In response, he said, the FBI met last year with security experts at some of New York's largest firms to help them beef up security.
The threat extends to any organization in which information that is worth money is stored on computers -- "which is just about every organization and every business," he said.
Prosecutions for hacking are rare and almost impossible to win when an attack is launched from outside the United States, a fact that the hackers exploit, he said. "It's just as easy to hack into an American computer from China as it is from Washington, D.C., given that there are no boundaries in cyberspace."
One reason companies can get into trouble is because employees are often easy to victimize, said Hemu Nigam, an Internet security analyst and founder and CEO of SSP Blue, which advises companies on Internet security.
"Your security is as good as your weakest link in the company," said Nigam, who is a former chief security officer of News Corp.
All that's necessary to introduce malware into a company's computer system is for an employee to "click on something that sounds exciting," he said.
From a security perspective, companies tend to be good at blocking access to their computers through the main entryway, but they tend to do less well blocking other entries, Nigam said. "Take a house -- you bolt the front door; somebody breaks in the back door; then they can go into every room of your house. Companies have to think about closing all the doors around the house and also put a bolt on every door in the house."
Finding vulnerabilities is not hard for experts, he said. "Every single client we've had, we have successfully broken into their network to identify vulnerabilities, and helped them fix them."
News organizations tend to be among those with laxer security, he said. "From a philosophical approach, it actually makes sense that they would find themselves open to an attack like this," he said, since news organizations, by their very nature, tend to be focused on open access to information.
Countries have been using cyber methods to attack each other for at least 15 years, but that fact has only recently gained widespread attention, he said. "People often say the Cold War has ended; the reality is the Cold War has gone digital."
But the Cold War of the last century rarely affected normal citizens or companies, and that is no longer the case, he said. "Because of the way the world is now connected through the Internet, a regular company can find itself in the middle of Cold War activity, which tells us that every company out there ought to think of security as one of their No.1 activities. Otherwise, they risk becoming a pawn between two governments having a silent battle against each other."
The United States has its own powerful counterintelligence machine, and that should surprise no one, he said. "If you have a country that knows how to use the power of the Internet and knows how to take advantage of counterintelligence activity through methods like hacking, they will certainly engage in it; otherwise, they will be left behind and they well become sitting ducks."
Asked about The Times' allegations on Thursday, a spokesman for the Chinese Foreign Ministry said that "all such alleged attacks are groundless, irresponsible accusations lacking solid proof or reliable research results."
"What else would you say?" asked Nigam rhetorically. "Of course, you have to say that. If the U.S. government were accused of something similar, the public relations machine would also say the exact same things."
China has been the victim of cyberattacks and "has laws and regulations prohibiting such actions," the spokesman, Hong Lei, said at a regular news briefing.
A separate statement from the Chinese Ministry of National Defense said the country's military "has never supported any hacker activities."
On Thursday, it appeared that television censors in China were blacking out CNN's reporting of the hacking story.
Chinese authorities have blacked out the broadcast signal for international television stations such as CNN and the BBC when they have aired sensitive reports about the country.