Posted on 01 Feb 2013 by Neilson
Chinese hackers have been conducting wide-ranging electronic surveillance of media companies including The Wall Street Journal in an apparent effort to spy on reporters covering China and other issues, people familiar with incidents said.
Journal publisher Dow Jones & Co. said Thursday that the paper's computer systems had been infiltrated by Chinese hackers for the apparent purpose of monitoring its China coverage. New York Times Co. disclosed Wednesday night that its flagship newspaper also had been the victim of cyberspying.
Chinese hackers for years have targeted major U.S. media companies with hacking that has penetrated deep inside some newsgathering systems, several people familiar with the response to the cyberattacks said.
Tapping the computers of reporters at major outlets could allow the Chinese government to identify sources on articles as well as information about pending stories.
Chinese Embassy spokesman Geng Shuang condemned allegations of Chinese cyberspying. "It is irresponsible to make such an allegation without solid proof and evidence," he said. "The Chinese government prohibits cyberattacks and has done what it can to combat such activities in accordance with Chinese laws." He said China has been a victim of cyberattacks but didn't say from where.
The U.S. Federal Bureau of Investigation has been probing such media incidents for more than a year and considers the hacking a national-security matter. Investigators see it as part of a long-running pattern by a foreign entity to compromise the security of major U.S. companies, people familiar with the matter said.
Some evidence gathered in the probe suggested that the hacking was done by a single group that focused specifically on media companies, according to people familiar with the matter.
One person described the hacking as a swarm of relatively unsophisticated but persistent attempts to gain access.
"It's part of this overall story that the Chinese want to know what the West thinks of them," said Richard Bejtlich, chief security officer with the computer-security company Mandiant Corp., which was hired by the New York Times to investigate its breach. "What slant is the media going to take on them? Who are their sources?"
Mandiant, which is frequently retained by companies to respond to cyberinfiltrations, has seen roughly 30 reporters and their managers targeted in different incidents dating back to 2008.
Bloomberg LP on Thursday acknowledged, without providing details, that attempts had been made to infiltrate its systems but said its security wasn't breached. A spokeswoman for Thomson Reuters PLC said that its Reuters news service was hacked twice in August on its blogging platform. She said Reuters couldn't confirm the hacking source.
Computer-security firms that track Chinese cyberspying groups say that one of the roughly 20 groups they know about appears to specialize in the media industry.
"We know there are campaigns that are launched by specific groups targeting specific sectors," said Shawn Henry, president of CrowdStrike Inc., a computer-security firm, and a former FBI cyberspace specialist. "When governments are actively collecting intelligence, they have developed subject-matter experts in particular industries."
The U.S. government has grown increasingly concerned about Chinese spying on the government and U.S. corporations, prompting U.S. intelligence agencies to issue a report a year ago calling Chinese hackers from the government and private sector the world's most "active and persistent" perpetrators of industrial spying.
Google Inc. and EMC Corp. computer-security unit RSA, among others, have said that their systems have been infiltrated. People familiar with those breaches said they were connected to the Chinese government.
The intelligence report discussed the extensive theft of data from global energy companies and proprietary data such as client lists and acquisition plans at other companies.
Cyberspecialists said the goals of hacking can include industrial espionage, insider trading and tracking potentially damaging information.
"The Communist Party really fears information and they can see their control unraveling as people read about corruption and officials with huge bank portfolios," said James Lewis, who advises lawmakers and the White House on cybersecurity issues. "Information is an existential threat to these regimes."
The New York Times in an article Thursday detailed how Chinese hackers had infiltrated its systems over the past four months and gained access to passwords belonging to reporters and other employees. The paper said it believed it had expelled the hackers from its system.
It is rare for companies to acknowledge hacking incidents because they fear that could hurt customer confidence and profits, corporate executives have said.
The Journal has faced hacking threats from China on and off during the past few years, said several people familiar with the Journal investigation.
In the most recent incident, the Journal was notified by the FBI of a potential breach in the middle of last year, when the FBI came across data that apparently had come from the computer network in the Journal's Beijing bureau, people familiar with the incident said.
The Journal hired consultants to investigate the matter and uncovered a major breach in which hacking groups-it wasn't clear whether they were working together-entered the company's networks, in part through computers belonging to business staff in the Beijing office, and from there infiltrated the global computer system, people familiar with the situation said.
Among the targets were a handful of reporters and editors in the Beijing bureau, including Jeremy Page, who wrote articles about the murder of British businessman Neil Heywood in a scandal that helped to bring down Chinese politician Bo Xilai, and Beijing Bureau Chief Andrew Browne, people familiar with the matter said.
The Journal began an investigation to track the cyberspies. The probe watched where the hackers went within the Journal's computer networks, what information they were interested in and how deeply they had penetrated.
A number of computers were totally controlled by outside hackers, who had broad access across the Journal's computer networks, people familiar with the matter said.
The investigation couldn't determine the full extent of the information that was spied on by the hackers, they said. The company's computer specialists wiped clean several hard drives in Beijing last year.
The Journal in recent weeks has been preparing measures to bolster security through the company's networks. This effort culminated this week with a companywide requirement to change passwords.
"Evidence shows that infiltration efforts target the monitoring of the Journal's coverage of China and are not an attempt to gain commercial advantage or to misappropriate customer information," Paula Keve, a spokeswoman for Journal publisher Dow Jones, said in a written statement Thursday. Dow Jones is a unit of News Corp.
Data security is an "ongoing issue," Ms. Keve said. "We continue to work closely with the authorities and outside security specialists, taking extensive measures to protect our customers, employees, journalists and sources."
Her statement said that the Journal on Thursday completed a network overhaul to bolster security.