How Chinese Hackers Infiltrated The New York Times

Faces in the Crowd

Scott Henderson, a private intelligence contractor, believes that civilian hackers in China pose a real threat to American cybersecurityJasper James/Getty Images

The New York Times published an article this morning saying that the newspaper has been the victim of persistent and, it must be said, not entirely unsuccessful cyberattacks originating in China. The attacks apparently started shortly after the Times published this report about the relatives of Wen Jiabao, China's prime minister, who have accumulated a "hidden fortune" to the tune of billions of dollars.

The attacks consisted of hacking into the email accounts of 53 Times employees, and the information accessed was apparently limited to information related to the Wen Jiabao story. The Times stresses that no customer information (credit cards, that kind of thing) was accessed.

An outside firm hired by the Times found that the technique used to gain this access was consistent with other attacks from China: a method called "spearphishing," an essentially simple way to gain access that involves sending malicious links that, when opened, install malware on the victim's computer. The emails were routed through American universities--also a Chinese hacker trademark--to disguise their origin. The Times has taken several steps to protect itself in the future, including changing every employee password, removing "every back door into its network," and adding more security. Read more here.