Hacks against media outlets part of broader Chinese cyber campaign

The cyber attacks by Chinese hackers against the New York Times and Wall Street Journal, and possibly Bloomberg, are just the latest episode in a long-term effort by China against the West, says one cyber security expert whose firm was hired to defend the Times networks from the attackers. While the hacks against the Times ...

Wikimedia Commons
Wikimedia Commons
Wikimedia Commons

The cyber attacks by Chinese hackers against the New York Times and Wall Street Journal, and possibly Bloomberg, are just the latest episode in a long-term effort by China against the West, says one cyber security expert whose firm was hired to defend the Times networks from the attackers.

While the hacks against the Times and Journal are considered pretty low-key cyber crimes (since they didn't steal money, property, or destroy the newpapers' networks) in the United States, China may view them as part of an almost military-style campaign to secure its rise a major world power, according to Richard Bejtlich, chief security officer at Mandiant, the IT security company hired by the Times to respond to the attacks,.

"I tend to [view] war from the perspective of the East; war is an ongoing condition that involves social, political, economic [efforts], it's not strictly troops on a field," Bejtlich told Killer Apps.  "So from that perspective, [the hacks are] part of the global cyber war that the East is waging more or less against the West."

The cyber attacks by Chinese hackers against the New York Times and Wall Street Journal, and possibly Bloomberg, are just the latest episode in a long-term effort by China against the West, says one cyber security expert whose firm was hired to defend the Times networks from the attackers.

While the hacks against the Times and Journal are considered pretty low-key cyber crimes (since they didn’t steal money, property, or destroy the newpapers’ networks) in the United States, China may view them as part of an almost military-style campaign to secure its rise a major world power, according to Richard Bejtlich, chief security officer at Mandiant, the IT security company hired by the Times to respond to the attacks,.

"I tend to [view] war from the perspective of the East; war is an ongoing condition that involves social, political, economic [efforts], it’s not strictly troops on a field," Bejtlich told Killer Apps.  "So from that perspective, [the hacks are] part of the global cyber war that the East is waging more or less against the West."

The attacks against the newspapers are the latest in a long list of cyber espionage attacks against U.S. targets — ranging from defense contractors working on the F-35 Joint Strike Fighter program to the White House and even Washington think tanks.

"There’s been no slowdown" in the onslaught of cyber attacks emanating from China, despite the ever increasing amount of attention Chinese hackers have been getting in the press, said Bejtlich.

The attacks are aimed at getting intelligence that may help Chinese leaders gain insight about their U.S. counterparts decision-making, learn military secrets, and steal intellectual property than can help Chinese businesses produce military and civilian technology that is on par with products made in the West.

"Almost universally, we don’t see these type of actors seeking to do destructive activities," said Bejtlich. "Though with the level of access that they have, it wouldn’t be a problem, it’s just not one of their goals."

The spear phishing attacks against the newspapers were "not that sophisticated," he added. "This wasn’t the best stuff we’d ever seen, for sure."

In the case of the news outlets, Chinese officials appear to want to learn what stories are being written about them before they are published. This gives China’s propaganda machine a head start in pushing out a pro-China narrative, according to Bejtlich. It’s an approach that has backfired, in this case, making China look worse. "This was a bad day for them," said Bejtlich.

"This was reconnaissance, espionage — this was not a disruption attempt," said Bejtlich. "They wanted to know what [the newspapers] were going to report and who their sources were."

In the Times‘ case, the hackers were looking for information that reporters gathered from public documents in China for a story on the wealth of China’s premier, Wen Jiabao.

"The sources were very important. The Chinese were operating from a position of, ‘who is feeding you information about the Wen family so that we can handle those people,’" added Bejtlich. "They were basically leak obsessed."

The Times and Journal are not the only major media outlets that have been targeted by Chinese hackers, according to Bejtlich. He put the number at "not quite double digits but close."

John Reed is a national security reporter for Foreign Policy. He comes to FP after editing Military.com’s publication Defense Tech and working as the associate editor of DoDBuzz. Between 2007 and 2010, he covered major trends in military aviation and the defense industry around the world for Defense News and Inside the Air Force. Before moving to Washington in August 2007, Reed worked in corporate sales and business development for a Swedish IT firm, The Meltwater Group in Mountain View CA, and Philadelphia, PA. Prior to that, he worked as a reporter at the Tracy Press and the Scotts Valley Press-Banner newspapers in California. His first story as a professional reporter involved chasing escaped emus around California’s central valley with Mexican cowboys armed with lassos and local police armed with shotguns. Luckily for the giant birds, the cowboys caught them first and the emus were ok. A New England native, Reed graduated from the University of New Hampshire with a dual degree in international affairs and history.

More from Foreign Policy

A Panzerhaubitze 2000 tank howitzer fires during a mission in Ukraine’s Donetsk region.
A Panzerhaubitze 2000 tank howitzer fires during a mission in Ukraine’s Donetsk region.

Lessons for the Next War

Twelve experts weigh in on how to prevent, deter, and—if necessary—fight the next conflict.

An illustration showing a torn Russian flag and Russian President Vladimir Putin.
An illustration showing a torn Russian flag and Russian President Vladimir Putin.

It’s High Time to Prepare for Russia’s Collapse

Not planning for the possibility of disintegration betrays a dangerous lack of imagination.

An unexploded tail section of a cluster bomb is seen in Ukraine.
An unexploded tail section of a cluster bomb is seen in Ukraine.

Turkey Is Sending Cold War-Era Cluster Bombs to Ukraine

The artillery-fired cluster munitions could be lethal to Russian troops—and Ukrainian civilians.

A joint session of Congress meets to count the Electoral College vote from the 2008 presidential election the House Chamber in the U.S. Capitol  January 8, 2009 in Washington.
A joint session of Congress meets to count the Electoral College vote from the 2008 presidential election the House Chamber in the U.S. Capitol January 8, 2009 in Washington.

Congrats, You’re a Member of Congress. Now Listen Up.

Some brief foreign-policy advice for the newest members of the U.S. legislature.