Wall Street Journal: Chinese hacked us, too
NEW YORK The Wall Street Journal says its computer systems have been infiltrated by Chinese hackers who were trying to monitor the newspaper's coverage of China.
A spokeswoman for Dow Jones & Co., the newspaper's publisher, says the Journal completed a network overhaul to bolster security on Thursday.
The New York Times reported on Thursday that Chinese hackers repeatedly penetrated its computer systems and stole reporters' passwords. The Times said the hackers were hunting for files on an investigation into wealth amassed by the family of a top Chinese leader.
The Journal didn't address how the hacking of its systems occurred, but it said it has faced such threats from China in recent years. It says the hacking was not an attempt to "gain commercial advantage or to misappropriate customer information."
In the case of The Times, security experts hired to investigate and plug the breach found that the attacks used tactics similar to ones used in previous hacking incidents traced to China, according to the paper. It said the hackers routed the attacks through computers at U.S. universities, installed a strain of malicious software, or malware, associated with Chinese hackers and initiated the attacks from Chinese university computers previously used by the Chinese military to attack U.S. military contractors.
The attacks, which began in mid-September, coincided with a Times investigation into how the relatives and family of Premier Wen Jiabao built a fortune worth over $2 billion. The report, which was posted online Oct. 25, embarrassed the Communist Party leadership, coming ahead of a fraught transition to new leaders and exposing deep-seated favoritism at a time when many Chinese are upset about a wealth gap.
Over the months of cyber-incursions, the hackers eventually lifted the computer passwords of all Times employees and used them to get into the personal computers of 53 employees.
The report said none of the Times' customer data was compromised and that information about the investigation into the Wen family remained protected, though it left unclear what data or communications the infiltrators accessed.
"Computer security experts found no evidence that sensitive emails or files from the reporting of our articles about the Wen family were accessed, downloaded or copied," the report quoted executive editor Jill Abramson as saying. A Times spokeswoman declined to comment further.
The Chinese foreign and defense ministries called the Times' allegations baseless, and the Defense Ministry denied any involvement by the military.
"Chinese law forbids hacking and any other actions that damage Internet security," the Defense Ministry said in a statement. "The Chinese military has never supported any hacking activities. Cyber-attacks are characterized by being cross-national and anonymous. To accuse the Chinese military of launching cyber-attacks without firm evidence is not professional and also groundless."
China has been accused by the U.S., other foreign governments and computer security experts of mounting a widespread, aggressive cyber-spying campaign for several years, trying to steal classified information and corporate secrets and to intimidate critics. Foreign reporters and news media, including The Associated Press, have been among the targets of attacks intended to uncover the identities of sources for news stories and to stifle critical reports about the Chinese government.
"Attacks on journalists based in China are increasingly aggressive, disruptive and sophisticated," said Greg Walton, a cyber-security researcher who has tracked Chinese hacking campaigns. China's cyber-spying efforts have excelled in part because of the government's "willingness to ignore international norms relating to civil society and media organizations," he said.
The Times reported that executives became concerned just before the publication of the Wen investigation after learning that Chinese officials had warned of unspecified consequences. Soon after the Oct. 25 publication, AT&T, which monitors the Times' computer networks, notified the company about activity consistent with a hacking attack, the report said.
After months of investigation by the computer security firm Mandiant, experts are still unsure how the hackers initially infiltrated the Times' computer systems, the report said.