China Hackers Hit U.S. Media
Chinese hackers have been conducting wide-ranging electronic surveillance of media companies including The Wall Street Journal in an apparent effort to spy on reporters covering China and other issues, people familiar with incidents said.
Journal publisher Dow Jones & Co. said Thursday that the paper's computer systems had been infiltrated by Chinese hackers for the apparent purpose of monitoring its China coverage. New York Times Co. disclosed Wednesday night that its flagship newspaper also had been the victim of cyberspying.
Chinese hackers for years have targeted major U.S. media companies with hacking that has penetrated deep inside some newsgathering systems, several people familiar with the response to the cyberattacks said.
Tapping the computers of reporters at major outlets could allow the Chinese government to identify sources on articles as well as information about pending stories.
Chinese Embassy spokesman Geng Shuang condemned allegations of Chinese cyberspying. 'It is irresponsible to make such an allegation without solid proof and evidence,' he said. 'The Chinese government prohibits cyberattacks and has done what it can to combat such activities in accordance with Chinese laws.' He said China has been a victim of cyberattacks but didn't say from where.
The U.S. Federal Bureau of Investigation has been probing such media incidents for more than a year and considers the hacking a national-security matter. Investigators see it as part of a long-running pattern by a foreign entity to compromise the security of major U.S. companies, people familiar with the matter said.
Some evidence gathered in the probe suggested that the hacking was done by a single group that focused specifically on media companies, according to people familiar with the matter.
One person described the hacking as a swarm of relatively unsophisticated but persistent attempts to gain access.
'It's part of this overall story that the Chinese want to know what the West thinks of them,' said Richard Bejtlich, chief security officer with the computer-security company Mandiant Corp., which was hired by the New York Times to investigate its breach. 'What slant is the media going to take on them? Who are their sources?'
Mandiant, which is frequently retained by companies to respond to cyberinfiltrations, has seen roughly 30 reporters and their managers targeted in different incidents dating back to 2008.
Bloomberg LP on Thursday acknowledged, without providing details, that attempts had been made to infiltrate its systems but said its security wasn't breached. A spokeswoman for Thomson Reuters PLC said that its Reuters news service was hacked twice in August on its blogging platform. She said Reuters couldn't confirm the hacking source.
Computer-security firms that track Chinese cyberspying groups say that one of the roughly 20 groups they know about appears to specialize in the media industry.
'We know there are campaigns that are launched by specific groups targeting specific sectors,' said Shawn Henry, president of CrowdStrike Inc., a computer-security firm, and a former FBI cyberspace specialist. 'When governments are actively collecting intelligence, they have developed subject-matter experts in particular industries.'
The U.S. government has grown increasingly concerned about Chinese spying on the government and U.S. corporations, prompting U.S. intelligence agencies to issue a report a year ago calling Chinese hackers from the government and private sector the world's most 'active and persistent' perpetrators of industrial spying.
Google Inc. and EMC Corp. computer-security unit RSA, among others, have said that their systems have been infiltrated. People familiar with those breaches said they were connected to the Chinese government.
The intelligence report discussed the extensive theft of data from global energy companies and proprietary data such as client lists and acquisition plans at other companies.
Cyberspecialists said the goals of hacking can include industrial espionage, insider trading and tracking potentially damaging information.
'The Communist Party really fears information and they can see their control unraveling as people read about corruption and officials with huge bank portfolios,' said James Lewis, who advises lawmakers and the White House on cybersecurity issues. 'Information is an existential threat to these regimes.'
The New York Times in an article Thursday detailed how Chinese hackers had infiltrated its systems over the past four months and gained access to passwords belonging to reporters and other employees. The paper said it believed it had expelled the hackers from its system.
It is rare for companies to acknowledge hacking incidents because they fear that could hurt customer confidence and profits, corporate executives have said.
The Journal has faced hacking threats from China on and off during the past few years, said several people familiar with the Journal investigation.
In the most recent incident, the Journal was notified by the FBI of a potential breach in the middle of last year, when the FBI came across data that apparently had come from the computer network in the Journal's Beijing bureau, people familiar with the incident said.
