Wall Street Journal, Washington Post Disclose Chinese Attacks
Chinese airmen during a full-military-honors arrivals ceremony at the ministry of defense in Beijing in July 2000.
CREDIT: Linda D. Kozaryn/U.S. Department of Defense
Following the New York Times' revelation earlier this week of a massive Chinese attack upon its computer systems, a security analyst told TechNewsDaily that disclosing such attacks might become a "badge of honor" among media companies.
The statement by Sean Sullivan of Finnish security firm F-Secure was quickly proved right.
On Thursday afternoon (Jan. 31), less than a day after the Times' story was posted online, its ideological rival the Wall Street Journal revealed that it, too, had been attacked by Chinese hackers.
Yesterday (Feb. 1), the Washington Post, following a scoop by a former staffer, was forced to admit that its networks had been penetrated for years.
The Journal provided fewer details than the Times, but said that "in the most recent incident," hackers had managed to break into computers in the Journal's Beijing bureau in mid-2012.
From there, the Journal said, the intruders were able to access the Journal's worldwide computer network.
"A number of computers were totally controlled by outside hackers," the Journal said.
Brian Krebs, who covered computer security at the Washington Post and now publishes his own Krebs on Security blog, was contacted by a former colleague who had been an information-technology staffer at the newspaper's headquarters.
"We spent the better half of 2012 chasing down compromised PCs and servers. [It] all pointed to being hacked by the Chinese," Krebs' source told him.
"They had the ability to get around to different servers and hide their tracks. They seemed to have the ability to do anything they wanted on the network."
The pattern described by Krebs' source fit those described by the Times and the Journal — an initial break-in to a few machines, followed by an exploration of the entire network and the installation of malware that guaranteed further access.
The Post's own story provided few on-the-record details, other than to confirm the broader outlines of Krebs' story, as Post officials were unwilling to confirm much to their own reporters.
A company spokeswoman denied the assertion by Krebs' source that the newspaper had turned over a server to the National Security Agency for analysis.
The Post's reporters had better luck with an unnamed tech-industry official, who told them, "If every company reported when it was hacked and who it was hacked by, it would be harder [for China] to get away with it."
At least one media outlet seemed to welcome the news of massive Chinese network infiltration.
"The Onion would like to once again affirm our commitment to providing the Chinese government with our employees' passwords and personal information with total and unquestioning cooperation," the satirical newspaper said in a piece posted Thursday.
"The Onion aims to be on the right side of history, and towards that end, China is also welcome to our employees' Social Security numbers, home addresses, and medical and voting histories if ever they would like to see them," it said. "When our Chinese overlords colonize this crumbling land, The Onion will be glad to have been of some modest service."