New York Times computer network breached by Chinese hackers, paper says

The computers of 53 employees were accessed and several email accounts were compromised, the paper reported

By Lucian Constantin, IDG News Service |  Security

New York Times newspapers describing the sinking of the Titanic

Copies of original newspapers describing the sinking of the Titanic rest in an exhibit at the South Street Seaport Museum commemorating the 100th anniversary of the sinking of the Titanic in New York April 11, 2012.

Image credit: REUTERS/Lucas Jackson

Hackers from China breached the computer network of The New York Times and stole passwords that allowed them to gain access to computers and email accounts for a period of four months, the newspaper reported late Wednesday.

The initial intrusion happened sometime around Sept. 13 while the Times reporters were working on a story about the multibillion-dollar fortune accumulated by relatives of China's Prime Minister Wen Jiabao, the Times report said.

It's not clear how hackers originally gained access to the Times' network, but computer forensics experts from IT security firm Mandiant, which was contracted to investigate the incident, believe that the organization's employees might have been targeted via spear phishing -- an attack technique that involves sending specifically crafted email messages with malicious links or attachments.

The hackers' activity on the network increased after the story about the Chinese prime minister's relatives and their wealth was published in late October, the Times said. The newspaper was aware of warnings from Chinese officials that investigating Wen's relatives would have consequences, the Times said.

AT&T was asked by the Times to monitor its computer network for suspicious activity and started seeing behavior consistent with cyberattacks believed to be associated with the Chinese military on Oct. 25. After learning of this activity, the Times briefed the FBI and tried to eliminate the attackers from its systems.

However, on Nov. 7 it became clear that the hackers still had a foothold on some of the systems and the newspaper contracted Mandiant. This marked the beginning of a larger investigation that involved monitoring how the attackers moved around the network for several months in order to learn their habits and discover all backdoors they might have installed.

The Mandiant investigators established that the hackers had stole usernames and password hashes for all Times employees from the network's domain controller and used them to gain access to the computers of 53 employees.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness