New York Times computer network breached by Chinese hackers, paper says
The computers of 53 employees were accessed and several email accounts were compromised, the paper reported
IDG News Service - Hackers from China breached the computer network of The New York Times and stole passwords that allowed them to gain access to computers and email accounts for a period of four months, the newspaper reported late Wednesday.
The initial intrusion happened sometime around Sept. 13 while the Times reporters were working on a story about the multibillion-dollar fortune accumulated by relatives of China's Prime Minister Wen Jiabao, the Times report said.
It's not clear how hackers originally gained access to the Times' network, but computer forensics experts from IT security firm Mandiant, which was contracted to investigate the incident, believe that the organization's employees might have been targeted via spear phishing -- an attack technique that involves sending specifically crafted email messages with malicious links or attachments.
The hackers' activity on the network increased after the story about the Chinese prime minister's relatives and their wealth was published in late October, the Times said. The newspaper was aware of warnings from Chinese officials that investigating Wen's relatives would have consequences, the Times said.
AT&T was asked by the Times to monitor its computer network for suspicious activity and started seeing behavior consistent with cyberattacks believed to be associated with the Chinese military on Oct. 25. After learning of this activity, the Times briefed the FBI and tried to eliminate the attackers from its systems.
However, on Nov. 7 it became clear that the hackers still had a foothold on some of the systems and the newspaper contracted Mandiant. This marked the beginning of a larger investigation that involved monitoring how the attackers moved around the network for several months in order to learn their habits and discover all backdoors they might have installed.
The Mandiant investigators established that the hackers had stole usernames and password hashes for all Times employees from the network's domain controller and used them to gain access to the computers of 53 employees.
The hackers were also able to access the email accounts of David Barboza, the Times' Shanghai bureau chief who wrote the story about Wen Jiabao's relatives, and Jim Yardley, the Times' South Asia bureau chief in India.
The main target of the attackers appears to have been Barboza's email correspondence and documents related to the investigation he performed for that story, the Times report said. Marc Frons, the Times' chief information office, said that the hackers could have wreaked havoc on the organization's systems, but they were not interested in doing that.
Mandiant's investigators believe the attackers are part of a known Chinese hacker group specialized in APT (advanced persistent threat) attacks that previously targeted other Western organizations and American military contractors. The group routed their attacks through compromised computers owned by universities in North Carolina, Arizona, Wisconsin and New Mexico, as well as computers owned by small U.S. companies and Internet service providers.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts