One day after The New York Times announced it had been attacked by Chinese hackers, other media outlets have come forward to say they too were attacked. The Wall Street Journal, Bloomberg and Reuters have all been named as additional targets of cyberattacks that appear to have originated in China.
The Wall Street Journal’s Siobhan Gorman, Devlin Barrett and Danny Yadron reported, “Chinese hackers believed to have government links have been conducting wide-ranging electronic surveillance of media companies including The Wall Street Journal, apparently to spy on reporters covering China and other issues, people familiar with the incidents said. Journal publisher Dow Jones & Co. said Thursday that the paper’s computer systems had been infiltrated by Chinese hackers, apparently to monitor its China coverage.” They added, “Bloomberg LP on Thursday said attempts had been made to infiltrate its systems but that its security wasn’t breached. A spokeswoman for Thomson Reuters PLC said its Reuters news service was hacked twice in August. She said Reuters couldn’t confirm the hacking source.”
Robert Lemos with eWeek noted, “Hackers have frequently targeted media companies. A decade ago, hacktivists in China and the U.S. defaced the Website of the Cable News Network (CNN), angered over a U.S. spy plane that collided with a Chinese fighter jet. In 2011, hackers affiliated with Anonymous stole user and credit card information from global intelligence firm Stratfor. However, going after sources is a fairly new development. Chinese hackers appear to have targeted stolen emails, contacts and files from more than 30 journalists and executives at Western news organizations, according to a Mandiant report cited by The Times.”
CNN quoted Thomas Parenty, a former employee of the U.S. National Security Agency, who said, “To do a spear-phishing attack of this kind is a well-established move in attacks against Google and various U.S. defense contractors from China.” He added, “You could say the tools are sort of stock-in-trade” for Chinese hackers.
The Guardian’s Charles Arthur commented, “Is there an answer? Unfortunately, no. All you can say is that the more visible the hacker, the less – generally – you have to worry about. Being hacked by Anonymous and having company data (usually usernames and hashed passwords) sprayed around the web is uncomfortable, but it won’t usually destroy your business. The risk from state hackers is far greater – because they can effectively be standing over your shoulder (or under your keyboard), watching everything without you having the least idea it’s happening.”