On Oct. 25, the New York Times ran an exposé about the riches that relatives of China’s prime minister, Wen Jiabao, had accumulated over the course of his rise to power.* In the days leading up to the story’s publication, the newspaper had gotten word of warnings from Chinese officials that the investigation would “have consequences,” the Times reported today. So on Oct. 24, the paper asked AT&T to keep an eye out for suspicious activity on its computer networks. Sure enough, on the day the story appeared in the paper, AT&T noticed “behavior that was consistent with other attacks believed to have been perpetrated by the Chinese military.”
The attacks continued over the next four months, the Times’ Nicole Perlroth reports in a front-page story about the hack in today’s paper. It seems the perpetrators managed to steal the passwords of every Times employee and broke into the email accounts of key bureau chiefs in Asia. The Times’ executive editor said there was “no evidence that sensitive e-mails or files from the reporting of our articles about the Wen family were accessed, downloaded or copied,” though as Sophos’ Graham Cluley points out, it’s possible the hackers just covered their tracks.
Security experts believe the attacks made use of a technique called spear-phishing, in which specific employees are targeted with emails designed specifically to get them to click on a link or open an attachment that in turn installs malware on their machines.
Today’s Times report suggests the attacks are “part of a broader computer espionage campaign against American news media companies that have reported on Chinese leaders and corporations,” including Bloomberg News. Chinese officials told the Times that “to accuse the Chinese military of launching cyberattacks without solid proof is unprofessional and baseless.” But as we’ve learned from the Stuxnet episode and other international cyberattacks in recent years, solid proof tends to be very hard to come by. “That’s because it’s so easy to use compromised computers around the world to route attacks through—disguising the true origin,” Sophos’ Cluley explains.
Why might Chinese hackers want information about the Times’ reporting on the prime minister and his family? The most troubling possible explanation is that they would like to exact retribution on any anonymous sources who tipped the paper off to unsavory dealings. But the Times maintains that its reporting was based on public records. The hacks could also be viewed simply as an intimidation tactic—an effort to extend the Chinese regime’s tight control over the media beyond its borders—though if so, it’s probably counterproductive. American journalists, accustomed to doing their jobs without fear of imprisonment or assassination, tend only to be encouraged by brazen efforts to deter them from reporting on a given topic.
*Correction, Thursday, Jan. 31, 11:39 a.m.: Due to a typographical error, this post originally referred to a Times expose about the riches of China’s Prime Minister, Wen Jiabao. The story actually focused on the riches of Mr. Wen’s relatives.