Chinese hackers repeatedly penetrated The New York Times' computer systems over the past four months, stealing reporters' passwords and hunting for files on an investigation into the wealth amassed by the family of a top Chinese leader, the newspaper is reporting.
Security experts hired to investigate and plug the breach found that the attacks used tactics similar to ones used in previous hacking incidents traced to China, the report said Thursday.
It said the hackers routed the attacks through computers at U.S. universities, installed a strain of malicious software, or malware, associated with Chinese hackers and initiated the attacks from university computers previously used by the Chinese military to attack U.S. military contractors.
The attacks, which began in mid-September, coincided with a Times investigation into how the relatives and family of Premier Wen Jiabao built a fortune worth over $2 billion US. The report, which was posted online Oct. 25, embarrassed the Communist Party leadership, coming ahead of a fraught transition to new leaders and exposing deep-seated favouritism at a time when many Chinese are upset about a wealth gap.
Over the months of cyber-incursions, the hackers eventually lifted the computer passwords of all Times employees and used them to get into the personal computers of 53 employees.
The report said none of the Times' customer data was compromised and that information about the investigation into the Wen family remained protected, though it left unclear what data or communications the infiltrators accessed.
"Computer security experts found no evidence that sensitive emails or files from the reporting of our articles about the Wen family were accessed, downloaded or copied," the report quoted executive editor Jill Abramson as saying. A Times spokeswoman declined to comment further.
Chinese official denies report
A Chinese Foreign Ministry spokesman called the Times' accusations groundless and reiterated the government's position that China also has been hacked repeatedly.
"To rashly jump to conclusions based on investigation results which have not been proved by evidence is totally irresponsible behaviour," the spokesman, Hong Lei, said at a routine daily media briefing. "China is also a victim of cyber-attacks. Chinese laws specifically stipulate that cyber-attacks are prohibited."
The Chinese Defence Ministry asked for questions to be submitted in writing but initially declined comment.
The Times, in its report, quoted the Defence Ministry as saying that Chinese law prohibits hacking and other acts that damage Internet security and that accusing it of "cyber-attacks without solid proof is unprofessional and baseless."
China has been accused by the U.S., other foreign governments and computer security experts of mounting a widespread, aggressive cyber-spying campaign for several years, trying to steal classified information and corporate secrets and to intimidate critics.
Foreign reporters and news media, including The Associated Press, have been among the targets of attacks intended to uncover the identities of sources for news stories and to stifle critical reports about the Chinese government.
"Attacks on journalists based in China are increasingly aggressive, disruptive and sophisticated," said Greg Walton, a cyber-security researcher who has tracked Chinese hacking campaigns.
China's cyber-spying efforts have excelled in part because of the government's "willingness to ignore international norms relating to civil society and media organizations," he said.
The Times reported that executives became concerned just before the publication of the Wen investigation after learning that Chinese officials had warned of unspecified consequences. Soon after the Oct. 25 publication, AT&T, which monitors the Times' computer networks, notified the company about activity consistent with a hacking attack, the report said.
After months of investigation by the computer security firm Mandiant, experts are still unsure how the hackers initially infiltrated the Times' computer systems, the report said.