The New York Times’ Nicole Perlroth reports that computers belonging to the newspaper and its staff have suffered repeated attacks over the past four months, apparently from within China. The intruders appeared to focus on identifying sources for David Barboza’s investigation into Wen Jiabao’s family’s business dealings: although Barboza claimed that his research was based on publicly available records, some suspected a deliberate leak by Wen’s political opponents. China’s Ministry of National Defense has denied any involvement in the attacks.
Investigators still do not know how hackers initially broke into The Times’s systems. They suspect the hackers used a so-called spear-phishing attack, in which they send e-mails to employees that contain malicious links or attachments. All it takes is one click on the e-mail by an employee for hackers to install “remote access tools” — or RATs. Those tools can siphon off oceans of data — passwords, keystrokes, screen images, documents and, in some cases, recordings from computers’ microphones and Web cameras — and send the information back to the attackers’ Web servers.
[…] The attackers were particularly active in the period after the Oct. 25 publication of The Times article about Mr. Wen’s relatives, especially on the evening of the Nov. 6 presidential election. That raised concerns among Times senior editors who had been informed of the attacks that the hackers might try to shut down the newspaper’s electronic or print publishing system. But the attackers’ movements suggested that the primary target remained Mr. Barboza’s e-mail correspondence.
“They could have wreaked havoc on our systems,” said Marc Frons, the Times’s chief information officer. “But that was not what they were after.”
What they appeared to be looking for were the names of people who might have provided information to Mr. Barboza.
I would like to apologize to the NYT computer support folks I snapped at after they reset my password without warning nytimes.com/2013/01/31/tec…
— John Schwartz — NYT (@jswatz) January 31, 2013