SAN FRANCISCO — For the past four months, Chinese hackers have persistently attacked The New York Times, infiltrating its computer systems and getting passwords for its reporters and other employees.
After surreptitiously tracking the intruders to study their movements and help erect better defenses to block them, The Times and computer-security experts have expelled the attackers and kept them from breaking back in.
The timing of the attacks coincided with the reporting for an investigation, published online Oct. 25, that found that the relatives of Wen Jiabao, China’s prime minister, had accumulated a fortune worth several billion dollars through business dealings.
Security experts hired to detect and block the computer attacks gathered digital evidence that Chinese hackers, using methods that some consultants have associated with the Chinese military in the past, breached The Times’ network. They broke into the email accounts of its Shanghai bureau chief, David Barboza, who wrote the reports on Wen’s relatives, and Jim Yardley, The Times’ South Asia bureau chief in India, who previously worked as bureau chief in Beijing.
- Tourists robbed, beaten downtown ‘afraid to go back’ to Seattle
- Animated map: How the wildfires in North Central Washington have grown over time
- Steve Sarkisian was reimbursed by Washington for hefty alcohol bills
- Seahawks safety Kam Chancellor holdout FAQ
- Why did the Mariners’ season go terribly wrong?
Most Read Stories
“Computer-security experts found no evidence that sensitive emails or files from the reporting of our articles about the Wen family were accessed, downloaded or copied,” said Jill Abramson, executive editor of The Times.
The hackers tried to cloak the source of the attacks on The Times by first penetrating computers at U.S. universities and routing the attacks through them, said computer-security experts at Mandiant, the company hired by The Times.
The attackers first installed malware — malicious software — that enabled them to gain entry to any computer on The Times’ network. The malware was identified by computer-security experts as a specific strain associated with computer attacks originating in China.
More evidence of the source, experts said, is that the attacks started from the same university computers used by the Chinese military to attack U.S. military contractors in the past.
Security experts found evidence that the hackers stole the corporate passwords for every Times employee and used those to gain access to the personal computers of 53 employees, most of them outside The Times’ newsroom. Experts found no evidence that the intruders used the passwords to seek information that was not related to the reporting on the Wen family.
No customer data was stolen from The Times, security experts said.
Asked about evidence that indicated the hacking originated in China, and possibly with the military, China’s Ministry of National Defense said: “Chinese laws prohibit any action including hacking that damages Internet security.”