'New York Times' Accuses China Of Being Behind Hacking
RENEE MONTAGNE, HOST:
In the past two days on this program, we've looked into how the Chinese government uses modern technology to monitor its population, to a point where it could be called a surveillance state. Now there's some evidence that surveillance extends well beyond China's borders. The New York Times says that for the past four months, its computer system has been systematically hacked, and it is accusing the Chinese government of being behind it. The New York Times says the hacking was tied into the paper's investigation into how the family of Chinese Prime Minister Wen Jiabao accumulated billions of dollars in business deals. Nicole Perlroth reports on cyber-security for the New York Times, including on this particular story, and she joined on the line. Good morning.
NICOLE PERLROTH: Good morning.
MONTAGNE: So when did the Times and how did the Times realize it was being hacked?
PERLROTH: Sure. So, leading up to the publication of that story, our security team actually asked AT&T - which monitors our network - to look out for some unusual activity. And on October 25th, the same day we published, we heard back from them that they had seen behavior on our network consistent with other attacks they had seen perpetrated by the Chinese military.
MONTAGNE: Well, what was the hacker's goal?
PERLROTH: It was very clear from the start that they were after David Barbosa's email correspondence. David was the Shanghai bureau chief who wrote the investigation into Mr. Wen's relatives. And his sources for the story, ironically enough, were actually publically available documents. There wasn't anyone that actually came and dumped a bunch of documents on his lawn or anything that the Chinese government would have found in his email account that would have been helpful. But it was very clear from the beginning that they were after David's email correspondence.
MONTAGNE: So, in a sense, you might say they didn't get much, because there wasn't much for them to get.
PERLROTH: That's correct.
MONTAGNE: Now, aside from the fact that you're saying those who were targeted were your China journalists, what is the evidence that these attackers come from China, have anything to do with China itself or are connected to the Chinese government?
PERLROTH: Sure. So, the malware that they had used was previously seen in hundreds of other attacks. And the command and control centers they used were known to have been used by the Chinese military in previous attacks.
MONTAGNE: What has China said about these accusations?
PERLROTH: They've denied them. They said, you know, we have laws in place that prevent this from happening, and to accuse the Chinese military is - I think the quote was, quote-unquote, "unprofessional."
MONTAGNE: Nicole Perlroth, you report on cyber-security for the New York Times, and you knew that this hacking was going on.
PERLROTH: Yes. It's an interesting spot to be in, to be covering this, and I'll tell you why. You know, since I started covering cyber-security, there are a number of companies that have come out in the last year that I've been on this beat that have accused China of breaking into their systems. So Lockheed Martin says it's regularly targeted. Northrop Grumman says it's attacked on a daily basis. And, of course, no company wants to come forward and voluntarily say, hey, we were hacked by China. Here's how it happened. Here's how it took. Because they're probably scared what it will do for their stock price or their reputations. And in this case, you know, what was interesting that it was my own employer that had been hacked. And we felt that it was very important to come out with this and say this was how easy it is for them to break into any U.S. company, and here's how they're doing it.
MONTAGNE: Nicole Perlroth reports in cyber-security for the New York Times. She was speaking to us from San Francisco. Thanks very much.
PERLROTH: Thanks, Renee.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.