China's Alleged Cyberattack on the New York Times

Player utilities

This story is based on a radio interview. Listen to the full interview.

Audio Transcript:

Marco Werman: I'm Marco Werman and this is "The World", a co-production of the BBC World Service, PRI, and WGBH in Boston. Cyber security is something of an oxymoron and it's frightening when you realize just how vulnerable we all are. The story about alleged Chinese cyber attacks on The New York Times is a case in point. The Times published a front page story today that Chinese hackers repeatedly infiltrated its systems over four months this past fall. It coincided with a Times investigation into the billions of dollars amassed by the family of China's premier, Wen Jiabao. Mikko Hypponen is chief research officer for the cyber security company, F-Secure in Helsinki. So in a nutshell, Mikko, what happened at The New York Times?

Mikko Hypponen: We call these targeted attacks. Sometimes labeled as APT attacks which means Advanced Persistent Threat. And this means, these are attacks which are not trying to hit just anybody. The attack from the very beginning and the motives and the backdoors used in the attack, were created just to target one single target. In this case, The New York Times.

Werman: And it could have been a lot worse, according to The Times Chief information Officer. They could have wreaked havoc, apparently they didn't. What were they after?

Hypponen: They were after information. We believe they were trying to figure out where the information was leaking from China to these journalists. Basically, they were trying to find their contacts. If the attackers would have been interested in money, they could have gone after the credit card information of New York Times subscribers or information like that. Or if they wanted to cause chaos, they could have tried to prevent The New York Times from getting published. But that's what they wanted to do. They wanted to get information.

Werman: Right, and what did they get?

Hypponen: Well, we don't know all the details. It's possible The New York Times doesn't know either. They were in for several months. We know that gained access to every single password of The New York Times' journalists as well as access to home computers of over 50 New York Times' journalists. They had really wide ranging access to critical information.

Werman: Now, China has denied involvement. Why is The New York Times sure it was the Chinese military? Is that going to fit with your research?

Hypponen: Well, they say it's the Chinese and they implicate the Chinese intelligence or Chinese military but they can't really, apparently, prove that. Really, who else would have been interested in a similar way and when the timing fits so well with the news that they published and because we know China has been doing similar attacks in the past. For example, they attacked Google a little over two years ago. So when you add them together it's the most likely attacker.

Werman: So The New York Times and its cyber security company, Mandiant, played it pretty cool and didn't shut down everything immediately. Is that what you would have done?

Hypponen: Yes, that's what we hope to gain. In many cases, where there is a breech, and the target learns that they have been breached, especially the top management typically just wants everybody to be kicked out and get rid of the hackers, and save us. That's not the most beneficial thing to do. If you can isolate them, and if you can monitor what they are trying to do, you can learn a lot. And in many cases if you just blindly try to throw them away, they might have left some back door somewhere that you can't find and then they'll get back in.

Werman: What do you mean by a back door?

Hypponen: Backdoor as in a service riding on some of the servers of the organization which was hit, so that the outsiders can get back in. So basically you believe you know how they got in and you close that hole, but as soon as they got in originally, they created a new hole somewhere else which you might not be aware of.

Werman: How unusual is this kind of attack on a news organization?

Hypponen: News organizations are not the prime target. When we look at similar attacks, which we have been analyzing since almost 2005, so as a phenomenon, targeted attacks are not a new thing. But most of the targets that we see getting hit by attacks like this are typically defense contractors or government entities, politicians, parliaments, embassies. And then also human rights organizations and freedom of speech organizations, especially groups which support different kinds of minorities inside China. And that's once again one of the reasons why China gets blamed for attacks like this.

Werman: Cyber security expert, Mikko Hypponen, thank you very much.

Hypponen: Thank you.