By Alexandra Burlacu email: firstname.lastname@example.org | Jan 31, 2013 02:36 PM EST
The New York Times (NYT) has been the target of a persistent cyber attack over the last four months, as Chinese hackers have infiltrated its systems.
Although the prolonged attack seems to be continuing, the Times has managed to stay on top of things and keep the hackers at bay.
"After surreptitiously tracking the intruders to study their movements and help erect better defenses to block them, The Times and computer security experts have expelled the attackers and kept them from breaking back in," the Times reported on Wednesday, Jan. 30.
According to the newspaper, the attacks started around the same time it began an investigation in October into reports that relatives of China's prime minister Wen Jiabao had made billions of dollars through various business dealings. After working closely with security experts, the Times traced the attacks back to China, and found that the methods used are associated with the Chinese military. China's Ministry of National Defense denied any involvement.
"Chinese laws prohibit any action including hacking that damages Internet security," it stated. "To accuse the Chinese military of launching cyberattacks without solid proof is unprofessional and baseless."
The first e-mail accounts attacked belonged to the New York Times' Shanghai bureau chief David Barboza, who wrote the reports, and Jim Yardley, the Time's South Asia bureau chief in India, who was previously the bureau chief in Beijing. The NYT's executive director Jill Abramson said that nothing sensitive was taken.
The hackers reportedly routed the attacks to the NYT via compromised systems at U.S. universities. According to Mandiant, the security firm that assisted the NYT with the issue, this cloaking method is a Chinese favorite.
"If you look at each attack in isolation, you can't say, 'This is the Chinese military,'" said Richard Betjlich, chief security officer at Mandiant. "When you see the same group steal data on Chinese dissidents and Tibetan activists, then attack an aerospace company, it starts to push you in the right direction."
The attackers stole numerous corporate passwords, one for every 53 employees. The hackers were also very persistent in their effort to find documents related to the Wen family and the newspaper's sources, but no evidence indicated that anything sensitive was actually taken.
Mandiant was eventually able to trace the attacks and build up a profile of the perpetrators and their methods of attack. The firm said the hackers would start at 8 a.m. Beijing time and "usually" spend a standard working day on the attack, but sometimes they would work until midnight.
The security firm further said the hackers may have been able to get into the New York Times' system through a spear-phishing attack. The company let the hackers do their business for so long so that it could get a clear idea of where they were infiltrating and close that gap.