the Japanese newspaper.

In August 2011, the Associated Press was reported to be among 72 companies and government agencies targeted in a broad-based global cyberespionage campaign identified by McAfee, the cybersecurity company. McAfee, which dubbed the China-based campaign "ShadyRAT," did not identify the AP by name in its report.

AP spokesman Jack Stokes said the company was aware of the reports.

"We do not comment on network security," he told the Washington Post at the time.

Ronald Deibert, director of the Citizen Lab at the Munk Centre for International Studies at the University of Toronto, says current revelations about media organizations targeted by the Chinese fit into a much larger picture that his group just scratched the surface of in 2009, when they looked into an espionage campaign dubbed GhOstNet.

Dr. Deibert, who coauthored a report on GhOstNet, says Canadian researchers investigating Chinese espionage against the Dali Lama and the Tibetan community found that computer systems in AP offices in Hong Kong and London were compromised.

The "common thread" in the GhOstNet campaign was that all of the targets involved Chinese concerns including the attack on the AP, Deibert says. The AP servers in Hong Kong and London were compromised, he believes, "so the attackers would have had access to stories and contacts in the stories before the stories were released. …

Author Advanced search


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.