Allegations that Chinese hackers infiltrated the computers of two leading U.S. newspapers add to a growing number of cyber attacks on Western companies, governments and foreign-based dissidents that are believed to originate in China, experts say.
According to one recent report, one in every three observed computer attacks in the third quarter of 2012 emanated from China.
Chinese officials have denied that Beijing has supported any cyber attacks, stressing that hacking is illegal in the country.
The New York Times reported Wednesday it had been the target of four months of cyber assaults, which started during an investigation by the newspaper into the wealth reportedly accumulated by relatives of the Chinese premier, Wen Jiabao. The Wall Street Journal said Thursday that its computer systems also had been infiltrated by Chinese hackers.
Cyber security experts say the alleged attack on The New York Times appeared to be similar to previously reported attacks that were linked to China.
"To do a spear-phishing attack of this kind is a well-established move in attacks against Google and various U.S. defense contractors from China," said Thomas Parenty, a former employee of the U.S. National Security Agency who now advises foreign firms in China on computer security.
"You could say the tools are sort of stock-in-trade" for Chinese hackers, he said.
"Spear-phishing" is a technique of disguising an email so that it appears to be from a trusted source, luring the victim to open an attachment or link that unleashes malicious software on the computer.
Investigators for The Times say they suspect the technique was used by the hackers to break into the newspaper's system where they were able collect passwords of every Times employee and gain access to the personal computers of 53 employees.
Security experts who helped the newspaper to counter the attacks accumulated evidence that the hackers used methods "associated with the Chinese military in the past" to breach the network, The Times said.
Chinese denials
Asked about The Times's allegations on Thursday, a spokesman for the Chinese Foreign Ministry said that "all such alleged attacks are groundless, irresponsible accusations lacking solid proof or reliable research results." China has been the victim of cyberattacks and "has laws and regulations prohibiting such actions," the spokesman, Hong Lei, said at a regular news briefing.
A separate statement from the Chinese Ministry of National Defense said the country's military "has never supported any hacker activities."
But data reported by Western companies suggest that even though Chinese authorities say they prohibit hacking, they are struggling to keep it under control.
One-third of all observed computer attacks from July through September last year came from China, according to a report last month from Akamai Technologies, an Internet services company.
The United States was a distant second, originating 13% of observed attacks, followed by Russia with 4.7%.
"China has been consistently responsible for the largest percentage of observed attacks since (the fourth quarter of) 2011," the report said.
The most recent report shows a dramatic upswing in incidents from the Asian country. In the second quarter, 16% of observed cyber attacks came from China, the company said.
The executive summary of the report didn't specify from which groups or individuals in China the attacks might have come.
Google had a very public spat with the Chinese government in 2010 after it claimed China had led a hacking attack against Google, other technology companies, defense corporations and Chinese dissidents.
Comments
The views expressed are not those of this company or its affiliated companies. Please note by clicking on "Post" you acknowledge that you have read the Terms of Service and the comment you are posting is in compliance with such terms.