The New York Times reports that its internal network was attacked by Chinese hackers over the last four months. The e-mail accounts of several reporters who worked on a story critical of the family of Chinese prime minister Wen Jiabao were infiltrated, and the passwords of every single New York Times employee were stolen. However, there is no evidence that information about sources for the stories on the Wen family was obtained, Times Executive Editor Jill Abramson said.
The Times also reports that no customer data was stolen. Security experts from Mandiant were brought in to deal with the breach and have told the media company that the attack was consistent with others undertaken by hackers associated with the Chinese military against government contractors and other media companies.
The New York Times had been on guard against cyber attacks after the Chinese government told them there would be "consequences" for reporting on the Wen family. But while the company was informed by AT&T of suspicious activity over its network connection on October 25—the day the Wen story was published—the attack had begun weeks earlier and appears to have been focused on getting into the e-mail accounts of Times Shanghai Bureau Chief David Barboza and South Asia Bureau Chief Jim Yardley. The attack used 45 different pieces of custom malware code, including remote access tools that gave Chinese hackers the run of the Times' network. "They could have wreaked havoc on our systems, but that was not what they were after,” Chief Information Officer Marc Frons told Times reporter Nicole Perlroth.