Washington: The New York Times said it had fallen victim to hackers possibly connected to China’s military, linking the sophisticated attacks to its expose of the vast wealth amassed by Premier Wen Jiabao’s family.
China, which has blocked the US newspaper’s website ever since its report on Wen’s relatives came out in October, said it was “groundless” to suggest any state-endorsed program of hacking.
“To arbitrarily assert and to conclude without hard evidence that China participated in such hacking attacks is totally irresponsible,” foreign ministry spokesman Hong Lei told reporters in Beijing.
But computing experts hired by The New York Times to clean up its systems said the attack bore all the hallmarks of other hacking cases where China’s military has stood accused of directing intrusions into IT systems.
The hackers have over the past four months infiltrated Times systems and snatched staff passwords, and their probing has been particularly focused on the emails of Shanghai bureau chief David Barboza, the newspaper said.
According to a Barboza story published on 25 October, close relatives of Wen have made billions of dollars in business dealings over the years while he has been in day-to-day charge of China’s government machinery.
“Chinese hackers, using methods that some consultants have associated with the Chinese military in the past, breached The Times’s network,” the newspaper said, citing digital evidence gathered by its security experts.
The newspaper said the IT consultants believed the attacks “started from the same university computers used by the Chinese military to attack United States military contractors in the past.”
The hackers stole corporate passwords and targeted the computers of 53 employees including former Beijing bureau chief Jim Yardley, who is now the Times’s South Asia bureau chief based in India.
“Experts found no evidence that the intruders used the passwords to seek information that was not related to the reporting on the Wen family,” the newspaper said, adding that no customer data was stolen either.
The Times said the hackers appeared to be looking for “the names of people who might have provided information to Barboza,” but said there was no evidence that sensitive emails or files from the reporting were compromised.
The paper said that with the help of outside computer experts, it had managed to kick out the intruders and prevent them from breaking into its systems again.
“They could have wreaked havoc on our systems,” Times chief information officer Marc Frons said of the hackers. “But that was not what they were after.”
The Times said Bloomberg News was also targeted by Chinese hackers, after publishing in June a report on the wealth accumulated by relatives of Xi Jinping. In November, Xi was elevated to leader of the Chinese Communist Party.
The Times asked AT&T Inc., which monitors its computer network, to watch for unusual activity after learning of warnings from Chinese officials that its investigation into the Wen family’s wealth would have “consequences.”
It also briefed the Federal Bureau of Investigation on the hacking. But with the attacks persisting after the Wen investigation was published, the Times hired IT security firm Mandiant on 7 November.
“If you look at each attack in isolation, you can’t say, ‘This is the Chinese military,´” said Mandiant chief security officer Richard Bejtlich.
But he added: “When you see the same group steal data on Chinese dissidents and Tibetan activists, then attack an aerospace company, it starts to push you in the right direction.”
AFP in Beijing sought further comment from China’s Internet regulator but there was no immediate response. In October, the foreign ministry accused The New York Times of having “ulterior motives” and trying to “smear” China.
The newspaper’s report at the time said investments by Wen’s son, wife and others spanning the banking, jewellery and telecom sectors were worth at least $2.7 billion. The nytimes.com website remains inaccessible in China.