Host 'subweb.ibtimes.com' is not allowed to connect to this MySQL serverSELECT tid,hits,start_time FROM biztimes_stats.stats_articles_au WHERE tid='429924' Host 'subweb.ibtimes.com' is not allowed to connect to this MySQL serverSELECT cmt_count FROM ib_articles_counts WHERE id='429924' Host 'subweb.ibtimes.com' is not allowed to connect to this MySQL serverSELECT * FROM ib_sources WHERE id='1001' Host 'subweb.ibtimes.com' is not allowed to connect to this MySQL serverSELECT * FROM ib_articles_options WHERE article_id='429924' Host 'subweb.ibtimes.com' is not allowed to connect to this MySQL serverSELECT id,title,timestamp,keywords FROM ib_articles_4 WHERE id='429319' Host 'subweb.ibtimes.com' is not allowed to connect to this MySQL serverSELECT article_id FROM ib_topics_index WHERE tid='354' ORDER BY id DESC LIMIT 10Host 'subweb.ibtimes.com' is not allowed to connect to this MySQL serverSELECT article_id FROM ib_topics_index WHERE tid='227' ORDER BY id DESC LIMIT 10Host 'subweb.ibtimes.com' is not allowed to connect to this MySQL serverSELECT * FROM ib_rates WHERE article_id='429924' LIMIT 1 New York Times Attacked by Chinese Hackers – Every Password Stolen [VIDEO] - International Business Times

New York Times Attacked by Chinese Hackers – Every Password Stolen [VIDEO]

  • Rate this Story
  • 0
  • 0

By David Gilbert | January 31, 2013 9:15 PM EST

For the last four months, Chinese hackers have been infiltrating the New York Times' internal network, stealing the passwords of reporters and other employees.

Late on Wednesday evening, the New York Times reported the security breach, saying the initial hack had occurred around the 13 September. Having discovered the attackers, the Times then secretly tracked the intruders' activities to study their movements and help implement better defences in the future.

"The Times and computer security experts have expelled the attackers and kept them from breaking back in," the report said. The password of every single Times employee was stolen according to the report with 53 personal computers compromised - most of them outside the newsroom.

The New York Times claims the attack coincided with a report published online on 25 October which said relatives of China's prime minister Wen Jiabao had accumulated a multi-billion dollar fortune through business dealings.

While passwords may have been compromised, the Times says there is no evidence that other information was stolen. "Computer security experts found no evidence that sensitive e-mails or files from the reporting of our articles about the Wen family were accessed, downloaded or copied," said Jill Abramson, executive editor of The Times 

Having identified the breach, the Times brought in outside security experts Mandiant, who examined the methods used by the attackers. According to the security experts hired by the Times, the method of attack used has previously been associated with the Chinese military..

The hackers tried to put the security experts off the scent by routing the attacks through computers at universities in the United States, which is again a method known to be used by hackers based in China, according to Mandiant.

Further links to China were found in the malware used to gain control of the computers within the Times network, which was a variant of malware previously used in attacks originating in China.

Baseless

The Times confronted China's Ministry of National Defence with the evidence of an attack coming from China, but a spokesperson rebuffed the allegation as "baseless."

"Chinese laws prohibit any action including hacking that damages Internet security. To accuse the Chinese military of launching cyber-attacks without solid proof is unprofessional and baseless."

The attack on the New York Times, and a previous attack on Bloomberg last June, are not isolated incidents however. Mandiant said that over the course of several investigations it found evidence that Chinese hackers had stolen emails, contacts and files from more than 30 journalists and executives at Western news organizations

"The intelligence-gathering campaign, foreign policy experts and computer security researchers say, is as much about trying to control China's public image, domestically and abroad, as it is about stealing trade secrets," the Times reported.

These attacks are only one part of the growing trend of cyber-espionage among nation-states who are deploying cyber-weapons, such as Flame, to collect huge amounts of sensitive data on other states. The US, Russia, Israel and Iran among others are all believed to be actively involved in cyber-espionage.

The US and Israel are believed to be behind the Stuxnet and Flame attacks on systems in Iran, while Iran itself is believed - by some - to be behind persistent attacks on US banks over recent months.

Pinpoint

Mandiant have been unable to pinpoint the exact method of infiltration into the Time systems, but it is believed that a highly-targeted spear-phishing attack, targeting one Times employee. It only takes one employee to click on a link or download a document which is malicious for the hackers to infect the target's PC.

Michael Higgins, chief security officer at The Times, said: "Attackers no longer go after our firewall. They go after individuals. They send a malicious piece of code to your e-mail account and you're opening it and letting them in."

Although it first identified a breach in the system as far back as October, the Times said it allowed the hackers to "spin a digital web for four months" in order to identify every vulnerability in the system and prevent it from happening again.

While it was October when the breach was identified - following warnings from China - the initial breach occurred around 13 September, when the reporting for the Wen article was nearing completion.

The Times said it uses anti-virus software from Symantec, but of the 45 pieces of custom malware installed by the hackers, only one was flagged by the Symantec software. While Symantec wouldn't comment on the issue, this highlights the trouble anti-virus companies are facing when attempting to combat the wave of new malware being discovered on a daily basis.

Mandiant claims this is far from an isolated incident of Chinese hackers attacking western organisations, with the company currently monitoring around 20 groups of China spying on organisations in the US and around the globe.

The group which it believes carried out the attack on the New York Times, is also being tracked by US mobile network AT&T and the FBI, and is according to Mandiant, "very active" having broken into hundreds of other Western organisations, including several American military contractors. 

To report problems or to leave feedback about this article, e-mail:

To contact the editor, e-mail:

Host 'subweb.ibtimes.com' is not allowed to connect to this MySQL serverSELECT id FROM ib_slideshows WHERE timestamp>1413960599 AND hits>0 AND outkey='Y' ORDER BY hits DESC LIMIT 10Host 'subweb.ibtimes.com' is not allowed to connect to this MySQL serverSELECT id FROM ib_slideshows WHERE timestamp<1413960599 AND timestamp>1413701399 AND hits>0 AND outkey='Y' ORDER BY hits DESC LIMIT 10
  • Rate this Story
  • 0
  • 0

Join the Conversation

IBTimes TV
E-Newsletters

We value your privacy. Your email address will not be shared.