This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

New York Times suffers APT at the hands of Chinese attackers

Share this article:
New York Times suffers APT at the hands of Chinese attackers
New York Times suffers APT at the hands of Chinese attackers

The New York Times has suffered a major cyber attack, with a large number of its user passwords stolen.

Hit by Chinese hackers in retaliation to a negative story published about the wealth of outgoing leader Wen Jiabao, the New York Times said that it had been attacked repeatedly over the past four months.

It said that security experts gathered digital evidence that Chinese hackers, using methods that some consultants have associated with the Chinese military in the past, breached The Times' network. They broke into the email accounts of its Shanghai bureau chief, David Barboza, who wrote the reports on Wen's relatives, and Jim Yardley, The Times' South Asia bureau chief in India, who previously worked as bureau chief in Beijing.

While the external experts found no evidence that sensitive emails or files from the reporting of the articles about the Wen family were accessed, downloaded or copied, the attackers were eventually able to install malware on systems. However while they accessed 53 passwords in total, they only related to those involved in this story and no customer data was accessed.

The forensic analysis found that the hackers broke into the computers on 13th September, when the reporting for the Wen articles was nearing completion. They set up at least three backdoors into users' machines that they used as a digital base camp and from there, they snooped around internal systems for at least two weeks before they identified the domain controller that contains user names and hashed, or scrambled, passwords for every Times employee.

The investigators found evidence that the attackers cracked the passwords and used them to gain access to a number of computers. The attackers installed 45 pieces of custom malware and the newspaper's Symantec anti-virus only identified one instance where the malware was identified as malicious and quarantined it, according to the experts from Mandiant.

A Symantec statement said: “Advanced attacks like the ones the New York Times described in the article underscore how important it is for companies, countries and consumers to make sure they are using the full capability of security solutions. The advanced capabilities in our endpoint offerings, including our unique reputation-based technology and behaviour-based blocking, specifically target sophisticated attacks.

“Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats. We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security. Anti-virus software alone is not enough."

Mikko Hypponen, chief research officer at F-Secure, said: “It's worth noting that no customer data was stolen. These attackers were not interested in making money. They wanted to spy on the Times. Journalists have been targeted by similar attacks before. In some cases, journalists' names have been used as a lure in targeted attacks.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

VC cyber security funding tops £850 million

VC cyber security funding tops £850 million

A new study from US-based research firm CBI Insights reveals that corporate cyber security investments have risen five-fold since 2009, with 30 percent growth in the last year alone.

Russian/Chinese cyber-security pact raises concerns

Russian/Chinese cyber-security pact raises concerns

News that Russia and China are set to sign a cyber-security treaty next month have left Western cyber experts unsure whether it is a threat or a promising development.

UK police arrest trio over £1.6 million cyber theft from cash machines

UK police arrest trio over £1.6 million cyber ...

London Police have arrested three suspected members of an Eastern European cyber-crime gang who installed malware on more than 50 bank ATM machines across the UK to steal £1.6 million.