Hackers from China, likely affiliated with the PRC government, infiltrated the New York Times‘ computer system and spied on it for the past four months, the paper of record reports.
The infiltrations began once the Times reported on the secret wealth of billionaire relatives of China’s Prime Minister Wen Jiabao. When reporter David Barboza was investigating the story, the Times received threats from Chinese government officials that exposing the net worth of Wen’s relatives would “have consequences”. AT&T was instructed to keep close watch on the Times‘ information systems, and they quickly detected suspicious activity. Security firm Mandiant was brought in, and began documenting four months of infiltrations which, they concluded, originated in China, and are consistent with Chinese government hacks of the past. The PRC has denied any involvement.
So what were the hackers after? According to Marc Frons, the New York Times‘ Chief Information Officer, this was a campaign of espionage, not sabotage. The hackers were looking for the name of David Barboza’s source. They didn’t find one, because there wasn’t one. Barboza’s reporting was based entirely on publicly available documents that allowed him to piece together a picture of the Wen family fortune.
Nevertheless, in their fruitless search, the hackers were able to steal passwords for every Times employee. Every reporter’s drafts, every email–all of it could have been compromised. Even worse, the hackers had the power to take down the New York Times entirely. When asked if the hackers could have stopped the Times from publishing on the evening of the recent U.S. federal election, CIO Frons replied “yes, they could have”.
Instead, the hackers limited their intrusions to the personal computers of 53 employees. The Times tolerated the espionage for four months in order to get a complete picture of their exposure before shutting it down. They report that no customer data has been compromised.
According to the Times, they were not alone in being compromised. “The attacks,” they report, “appear to be part of a broader computer espionage campaign against American news media companies that have reported on Chinese leaders and corporations.” The Wall Street Journal has since come forth to report that they have been compromised as well.
All of this raises some questions:
- Was anyone else compromised?
- The F.B.I. is probing these hacks as a matter of national security. Does that suggest a military response? Is this also a trade issue?
- How do you respond when you can’t conclusively prove who’s to blame?
- How can journalists act responsibly to protect their sources when such attacks occur?