- Under attack (Image: Bloomberg via Getty)
- dn23135-1_300[1].jpg (18.63 KiB) Viewed 1944 times
The New York Times cited the type of malware and techniques used as evidence of China's involvement. During the attack, which lasted more than four months, hackers stole the corporate passwords for every employee at the paper. These were then used to get onto the personal computers of 53 employees. The hacking took place while the newspaper was investigating China's premier Wen Jiabao and the billions of dollars that his relatives have amassed. China has denied any involvement in the hacking.
Mandiant, a security firm in Alexandria, Virginia, was hired by the paper to investigate and found that the hackers sent their attacks through a number of US universities to hide the source. The paper said this pattern matched an attack on Gmail that was eventually traced back to two educational institutions in China, one with alleged ties to the Chinese military, although they denied any involvement in the attacks at the time.
And don't be so fast to accuse, says Jeffrey Carr, CEO of digital security consultancy Taia Global. "The Times made no distinction between state and non-state. You can't rule China out, but you could have Chinese hackers operating outside of any official activity," he says.
Carr points out that the entire body of evidence is shaky, and says he wants to see standards of proof for online crimes that have been agreed by the whole information security industry.
"This is important. US senators and congressmen are not equipped to do any thinking about cybersecurity – it's all prejudice and knee jerk. They read a headline in the New York Times and they make policy. That's horrible."
Twitter also came under attack last week, when 250,000 usernames and passwords were stolen. The company named no names, but referred to an "extremely sophisticated" attack, adding that "other companies and organisations have also been recently similarly attacked".