MCLC: hacking the NYT

[Denton, Kirk]

MCLC LIST
From: jjalvaro <jjalvaro at student.cityu.edu.hk>
Subject: hacking the NYT
*********************************************************

Some may find this article of interest. Below are some of the 'unspecified
consequences' that NYT was threatened with for exposing Wen Jiabao's
fortune.

Joe

=========================================================

Source: Vancouver Sun (1/31/13):
http://www.vancouversun.com/touch/news/world/York+Times+says+Chinese+hacker
s+newspaper+networks+over+probe/7896610/story.html?rel=813152

New York Times says Chinese hackers hit newspaper's networks over probe
into leader's wealth
THE ASSOCIATED PRESS

BEIJING — Chinese hackers repeatedly penetrated The New York Times'
computer systems over the past four months, stealing reporters' passwords
and hunting for files on an investigation into the wealth amassed by the
family of a top Chinese leader, the newspaper reported.

Security experts hired to investigate and plug the breach found that the
attacks used tactics similar to ones used in previous hacking incidents
traced to China, the report said. It said the hackers routed the attacks
through computers at U.S. universities, installed a strain of malicious
software, or malware, associated with Chinese hackers and initiated the
attacks from university computers previously used to attack U.S. military
contractors.

The attacks, which began in mid-September, coincided with a Times
investigation into how the relatives and family of Premier Wen Jiabao
built a fortune worth over $2 billion. The report, which was posted online
Oct. 25, embarrassed the Communist Party leadership, coming ahead of a
fraught transition to new leaders and exposing deep-seated favouritism at
a time when many Chinese are upset about a wealth gap.

Over the months of cyber-incursions, the hackers eventually lifted the
computer passwords of all Times employees and used them to get into the
personal computers of 53 employees.

The report said none of the Times' customer data was compromised and that
information about the investigation into the Wen family remained protected.

"Computer security experts found no evidence that sensitive emails or
files from the reporting of our articles about the Wen family were
accessed, downloaded or copied," the report quoted executive editor Jill
Abramson as saying.

The Chinese Defence Ministry asked for questions to be submitted in
writing but initially declined comment. The Times, in its report, quoted
the Defence Ministry as saying that Chinese law prohibits hacking and
other acts that damage Internet security and that accusing it of
"cyber-attacks without solid proof is unprofessional and baseless."

China has been accused by the U.S., other foreign governments and computer
security experts of mounting a widespread, aggressive cyber-spying
campaign for several years, trying to steal classified information and
corporate secrets and to intimidate critics. Foreign reporters and news
media, including The Associated Press, have been among the targets of
attacks intended to uncover the identities of sources and to stanch
critical reports about the Chinese government.

"Attacks on journalists based in China are increasingly aggressive,
disruptive and sophisticated," said Greg Walton, a cyber-security
researcher who has tracked Chinese hacking campaigns. China's cyber-spying
efforts have excelled in part because of the government's "willingness to
ignore international norms relating to civil society and media
organizations," he said.

The Times reported that executives became concerned just before the
publication of the Wen investigation after learning that Chinese officials
had warned of unspecified consequences. Soon after the Oct. 25
publication, AT&T, which monitors the Times' computer networks, notified
the company about activity consistent with a hacking attack, the report
said.

After months of investigation by the computer security firm Mandiant,
experts are still unsure how the hackers initially infiltrated the Times'
computer systems.