This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

New York Times suffers APT at the hands of Chinese attackers

Share this article:
New York Times suffers APT at the hands of Chinese attackers
New York Times suffers APT at the hands of Chinese attackers

The New York Times has suffered a major cyber attack, with a large number of its user passwords stolen.

Hit by Chinese hackers in retaliation to a negative story published about the wealth of outgoing leader Wen Jiabao, the New York Times said that it had been attacked repeatedly over the past four months.

It said that security experts gathered digital evidence that Chinese hackers, using methods that some consultants have associated with the Chinese military in the past, breached The Times' network. They broke into the email accounts of its Shanghai bureau chief, David Barboza, who wrote the reports on Wen's relatives, and Jim Yardley, The Times' South Asia bureau chief in India, who previously worked as bureau chief in Beijing.

While the external experts found no evidence that sensitive emails or files from the reporting of the articles about the Wen family were accessed, downloaded or copied, the attackers were eventually able to install malware on systems. However while they accessed 53 passwords in total, they only related to those involved in this story and no customer data was accessed.

The forensic analysis found that the hackers broke into the computers on 13th September, when the reporting for the Wen articles was nearing completion. They set up at least three backdoors into users' machines that they used as a digital base camp and from there, they snooped around internal systems for at least two weeks before they identified the domain controller that contains user names and hashed, or scrambled, passwords for every Times employee.

The investigators found evidence that the attackers cracked the passwords and used them to gain access to a number of computers. The attackers installed 45 pieces of custom malware and the newspaper's Symantec anti-virus only identified one instance where the malware was identified as malicious and quarantined it, according to the experts from Mandiant.

A Symantec statement said: “Advanced attacks like the ones the New York Times described in the article underscore how important it is for companies, countries and consumers to make sure they are using the full capability of security solutions. The advanced capabilities in our endpoint offerings, including our unique reputation-based technology and behaviour-based blocking, specifically target sophisticated attacks.

“Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats. We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security. Anti-virus software alone is not enough."

Mikko Hypponen, chief research officer at F-Secure, said: “It's worth noting that no customer data was stolen. These attackers were not interested in making money. They wanted to spy on the Times. Journalists have been targeted by similar attacks before. In some cases, journalists' names have been used as a lure in targeted attacks.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

New Androids will encrypt your data just like iPhones

New Androids will encrypt your data just like ...

Google has promised that the next generation of Android phones will automatically encrypt data - preventing police and other agencies snooping on their users.

Russian cyber attack exploits Scottish independence vote

Russian cyber attack exploits Scottish independence vote

UK oil firms warned to guard against new campaign as Russian malware exploits Scottish independende vote.

Card and banking fraud back on the rise again

Card and banking fraud back on the rise ...

Banking and card fraud back on the rise again says the FFA UK as crime increasingly moves online.