China continues cyberwar campaign, hacks the The New York Times

Feb 1, 2013- China has yet again been caught with its hand in the Western cookie jar. This time, it seems the Chinese military have hacked The New York Times, as an act of retaliation following a damning story published by The Times’ about China’s premier, Wen Jiabao. This follows on from Chinese hacks of Silicon Valley in 2010, and “hundreds” of other organizations and military contractors over the last few years.


The hack, which led to the complete infiltration of The Times’ network and numerous email accounts, started back in September when David Barboza was finishing a story about Wen Jiabao’s relatives accumulating billions of dollars through corrupt business dealings. The hackers set up three backdoors within The Times’ network, most likely using spear phishing (malware-laden email that is specifically targeted at certain users to maximize the chance that they open it). From here the hackers identified the domain controller, grabbed every user’s account name and password hash, cracked the hashes, and then had full access to just about everything on The Times’ network.

As an interesting aside, The Times uses Symantec’s suite of antimalware software — and yet over the course of three months, Symantec only successfully identified one piece of malware, out of 45 installed by the hackers. Mandiant, the security firm hired by The Times to root out the hackers, says that the malware was custom-made for the job, which is probably why Symantec couldn’t identify it.

Fortunately it seems like the hackers were only interested in information pertaining to the Wen Jiabao story – specifically, the names of people who provided information to Barboza. ”They could have wreaked havoc on our systems,” says Marc Frons, The Times’s chief information officer. “But that was not what they were after.” The Times says that, somehow, there’s “no evidence that sensitive e-mails or files from the reporting of our articles about the Wen family were accessed, downloaded or copied.” No customer data was stolen, either. It seems like The Times got away fairly unscathed, if a little humbled.

China, for what it’s worth, is denying any involvement, stating that “Chinese laws clearly forbid hacking attacks,” and “Cyberattacks have a transnational and anonymous nature; under such circumstances accusing the Chinese military of launching attacks through the web without irrefutable proof is unprofessional and baseless.” Mandiant insists that the attack is consistent with “A.P.T. Number 12,” a group of hackers that have previously been traced back to Chinese universities by Mandiant, AT&T, and the FBI. Without some kind of paper trail, it’s of course impossible to confirm that the Chinese government actually ordered the hackers to attack the NYT.

At this point, though, “transnational and anonymous” or not, it does seem fairly certain that China — as a nation — is engaging in cyberwarfare with the West, or those who seek to impugn the infallibility of its leadership. There has been a steady stream of reports from security firms of Chinese cyberattacks dating back into the mid-2000s, and they nearly always follow on from newspaper exposés, or target dissidents or activists. Remember, this is a nation where freedom of speech and the press doesn’t really exist, and where the flow of information is strictly controlled via the Great Firewall and other government-mandated means.

China’s industrial espionage on Silicon Valley and other Western companies rich in intellectual property is obviously in a different vein, but still with the same goal ultimately in mind: Chinese supremacy.

Extremetech

Comments