New York Times and Wall Street Journal both claim they were targeted by Chinese hackers
By Madison Ruppert
Editor of End the Lie
Both the New York Times and the Wall Street Journal have now come forward saying that they have been targeted by Chinese hackers, apparently over their coverage of China.
The timing of these announcements is especially interesting given that the Pentagon recently announced a fivefold increase in their cybersecurity forces, although the New York Times said they were under attack for months.
The New York Times claimed that the attacks began around four months ago following an in-depth investigation into China’s prime minister.
The hack at the Times was apparently successful as it resulted in the theft of the corporate passwords for every single Times employee.
The personal computers of 53 employees were breached thanks to the password theft, most of which were outside of the Times’s newswroom.
However, according to computer security specialists at Mandiant, the company hired by the Times to investigate the attack, no evidence was uncovered indicating that customer data was stolen or any information not related to the reporting on the prime minister’s family.
According to the Times, the attacks began during the investigative phase for a report showing that relatives of Chinese Prime Minister Wen Jiabao had accumulated several billion dollars in wealth through various business dealings.
Yet Jill Abramson, the executive editor of the Times, said, “no evidence that sensitive e-mails or files from the reporting of our articles about the Wen family were accessed, downloaded, or copied.”
Quite interestingly, there does not seem to be any direct evidence of China’s responsibility for the attacks.
For instance, the Times writes, that techniques used in this case match “the subterfuge used in many other attacks that Mandiant has tracked to China.”
According to cybersecurity specialists, the malware used in the attack was “a specific strain associated with computer attacks originating in China.”
When the Chinese Ministry of National Defense was asked by the Times about the alleged evidence – which seems far from damning at this point – they replied, “Chinese laws prohibit any action including hacking that damages Internet security … to accuse the Chinese military of launching cyberattacks without solid proof is unprofessional and baseless.”
While one would not expect the Chinese military to admit being involved in targeting Western corporations, there really isn’t any direct evidence at this point.
Some of the other “evidence” includes AT&T claiming they “noticed behavior that was consistent with other attacks believed to have been perpetrated by the Chinese military.”
According to the Times, the hackers began their work, “for the most part,” at 8 am Beijing time and continued either for a standard workday or even until midnight. According to Mandiant, the attacks would sometimes stop for two week periods for no clear reason.
According to an unnamed “person with knowledge of [Bloomberg News’s] internal investigation” the company was also targeted by Chinese hackers last year, reports the Times.
The Times claims that the “mounting number of attacks that have been traced back to China suggest that hackers there are behind a far-reaching spying campaign aimed at an expanding set of targets including corporations, government agencies, activist groups and media organizations inside the United States,” although just how these attacks are being traced isn’t all that clear.
Unnamed “security experts” cited by the Times claimed that Chinese hackers began targeting Western journalists starting in 2008.
The Times also cites a report from Mandiant that said “Mandiant said that over the course of several investigations it found evidence that Chinese hackers had stolen e-mails, contacts and files from more than 30 journalists and executives at Western news organizations.”
It’s not very hard to imagine why Mandiant would be interested in saying that Chinese hackers are attacking corporations in the U.S. given that it’s their business to provide incident response and forensics forces along with “products, professional services and education to Fortune 500 companies, financial institutions, government agencies, domestic and foreign police departments and leading U.S. law firms.”
Mandiant simply claimed, according to the Times, that the source of the attacks is China based on a pattern that “closely matched the pattern of earlier attacks traced to China.”
Yet the IPs used to conduct the attacks belonged to American universities, companies and ISPs but even if they were Chinese IPs, it really wouldn’t prove anything.
Mandiant simply claims that since the techniques and patterns of the hackers are somewhat similar it “is a sign that the hackers are the same or affiliated,” according to the Times.
CNET points out that a report by the U.S. Economic and Security Review Commission on China called China the “most threatening actor in cyberspace” and claimed that hackers sponsored by China targeted U.S. government and military computer systems as well as private systems in 2012.
In the case of the Wall Street Journal, they report that their computer systems were “infiltrated by Chinese hackers, apparently to monitor its China coverage.”
The Wall Street Journal also cited unnamed “people familiar with the response to the cyberattacks” who claim that Chinese hackers have been targeting major American media corporations for years.
Chinese Embassy spokesman Geng Shuang, however, said, “It is irresponsible to make such an allegation without solid proof and evidence.”
“The Chinese government prohibits cyberattacks and has done what it can to combat such activities in accordance with Chinese laws,” he said, adding that China has also been a victim of cyberattacks without citing the source of said attacks.
The Wall Street Journal report, like that of the New York Times, presents little to no evidence, instead opting to cite unnamed sources “familiar” with breaches who claim incidents “were connected to the Chinese government.”
“Western companies, including media organizations, are reluctant to comment about possible Chinese hacking because they could lose customer confidence in their network security,” the Wall Street Journal report states. “Going public also risks antagonizing the Chinese government.”
It’s a convenient way to make many allegations without any need to present evidence to back it up beyond anonymous sources, alleged patterns and other unverifiable claims.
Did I forget anything or miss any errors? Would you like to make me aware of a story or subject to cover? Or perhaps you want to bring your writing to a wider audience? Feel free to contact me at [email protected] with your concerns, tips, questions, original writings, insults or just about anything that may strike your fancy.