Hacks against media outlets part of broader Chinese cyber campaign

The cyber attacks by Chinese hackers against the New York Times and Wall Street Journal, and possibly Bloomberg, are just the latest episode in a long-term effort by China against the West, says one cyber security expert whose firm was hired to defend the Times networks from the attackers.

While the hacks against the Times and Journal are considered pretty low-key cyber crimes (since they didn’t steal money, property, or destroy the newpapers’ networks) in the United States, China may view them as part of an almost military-style campaign to secure its rise a major world power, according to Richard Bejtlich, chief security officer at Mandiant, the IT security company hired by the Times to respond to the attacks,.

"I tend to [view] war from the perspective of the East; war is an ongoing condition that involves social, political, economic [efforts], it’s not strictly troops on a field," Bejtlich told Killer Apps.  "So from that perspective, [the hacks are] part of the global cyber war that the East is waging more or less against the West."

The attacks against the newspapers are the latest in a long list of cyber espionage attacks against U.S. targets — ranging from defense contractors working on the F-35 Joint Strike Fighter program to the White House and even Washington think tanks.

"There’s been no slowdown" in the onslaught of cyber attacks emanating from China, despite the ever increasing amount of attention Chinese hackers have been getting in the press, said Bejtlich.

The attacks are aimed at getting intelligence that may help Chinese leaders gain insight about their U.S. counterparts decision-making, learn military secrets, and steal intellectual property than can help Chinese businesses produce military and civilian technology that is on par with products made in the West.

"Almost universally, we don’t see these type of actors seeking to do destructive activities," said Bejtlich. "Though with the level of access that they have, it wouldn’t be a problem, it’s just not one of their goals."

The spear phishing attacks against the newspapers were "not that sophisticated," he added. "This wasn’t the best stuff we’d ever seen, for sure."

In the case of the news outlets, Chinese officials appear to want to learn what stories are being written about them before they are published. This gives China’s propaganda machine a head start in pushing out a pro-China narrative, according to Bejtlich. It’s an approach that has backfired, in this case, making China look worse. "This was a bad day for them," said Bejtlich.

"This was reconnaissance, espionage — this was not a disruption attempt," said Bejtlich. "They wanted to know what [the newspapers] were going to report and who their sources were."

In the Times‘ case, the hackers were looking for information that reporters gathered from public documents in China for a story on the wealth of China’s premier, Wen Jiabao.

"The sources were very important. The Chinese were operating from a position of, ‘who is feeding you information about the Wen family so that we can handle those people,’" added Bejtlich. "They were basically leak obsessed."

The Times and Journal are not the only major media outlets that have been targeted by Chinese hackers, according to Bejtlich. He put the number at "not quite double digits but close."