On October 25, 2012, the New York Times
the results of an investigation into the vast wealth accumulated by Prime Minister Wen Jiabao’s family.
A short time later, AT&T
(NYSE:T) notified the paper
that it “had noticed behavior that was consistent with other attacks believed to have been perpetrated by the Chinese military.”
That behavior lasted for the next four months. A forensic analysis discovered the Times’
computers had been initially hacked on September 13, when the reporting for the Wen articles “was nearing completion.” Hackers infiltrated the e-mail account of the Times’
Shanghai bureau chief David Barboza, who wrote the reports on Wen’s relatives, as well as that of former Beijing bureau chief Jim Yardley. They also stole the corporate passwords for every Times
employee and used them to break into more than 50 staffers’ personal computers -- seeking, according to the Times,
“the names of people who might have provided information to Mr. Barboza.”
Confronted with the evidence, Chinese Foreign Ministry spokesman Hong Lei vigorously refuted the claims at a daily news briefing in Beijing.
“The competent Chinese authorities have already issued a clear response to the groundless accusations made by the New York Times,
” Hong said. “Reaching such conclusions for no reason with uncertain evidence and no proof and saying that China participates in relevant online attacks is totally irresponsible.”
China’s Defense Ministry also protested loudly, telling AFP in a statement
that “accusing the Chinese military of launching attacks through the Web without irrefutable proof is unprofessional and baseless.”
However, as Jarrett Kolthoff
, a former US counterintelligence agent and current president and CEO of cyber counterintelligence
firm SpearTip, explained to me, threats “directed at US firms by the Chinese are very systematic and often mimic a traditional workday.”
And that’s exactly what happened in the Times
Investigators found that the attacks usually began at 8 a.m., Beijing time, and ended at 5 p.m. And Mandiant, a private security concern hired by the Times
after the hacking began, found that the intrusions “closely matched” the patterns of earlier attacks traced to China.
A 2012 study from Akamai Technologies
(NASDAQ:AKAM) claimed that 16% of Internet "attack traffic" originates in China, “more than any other country in the world.”
And, as former Vice Chairman of the US Joint Chiefs of Staff James Cartwright testified last year, "[T]he clear paths back into servers and other mechanical devices inside of the Chinese sovereign domain remain a constant problem for us."
Dr. Craig Labovitz, co-founder and CEO of DeepField Networks
(and a former Microsoft research scientist) says, “[T]his is not hype.”
“There are real issues here,” he tells me. “Large sections of the North American Internet are scanned multiple times a day from boxes overseas. Usually, the scanning is a handful of packets (i.e., negligible traffic) looking for commonly exploitable services.”
In some networks where DeepField is deployed, “every single possible host is scanned every day,” Labovitz says. “This is tens of millions of individual users/devices.” However, he points out that “there has always been scanning on the Internet.”
“What is different today,” he continues, “is the industrial-level scale of the scanning activities.”
Some of the best-known companies in America have been affected by Chinese hacking.
“Deliberate targeting” by Chinese hackers in 2009 “totally compromised” six to eight subcontractors working on the F-35 Joint Strike Fighter program, according to Lockheed Martin
(NYSE:LMT) officials. The program’s three prime contractors -- Lockheed Martin, Northrop Grumman
(NYSE:NOC), and BAE Systems
(LON:BA) -- were “repeatedly” targeted by hackers identified by reports as Chinese. And this past October, Cisco
(NASDAQ:CSCO) released excerpts from a confidential report regarding patent infringement by Huawei
(SHE:002502), a Chinese competitor. One reads, “The exactness of the comments and spacing [in an evaluated Huawei product] not only indicate that Huawei has access to the Cisco code but that the Cisco code was electronically copied and inserted.”
Deny, Deny, Deny
In 2011, hundreds of Gmail passwords were stolen and used to access the private e-mail accounts of, per the official Google
(NASDAQ:GOOG) blog, "senior US government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists."
Google’s security team determined the attacks originated in Jilin, China -- a city the Seattle Post-Intelligencer pointed out
is "home to [the] site of the country's version of the National Security Agency as well as a top military vocational academy whose computers were linked to a serious attack last year on the computer systems of major American companies, including Google."
At the time, China’s state-run Xinhua news service hit back with a rebuttal
titled: “Google’s Groundless Accuses Hurt Global Trust on Internet.”
“It is a real pity that Google's baseless complaints have distress mutual trust and the efforts to establish new global governance in cyberspace, letting real online criminals obtain illegal profits without being punished,” the editorial concluded.
So, will the hackers behind the Times
attacks -- whoever they may be -- face punishment of their own? Foreign Ministry spokesman Hong Lei certainly seems to hope so.
“China is also a victim of hacking attacks,” he said. “Chinese laws clearly forbid hacking attacks, and we hope relevant parties takes [sic] a responsible attitude on this issue.”
Follow Justin Rohrlich on Twitter: @chickenalaking
No positions in stocks mentioned.
The information on this website solely reflects the analysis of or opinion about the performance of securities and financial markets by the writers whose articles appear on the site. The views expressed by the writers are not necessarily the views of Minyanville Media, Inc. or members of its management. Nothing contained on the website is intended to constitute a recommendation or advice addressed to an individual investor or category of investors to purchase, sell or hold any security, or to take any action with respect to the prospective movement of the securities markets or to solicit the purchase or sale of any security. Any investment decisions must be made by the reader either individually or in consultation with his or her investment professional. Minyanville writers and staff may trade or hold positions in securities that are discussed in articles appearing on the website. Writers of articles are required to disclose whether they have a position in any stock or fund discussed in an article, but are not permitted to disclose the size or direction of the position. Nothing on this website is intended to solicit business of any kind for a writer's business or fund. Minyanville management and staff as well as contributing writers will not respond to emails or other communications requesting investment advice.
Copyright 2011 Minyanville Media, Inc. All Rights Reserved.