Chinese hackers attacked us, claims The New York Times

Chinese hackers have been persistently attacking the computer systems of The New York Times over the last four months, the newspaper has claimed.

The attacks were purportedly in retaliation for an investigation into the business dealings of the family of Chinese prime minister Wen Jiabao, which was published by The Times in October 2012.

Victims of the security breach included The New York Times's Shanghai bureau chief David Barboza as well as South Asia bureau chief in India Jim Yardley, who both had their email accounts accessed.

The New York Times says that no customer data was stolen during the breach, and executive editor of The Times Jill Abramson says that no evidence has been found to indicate that "sensitive e-mails or files from the reporting of our articles about the Wen family were accessed, downloaded or copied".

The Times claims that it is still unclear exactly how the hackers originally gained access to its servers, although vulnerability management experts suspect that a spear-phishing attack utilising malicious emails may have been used.

From there the hackers were able to gain entry to any computer on the network of The New York Times, as well as steal passwords belonging to the newspaper's employees and use them to access personal computers outside the newsroom.

"Attackers no longer go after our firewall. They go after individuals. They send a malicious piece of code to your e-mail account and you’re opening it and letting them in," said chief security officer at The Times Michael Higgins in an article posted January 30 to the New York Times website.

While security experts analysing the incident told The Times that the malware utilised has been associated with computer attacks that originated in China, the Chinese government has firmly denied having any part in the breach.

"To accuse the Chinese military of launching cyberattacks without solid proof is unprofessional and baseless," China's Ministry of National Defense told The Times.

Cyber criminals can attack an organisation for many reasons, often for financial gain but sometimes for political or protest purposes as well.

That is why all organisations should endeavour to maximise their level of vulnerability management as much as possible, through evaluations such as security audit assessments and penetration testing.

You can read The New York Times's full analysis of the security breach by clicking here.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s