The Journal hired consultants to investigate the matter and uncovered a major breach in which hacking groups─it wasn't clear whether they were working together─entered the company's networks, in part through computers belonging to business staff in the Beijing office, and from there infiltrated the global computer system, people familiar with the situation said.
Among the targets were a handful of reporters and editors in the Beijing bureau, including Jeremy Page, who wrote articles about the murder of British businessman Neil Heywood in a scandal that helped to bring down Chinese politician Bo Xilai, and Beijing Bureau Chief Andrew Browne, people familiar with the matter said.
The Journal began an investigation to track the cyberspies. The probe watched where the hackers went within the Journal's computer networks, what information they were interested in and how deeply they had penetrated.
A number of computers were totally controlled by outside hackers, who had broad access across the Journal's computer networks, people familiar with the matter said.
The investigation couldn't determine the full extent of the information that was spied on by the hackers, they said. The company's computer specialists wiped clean several hard drives in Beijing last year.
The Journal in recent weeks has been preparing measures to bolster security through the company's networks. This effort culminated this week with a companywide requirement to change passwords.
'Evidence shows that infiltration efforts target the monitoring of the Journal's coverage of China and are not an attempt to gain commercial advantage or to misappropriate customer information,' Paula Keve, a spokeswoman for Journal publisher Dow Jones, said in a written statement Thursday. Dow Jones is a unit of News Corp.
Data security is an 'ongoing issue,' Ms. Keve said. 'We continue to work closely with the authorities and outside security specialists, taking extensive measures to protect our customers, employees, journalists and sources.'
Her statement said that the Journal on Thursday completed a network overhaul to bolster security.
SIOBHAN GORMAN / DEVLIN BARRETT / DANNY YADRON
美國聯邦調查局(Federal Bureau of Investigation)一年多以來一直在調查這類媒體遭網絡入侵的事件﹐並將其視為損害美國利益的國家安全案件。知情人士說﹐調查人員認為這些活動是外國實體危害美國主要公司安全的長期行動的一部分。
電 腦安全公司Mandiant Corp.的首席安全長貝傑特里奇(Richard Bejtlich)說﹐這是中國為瞭解西方對它的看法而採取的行動。《紐約時報》已經聘請Mandiant調查該報網絡遭入侵事件。貝傑特里奇說﹐中國想 知道﹐媒體在報道中國事件時側重哪些方面？他們的消息來源是誰？
彭 博(Bloomberg LP)週四承認﹐曾有黑客試圖侵入其系統﹐但未獲成功。此外彭博沒有透露更多細節。湯森路透(Thomson Reuters PLC)的發言人說﹐路透社(Reuters news service)的博客平台去年8月兩次被入侵。這位發言人說﹐路透無法確認攻擊源頭。
計算機安全公司CrowdStrike Inc.總裁、前美國聯邦調查局網絡專家亨利(Shawn Henry)說﹐我們知道有一些入侵活動﹐由以特定行業為攻擊目標的特定組織發起。他說﹐當政府積極收集情報時﹐他們就已經培養出了特定行業的專家
谷歌公司(Google Inc.)和數據存儲服務提供商EMC Corp.旗下計算機安全公司RSA等說﹐它們的系統曾被入侵。知情人士說﹐入侵事件與中國政府有關。
知情人士說﹐黑客攻擊的目標包括北京分社的一些記者和編輯﹐包括裴傑(Jeremy Page)和北京分社社長班安祖(Andrew Browne)。裴傑曾撰文報道英國商人海伍德(Neil Heywood)被謀殺一事。這起醜聞幫助將中國高官薄熙來拉下馬。
《華爾街日報》發行商道瓊斯公司發言人凱韋(Paula Keve)週四在一份書面聲明中說﹐有證據顯示﹐入侵行動旨在監視《華爾街日報》對中國的報道﹐而不是為了獲得商業利益或是盜取客戶信息。道瓊斯公司是新聞集團(News Corp.)的子公司。
- International Internet capacity: New data flows highlight the relative decline of the West
SIOBHAN GORMAN / DEVLIN BARRETT / DANNY YADRON