For the last four months, Chinese hackers have persistently attacked New York Times, infiltrating computer systems and getting passwords for reporters and other employees.
After surreptitiously tracking the intruders to study their movements and help erect better defences to block them, The Times and computer security experts have expelled the attackers and kept them from breaking back in.
The timing of the attacks coincided with the reporting for a Times investigation, published online on October 25, that found that relatives of Wen Jiabao, China’s prime minister, had accumulated a fortune worth several billion dollars through business dealings.
Security experts hired by Times to detect and block the attacks gathered digital evidence that Chinese hackers, using methods that some consultants have associated with the Chinese military in the past, breached The Times’s network. They broke into the e-mail accounts of its Shanghai bureau chief, David Barboza, who wrote the reports on Wen’s relatives, and Jim Yardley, former Beijing bureau chief.
The hackers tried to cloak the source of the attacks on The Times by first penetrating computers at US universities and routing attacks through them, said computer security experts at Mandiant, the company hired by The Times. This matches the subterfuge used in many other attacks that Mandiant has tracked to China.
Asked about evidence indicating the hacking began in China, and possibly with the military, China’s Ministry of National Defence said “to accuse Chinese military of launching cyberattacks without solid proof is unprofessional and baseless”.
After The Times learned of warnings from Chinese government officials that its investigation of the wealth of Wen’s relatives would “have consequences”, executives on October 24 asked AT&T to watch for unusual activity
On October 25, the day the article was published online, AT&T informed The Times it had noticed behaviour consistent with attacks believed to have been perpetrated by Chinese military. The Times notified the FBI on the attacks and then worked with AT&T to track the attackers even as it tried to eliminate them from its systems
On November 7, it became clear attackers were still inside its systems despite efforts to expel them. The Times hired Mandiant. Investigators still do not know how hackers initially broke into The Times’s systems.
Investigators found evidence the attackers had created custom software that allowed them to search for and grab David Barboza’s e-mails and documents. The hackers appeared to be looking for the names of people who might have provided