Chinese hackers, possibly using phishing software, reportedly broke into the New York Times’s computer network four months ago and installed malware that enabled them to access the personal computers of 53 employees. All indications are that the attack is a response to the paper’s investigation, led by Shanghai bureau chief David Barboza, into premier Wen Jiabao’s family fortunes. The NY Times says its computers were compromised as far back as September 13, just as they were wrapping up reporting for the Wen piece, which was published on October 25.
The concern here should not be for the New York Times, which had nothing stolen and no one harmed (and whose employees, frankly, should know better than to get phished). Near the middle of the NY Times’s four-page article, this:
What they appeared to be looking for were the names of people who might have provided information to Mr. Barboza.
Like a vindictive gangster, they were after informants. Chinese agents were after Chinese sources who could then be punished, since — like cops — the NY Times’s reporters are off limits. What we have is a high-level government equivalent of the street code “snitches get stitches.” Does anyone still wonder why journalists here are so rarely privy to leaked information from inside Zhongnanhai, China’s central government compound?
Thankfully, it appears that the New York Times used no anonymous sources for their Wen story:
Mr. Barboza’s research on the stories, as reported previously in The Times, was based on public records, including thousands of corporate documents through China’s State Administration for Industry and Commerce. Those documents — which are available to lawyers and consulting firms for a nominal fee — were used to trace the business interests of relatives of Mr. Wen.
But this case vividly illustrates the difficulty of doing investigative reporting here. Journalists, like beat-level cops in American urban areas, seem woefully ill-equipped to protect their sources, who bear too much risk.
Also, this bit can’t be very comforting:
“They could have wreaked havoc on our systems,” said Marc Frons, the Times’s chief information officer. “But that was not what they were after.”
The attack came after the government issued ominous warnings:
After The Times learned of warnings from Chinese government officials that its investigation of the wealth of Mr. Wen’s relatives would “have consequences”…
Consequences. Think Bobby Baccalieri of The Sopranos walking into a bar, taking two shots of Wild Turkey, and pointing to his head to indicate where a bullet goes.
You can’t accuse the Chinese of not knowing gamesmanship, a bit of tit for tat — you investigate our leader, we’ll spy on yours. You hurt his family, we’ll hurt yours.
The glaring difference, of course, is Wen Jiabao is one of the most powerful people in a country of 1.4 billion. Someone should probably hold him accountable, right? You disagree, Central Politburo?
For the record, China denies it hacked the New York Times.
Asked about evidence that indicated the hacking originated in China, and possibly with the military, China’s Ministry of National Defense said, “Chinese laws prohibit any action including hacking that damages Internet security.” It added that “to accuse the Chinese military of launching cyberattacks without solid proof is unprofessional and baseless.”