New York Times case sheds light on China’s ‘vast army of hackers’

NYT attack traced to computers the "Chinese military had used to attack United States military contractors in the past"

From Paul Harris and Jonathan Kaiman, Guardian:  "This is business-as-usual from what we can tell for aspects of the Chinese government," said Marc Frons, head of the newspaper’s digital technology and its chief information officer. Frons told The Guardian that the paper was expecting further such attempts to infiltrate its computer systems. "It is really spy versus spy," he said. "I don’t think we can relax. I am pretty sure that they will be back. . . ."

An investigation by Mandiant, a cyber-security company hired by the New York Times, concluded that the hacks were likely part of an elaborate spy campaign with links to the country’s military. The company traced the source of the attacks to university computers that the "Chinese military had used to attack United States military contractors in the past", the Times said.

Although the hackers gained passwords for every Times employee, Mandiant found that they only sought information that was related to the Wen story. "They were after David Barboza’s source list; confidential names and numbers and looking to find out who he was talking to," said Frons.

The Times said it worked with telecommunications company AT&T and the FBI to trace the hackers after AT&T noticed suspicious activity on the paper’s computer networks on 25 October, one day after the article appeared in print. A later analysis concluded that hackers initially broke into Times computers on 13 September when reporting for the Wen story was in its final pre-publishing stages. . . .

While the attack’s surreptitious nature allows Chinese authorities to hide behind a veneer of deniability, security firms have discovered a number of uncanny similarities among such incidents. Most targeted groups could pose some threat to the Chinese government. They include American military contractors, Tibetan and Uyghur independence groups, activist networks, and lately, western media organizations. Bloomberg was hacked after publishing a similar exposé last summer. . . .

Cyber security companies suggest that the Chinese government and military employ a vast army of hackers, carrying out a covert spy campaign against organizations that it feels run counter to their interests. They operate in places like Shanghai and coastal Shandong Province, but usually avoid detection by tunnelling through easily-infiltrated computers at servers and universities in the United States. The New York Times investigation found that they typically begin working at 8am and adhere to a standard office schedule.

Their organizational structure is still unclear – the hackers could be on the People’s Liberation Army’s payroll, or just as easily be loosely-affiliated vigilante organizations operating with tacit government approval, like renegade consulting companies.

"If anything, the fact that these groups aren’t being run by the Chinese government makes the problem worse," Bruce Schneier, a cybersecurity expert at a telecommunications company in London, wrote on the Discovery Channel’s tech blog last year. "Without central political coordination, they’re likely to take more risks, do more stupid things and generally ignore the political fallout of their actions."

The hackers frequently use a technique called "spear phishing," in which they send a piece of malware to a target via email; the hapless user may then download malicious files by clicking on a seemingly innocuous attachment. Chinese hackers have used this technique to compromise the Gmail accounts of senior US, South Korean and Australian government officials, and have attempted to access the White House’s Military Office, home to the US’s nuclear launch codes. 

From Kevin Voight, CNN:  Allegations that Chinese hackers infiltrated the computers of two leading U.S. newspapers add to a growing number of cyber attacks on Western companies, governments and foreign-based dissidents that are believed to originate in China, experts say.

According to one recent report, one in every three observed computer attacks in the third quarter of 2012 emanated from China.

Chinese officials have denied that Beijing has supported any cyber attacks, stressing that hacking is illegal in the country.

The New York Times reported Wednesday it had been the target of four months of cyber assaults, which started during an investigation by the newspaper into the wealth reportedly accumulated by relatives of the Chinese premier, Wen Jiabao. The Wall Street Journal said Thursday that its computer systems also had been infiltrated by Chinese hackers.   (graphic: the Week)

Image: week%202%201%2013%20China%20cyber%20army.jpg