The New York Times says hackers attacked its systems for months, suspects Chinese military

NYT (Shutterstock)

The New York Times has published a wild account of a four month-long hack, reportedly originating in China, that compromised its computer systems and targeted its reporters. The report suggests that the attack may have been politically motivated, and that it may have been conducted by the Chinese military. The hack has since been shut down, but several important questions remain unanswered.

The Times says that it received warnings from Chinese government officials in response to an investigation into the wealth of prime minister Wen Jiabao's relatives. Following the warnings, the publication asked its ISP — AT&T — to monitor its network for attacks. The Times says that on October 25th, the day its investigation was published, AT&T notified it of an attack consistent with others "believed to have been perpetrated by the Chinese military." When the Times and AT&T could not repel the attack, a private security firm named Mandiant was hired.

The Times journalist behind the investigation was a principal target

The report says that a forensic analysis of the attack reveals that it was targeted at the journalist involved in the investigation of Mr. Wen. The Times suggests that the hackers may have been trying to uncover sources for its investigation; it says "experts found no evidence that the intruders used the [cracked] passwords to seek information that was not related to the reporting on the Wen family." The Times says that the attack that affected it, and similar attacks against several other American news media companies and other organizations, suggests that there is a "far-reaching spying campaign" intended to control China's public image.

The attackers installed 45 pieces of custom malware

The Times says the hackers may have utilized a spear-phishing attack that gave them a back door into three machines, beginning on September 13th, when the report on Wen's family was "nearing completion." The hackers reportedly scouted the NYT's systems for weeks, before cracking passwords and infiltrating dozens of other computers. The Times reports that attackers installed 45 pieces of custom malware, and that Symantec (its antivirus software of choice) only quarantined an attacker's malware in one instance.

While evidence that the Chinese military is behind the attack is not said to be conclusive, the Times notes that several signs point to a military intrusion. For instance, the attackers are said to have used computers from universities in North Carolina, Arizona, Wisconsin, and New Mexico to cover their tracks — a tactic that Mandiant says closely matches other attacks traced to China.

The Times says that for now it appears to be safe, but it anticipates that it will be targeted by more attacks in the future.

The Verge
Log In Sign Up

Log In Sign Up

Please choose a new Verge username and password

As part of the new Verge launch, prior users will need to choose a permanent username, along with a new password.

Your username will be used to login to Verge going forward.

I already have a Vox Media account!

Verify Vox Media account

Please login to your Vox Media account. This account will be linked to your previously existing Eater account.

Please choose a new Verge username and password

As part of the new Verge launch, prior MT authors will need to choose a new username and password.

Your username will be used to login to Verge going forward.

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

Try another email?

Almost done,

By becoming a registered user, you are also agreeing to our Terms and confirming that you have read our Privacy Policy.



Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.