N.Y. Times' Transparent Hack ResponseGoing Public about China's Reported Infiltration
No company wants to divulge that it's been hacked by China, and provide details of the breach. That is, no company except The New York Times.
The New York Times on Jan. 30 published a story that for the past four months its computer systems have been systematically hacked, accusing the Chinese government of being behind it. What's unusual about the report is the level of detail a publicly traded company offers about an intrusion most other companies would want to keep secret.
No company wants to come forward and voluntarily say, 'Hey, we were hacked by China. Here's how it happened' ... because they're probably scared what it will do for their stock price or their reputations.
A day later, the Wall Street Journal reported that it had been hacked, also presumably by the Chinese. "It's part of this overall story that the Chinese want to know what the West thinks of them," Richard Bejtlich, chief security officer with the computer-security company Mandiant, told the Wall Street Journal. "What slant is the media going to take on them? Who are their sources?" The Times hired Mandiant to investigate its breach.
The Journal's report did not provide the level of detail on its breach as The Times did on its hack. "What was interesting was that it was my own employer that had been hacked, and we felt that it was very important to come out with this and say this was how easy it is for them to break into any U.S. company, and here's how they're doing it," Nicole Perlroth, who wrote The Times' story, says in an interview with NPR's Morning Edition.
According to The Times, Chinese hackers have persistently attacked computer systems, infiltrating them and getting passwords for its reporters and other employees. After surreptitiously tracking the intruders to study their movements and help erect better defenses to block them, The Times and computer security experts have expelled the attackers and kept them from breaking back in.
The timing of the attacks coincided with the reporting for a Times investigation, published online on Oct. 25, that found that the relatives of China Prime Minister Wen Jiabao had accumulated a fortune worth several billion dollars through business dealings.
The newspaper, citing Mandiant computer security experts, reported the hackers tried to shroud the source of the attacks by first penetrating computers at U.S. universities and routing the attacks through them. The attackers first installed malware that enabled them to gain entry to any computer on The Times' network. The malware was identified by computer security experts as a specific strain associated with computer attacks originating in China.
Security experts found evidence that the hackers stole the corporate passwords for every Times employee and used those to gain access to the personal computers of 53 employees, most of them outside The Times' newsroom, according to the newspaper. Experts found no evidence that the intruders used the passwords to seek information that was not related to the reporting on the Wen family. The Times said no customer data was stolen.
Perlroth says that since she began to cover cybersecurity a year ago, other companies have acknowledged that their computers have been targeted by China. "Lockheed Martin says it's regularly targeted; Northrop Grumman says it's attacked on a daily basis," she says. "Of course, no company wants to come forward and voluntarily say, 'Hey, we were hacked by China. Here's how it happened. Here's how it took. Because they're probably scared what it will do for their stock price or their reputations.'"
The Times has demonstrated similar courage in the past on a number of occasions, not always for its own fiscal benefit, but to inform the public about matters that need to be brought to light. Obviously, not all details about a breach should be revealed, but providing as much transparency on such incidents as possible will help us better respond to the dangers and challenges we face cyberspace.