The Wall Street Journal (WSJ) is the next U.S. media giants after the New York Times (NYT) to admit, it was attacked by Chinese hackers since the NYT ran it’s investigative report on the wealth of Premier Wen Jiabao’s family.
And the Chinese cyberspying saga continues… Frankly, none of this is shocking.
Kudos to them. I hope other companies take notice.
Unsurprisingly… when asked about such a possibility of intelligence-gathering attacks by Chinese hackers, China’s Ministry of National Defense has denied Chinese involvement in cyberspying on U.S. newspapers… “to accuse the Chinese military of launching cyberattacks without solid proof is unprofessional and baseless.”
According to the earlier report, The New York Times (NYT) revealed that Chinese hackers presumably aligned with the military had persistently penetrated its computer systems in the past four months, getting passwords for its reporters and other employees.
Now, The Wall Street Journal says China hacked into its computers too: Paula Keve, Chief Communications Officer, WSJ publisher, Dow Jones & Company, said: “Evidence shows that infiltration efforts target the monitoring of the Journal’s coverage of China and are not an attempt to gain commercial advantage or to misappropriate customer information.”
“Data security is an ongoing issue. We continue to work closely with the authorities and outside security specialists, taking extensive measures to protect our customers, employees, journalists and sources,” Keve said.
WSJ also added Chinese Embassy spokesman Geng Shuang condemned allegations of Chinese cyberspying. Shuang told WSJ “It is irresponsible to make such an allegation without solid proof and evidence.”
“The Chinese government prohibits cyberattacks and has done what it can to combat such activities in accordance with Chinese laws. China has been a victim of cyberattacks.”
Mandiant Corp., a cyber security firm brought into the case by the Times, said it has evidences of Chinese hackers stealing emails, contacts and files from 30 journalists and executives.
“China’s… tactics –establish red lines, punish those who cross them, maybe make an example of someone,” vs Chinese or foreigners.
— Richard Bejtlich (@taosecurity) February 1, 2013
You can follow Richard Bejtlich on twitter @aosecurity
Richard Bejtlich, chief security officer of Alexandria, Va.-based Mandiant, says the firm has identified the group internally as APT-12 (APT stands for Advanced Persistent Threat). “The very big picture is the Chinese government conducts state activities that are not the same as the West,” he tells The Daily Beast. “They’re going after things we don’t.”
In the West, he explains, attacks are aimed at military facilities and intelligence communities. But Chinese hackers go after civilian targets, such as media organizations, banks, defense contractors, and law firms (if a particular company is too difficult to break into, Bejtlich says, “they go to [their] law firm or a supplier” for information). One reason for this difference in perspective: in China, these groups are state-owned, unlike in the West.
Secretary of State Hillary Rodham Clinton said in an interview: “We have to begin making it clear to the Chinese – they’re not the only people hacking us or attempting to hack us – that the United States is going to have to take action to protect not only our government’s, but our private sector, from this kind of illegal intrusions. There’s a lot that we are working on that will be deployed in the event that we don’t get some kind of international effort under way,” she said.
“Obviously this can become a very unwelcome and even dangerous tit-for-tat that could be a crescendo of consequences, here at home and around the world, that no one wants to see happen,” she added.