New York Times: we were hacked by China for last 4 months

The New York Times reported today that hackers inside China infiltrated its network over the course of at least four months. They obtained reporters' passwords, presumably to ID sources and gather intel on stories related to the family of China’s prime minister.

According to the Times exposé by Nicole Perlroth, the hackers first intruded on the paper's network around Sept. 13, then stole corporate passwords for "every Times employes and used those passwords to gain access to the personal computers of 53 employees, most of them outside the Times newsroom."

The hack happened around the same time as a NYT investigation into a fortune amassed by China’s Prime Minister Wen Jiabao. The breach took place while reporters were finishing up that investigation, which was then published on Oct. 25:

Security experts hired by The Times to detect and block the computer attacks gathered digital evidence that Chinese hackers, using methods that some consultants have associated with the Chinese military in the past, breached The Times’s network. They broke into the e-mail accounts of its Shanghai bureau chief, David Barboza, who wrote the reports on Mr. Wen’s relatives, and Jim Yardley, The Times’s South Asia bureau chief in India, who previously worked as bureau chief in Beijing.
“Computer security experts found no evidence that sensitive e-mails or files from the reporting of our articles about the Wen family were accessed, downloaded or copied,” said Jill Abramson, executive editor of The Times.

Read more at the New York Times. More at Wired News.

Boing Boing editor/partner and tech culture journalist Xeni Jardin hosts and produces Boing Boing's in-flight TV channel on Virgin America airlines (#10 on the dial), and writes about living with breast cancer. Diagnosed in 2011. @xeni on Twitter. email: xeni@boingboing.net.

More at Boing Boing

The technology that links taxonomy and Star Trek

Hackers prepare for first "national holiday" in their honor

Napalm Dog

I know there are reasons they don’t, but when do your security threats get so big that you just start turning off or disconnecting networking to the machines holding the important stuff on them?
- James Kimbell
  
  If I’m not mistaken, the right time to do that is in the third act of a Roland Emmerich and/or Michael Bay film.
That_Anonymous_Coward

NYT publishes story to help paint cyberwar as a clear and present danger to us all.

Using such good factual information as “associated with” to draw firm connections to the bad guys. Because methods of hacking are totally like bullets and can only fit 1 weapon… *boggle*

Story made more confusing placing blame on investigation into someone in power, but being unable to produce any evidence information about that person was ever accessed.

NYT unable to protect their own employee’s passwords, no one asks question is those same amazing security standards are applied to tipsters or registered public users.

NYT has covered cybergeddon in the past, seems unable to understand they have a computer network that might be vulnerable.
- Nadreck
  
  If you’d bothered to read the article instead of just the summary here all of these points are specifically addressed in detail. Eg. “Experts found no evidence that the intruders used the passwords to seek information that was not related to the reporting on the Wen family.
  
  No customer data was stolen from The Times, security experts said.”
  As for the alleged slackness of the NYT, I take it you feel that it’s a piece of cake to defend against military level hacking backed by the resources of the Chinese Empire. Uh huh. In this case however, as the existence of this article demonstrates, the NYT was able to do a very professional of doing just that.
  - oneswellfoop
    
    Shhhhh! He/She is busy trying to appear brilliant, or something.
    - That_Anonymous_Coward
      
      He and I am.
  - That_Anonymous_Coward
    
    Military level of hacking… and your proof of this is?
    
    Is that the same evidence that claimed that the Russians hacked that water valve that would have destroyed the country? Only it was just the contractor remotely accessing it to fix something.
    
    Experts who investigated the Sony Network after hack 16 or 17 found a text file that TOTALLY proved it was the work on super hackers Anonymous and not the fault of Sony for not bothering to do anything to secure their systems.
    
    Cars are associated with the methods used by bank robbers to get away, ergo everyone in a car is an bank robber.
    Hacking method A is associated with China, it must be China.
    
    We backtraced them to servers in China… well then they aren’t very good hackers are they?
    
    Oh they launched the attacks via US universities, totally how China rolls.
    
    Gee if I wanted to blame someone for something I would NEVER do something in a similar fashion to make sure the blame was shifted to them.
    
    They penetrated and owned the system, the experts found what they were supposed to find. Maybe its just my mistrust of large corporations who often lie to save face in these matters.
davidgoldmandg

China can’t spell freedom. Nor diversity. Nor tolerance. China isn’t ready to lead the world.
- wysinwyg
  
  China can’t spell freedom. Nor diversity. Nor tolerance.
  
  Before you start bragging you should probably check the literacy test scores for the USA.
- http://www.nathanhornby.com/ Nathan Hornby
  
  “China can’t spell freedom. Nor diversity. Nor tolerance.”
  
  Neither can the US. Literally and figuratively.
  
  What’s your point?
  
  Disclaimer: I’m being droll, and I know it’s a false equivalence. But importantly the US has a pretty poor track record on all those things compared to many, if not most 1st world countries. The tick-list for leading the world is Money, Power and Influence. Freedom, Diversity and Tolerance are the mark of a civilised society; something completely different.
peregrinus

I trust the NYT was sufficiently clever to lay traps for hackers seeking sensitive data, and led them into the arms of waiting FBI agents.

Besides, you’ve got to feel for the Chinese leadership and their circle of cronies. They’ve got to hold the whole thing together making sure they get super-rich, and when you’ve got a billion people beating at your door who also want a turn, you’ve got to get inventive about protecting your interests.

Y’know – like you’d feel for Al Capone or someone.
- Nadreck
  
  Alas, the hackers are all back in China (where they worked a leisurely 8 am to 4 pm Shanghai time shift) and unlikely to run into any FBI agents.
http://profiles.google.com/krugginator Frank Wahl

Communists hacked the NYT for 4 months, and no one noticed the difference…
- Bill McGonigle
  
  works as a noun too:
  
  “Communist hacks at the NYT? You don’t say.”
desiredusername

Maybe they just didn’t like the paywall. I avoid the Times for that reason.
jennix

… storing user passwords where they can be stolen? I hope they were plaintext, so as to not make anybody work too hard.
- twianto
  
  …
  Key loggers? They compromised individual employees’ machines.
RElgin

The New York Times is and has always been a part of the PRC . . . or something like that.
donovan acree

After careful reading of the full article, it seems the NYT has no actual evidence that this was done by Chinese military hackers. Imagine that, the NYT reporting hearsay as fact.