|Chinese and U.S. Defense Ministers|
Both the New York Times and the Wall Street Journal have now come forward saying that they have been targeted by Chinese hackers, apparently over their coverage of China.
The timing of these announcements is especially interesting given that the Pentagon recently announced a fivefold increase in their cybersecurity forces, although the New York Times said they were under attack for months.
The New York Times claimed that the attacks began around four months ago following an in-depth investigation into China’s prime minister.
The hack at the Times was apparently successful as it resulted in the theft of the corporate passwords for every single Times employee.
The personal computers of 53 employees were breached thanks to the password theft, most of which were outside of the Times’s newsroom.
However, according to computer security specialists at Mandiant, the company hired by the Times to investigate the attack, no evidence was uncovered indicating that customer data was stolen or any information not related to the reporting on the prime minister’s family.
According to the Times, the attacks began during the investigative phase for a report showing that relatives of Chinese Prime Minister Wen Jiabao had accumulated several billion dollars in wealth through various business dealings.
Yet Jill Abramson, the executive editor of the Times, said, “no evidence that sensitive e-mails or files from the reporting of our articles about the Wen family were accessed, downloaded, or copied.”
Quite interestingly, there does not seem to be any direct evidence of China’s responsibility for the attacks.
For instance, the Times writes, that techniques used in this case match “the subterfuge used in many other attacks that Mandiant has tracked to China.”
According to cybersecurity specialists, the malware used in the attack was “a specific strain associated with computer attacks originating in China.”
When the Chinese Ministry of National Defense was asked by the Times about the alleged evidence – which seems far from damning at this point – they replied, “Chinese laws prohibit any action including hacking that damages Internet security … to accuse the Chinese military of launching cyberattacks without solid proof is unprofessional and baseless.”
While one would not expect the Chinese military to admit being involved in targeting Western corporations, there really isn’t any direct evidence at this point.
Some of the other “evidence” includes AT&T claiming they “noticed behavior that was consistent with other attacks believed to have been perpetrated by the Chinese military.”
According to the Times, the hackers began their work, “for the most part,” at 8 am Beijing time and continued either for a standard workday or even until midnight. According to Mandiant, the attacks would sometimes stop for two week periods for no clear reason.
According to an unnamed “person with knowledge of [Bloomberg News’s] internal investigation” the company was also targeted by Chinese hackers last year, reports the Times.
The Times claims that the “mounting number of attacks that have been traced back to China suggest that hackers there are behind a far-reaching spying campaign aimed at an expanding set of targets including corporations, government agencies, activist groups and media organizations inside the United States,” although just how these attacks are being traced isn’t all that clear.
Unnamed “security experts” cited by the Times claimed that Chinese hackers began targeting Western journalists starting in 2008.
The Times also cites a report from Mandiant that said “Mandiant said that over the course of several investigations it found evidence that Chinese hackers had stolen e-mails, contacts and files from more than 30 journalists and executives at Western news organizations.”
It’s not very hard to imagine why Mandiant would be interested in saying that Chinese hackers are attacking corporations in the U.S. given that it’s their business to provide incident response and forensics forces along with “products, professional services and education to Fortune 500 companies, financial institutions, government agencies, domestic and foreign police departments and leading U.S. law firms.”
They also work directly with the U.S. government, the same government painting a picture of a massive cyberwarfare threat facing America justifying the massive expansion of cybersecurity forces.
Mandiant simply claimed, according to the Times, that the source of the attacks is China based on a pattern that “closely matched the pattern of earlier attacks traced to China.”
Yet the IPs used to conduct the attacks belonged to American universities, companies and ISPs but even if they were Chinese IPs, it really wouldn’t prove anything.
Mandiant simply claims that since the techniques and patterns of the hackers are somewhat similar it “is a sign that the hackers are the same or affiliated,” according to the Times.
CNET points out that a report by the U.S. Economic and Security Review Commission on China called China the “most threatening actor in cyberspace” and claimed that hackers sponsored by China targeted U.S. government and military computer systems as well as private systems in 2012.
“Other news organizations, including the Associated Press and Bloomberg News, have also reported cyber attacks related to coverage in China in recent months,” reports CNET.
In the case of the Wall Street Journal, they report that their computer systems were “infiltrated by Chinese hackers, apparently to monitor its China coverage.”
The Wall Street Journal also cited unnamed “people familiar with the response to the cyberattacks” who claim that Chinese hackers have been targeting major American media corporations for years.
Chinese Embassy spokesman Geng Shuang, however, said, “It is irresponsible to make such an allegation without solid proof and evidence.”
“The Chinese government prohibits cyberattacks and has done what it can to combat such activities in accordance with Chinese laws,” he said, adding that China has also been a victim of cyberattacks without citing the source of said attacks.
The Wall Street Journal report, like that of the New York Times, presents little to no evidence, instead opting to cite unnamed sources “familiar” with breaches who claim incidents “were connected to the Chinese government.”
“Western companies, including media organizations, are reluctant to comment about possible Chinese hacking because they could lose customer confidence in their network security,” the Wall Street Journal report states. “Going public also risks antagonizing the Chinese government.”
It’s a convenient way to make many allegations without any need to present evidence to back it up beyond anonymous sources, alleged patterns and other unverifiable claims.
Did I forget anything or miss any errors? Would you like to make me aware of a story or subject to cover? Or perhaps you want to bring your writing to a wider audience? Feel free to contact me at admin@EndtheLie.com with your concerns, tips, questions, original writings, insults or just about anything that may strike your fancy.
Please support our work and help us start to pay contributors by doing your shopping through our Amazon link or check out some must-have products at our store.
This article first appeared at End the Lie.
Madison Ruppert is the Editor and Owner-Operator of the alternative news and analysis database End The Lie and has no affiliation with any NGO, political party, economic school, or other organization/cause. He is available for podcast and radio interviews. Madison also now has his own radio show on UCYTV Monday nights 7 PM - 9 PM PT/10 PM - 12 AM ET. Show page link here: http://UCY.TV/EndtheLie. If you have questions, comments, or corrections feel free to contact him at admin@EndtheLie.com
BE THE CHANGE! PLEASE SHARE THIS USING THE TOOLS BELOW