Recently in News Category
By Nicole Perlroth | The New York Times
31 January 2013
For the last four months, Chinese hackers have persistently attacked The New York Times, infiltrating its computer systems and getting passwords for its reporters and other employees.
After surreptitiously tracking the intruders to study their movements and help erect better defenses to block them, The Times and computer security experts have expelled the attackers and kept them from breaking back in.
The timing of the attacks coincided with the reporting for a Times investigation, published online on Oct. 25, that found that the relatives of Wen Jiabao, China's prime minister, had accumulated a fortune worth several billion dollars through business dealings.
Security experts hired by The Times to detect and block the computer attacks gathered digital evidence that Chinese hackers, using methods that some consultants have associated with the Chinese military in the past, breached The Times's network. They broke into the e-mail accounts of its Shanghai bureau chief, David Barboza, who wrote the reports on Mr. Wen's relatives, and Jim Yardley, The Times's South Asia bureau chief in India, who previously worked as bureau chief in Beijing.
"Computer security experts found no evidence that sensitive e-mails or files from the reporting of our articles about the Wen family were accessed, downloaded or copied," said Jill Abramson, executive editor of The Times.
The hackers tried to cloak the source of the attacks on The Times by first penetrating computers at United States universities and routing the attacks through them, said computer security experts at Mandiant, the company hired by The Times. This matches the subterfuge used in many other attacks that Mandiant has tracked to China.
The attackers first installed malware -- malicious software -- that enabled them to gain entry to any computer on The Times's network. The malware was identified by computer security experts as a specific strain associated with computer attacks originating in China. More evidence of the source, experts said, is that the attacks started from the same university computers used by the Chinese military to attack United States military contractors in the past.
Security experts found evidence that the hackers stole the corporate passwords for every Times employee and used those to gain access to the personal computers of 53 employees, most of them outside The Times's newsroom. Experts found no evidence that the intruders used the passwords to seek information that was not related to the reporting on the Wen family.
No customer data was stolen from The Times, security experts said.
Asked about evidence that indicated the hacking originated in China, and possibly with the military, China's Ministry of National Defense said, "Chinese laws prohibit any action including hacking that damages Internet security." It added that "to accuse the Chinese military of launching cyberattacks without solid proof is unprofessional and baseless."
The attacks appear to be part of a broader computer espionage campaign against American news media companies that have reported on Chinese leaders and corporations.
Last year, Bloomberg News was targeted by Chinese hackers, and some employees' computers were infected, according to a person with knowledge of the company's internal investigation, after Bloomberg published an article on June 29 about the wealth accumulated by relatives of Xi Jinping, China's vice president at the time. Mr. Xi became general secretary of the Communist Party in November and is expected to become president in March. Ty Trippet, a spokesman for Bloomberg, confirmed that hackers had made attempts but said that "no computer systems or computers were compromised."
Signs of a Campaign
The mounting number of attacks that have been traced back to China suggest that hackers there are behind a far-reaching spying campaign aimed at an expanding set of targets including corporations, government agencies, activist groups and media organizations inside the United States. The intelligence-gathering campaign, foreign policy experts and computer security researchers say, is as much about trying to control China's public image, domestically and abroad, as it is about stealing trade secrets.
Security experts said that beginning in 2008, Chinese hackers began targeting Western journalists as part of an effort to identify and intimidate their sources and contacts, and to anticipate stories that might damage the reputations of Chinese leaders.
In a December intelligence report for clients, Mandiant said that over the course of several investigations it found evidence that Chinese hackers had stolen e-mails, contacts and files from more than 30 journalists and executives at Western news organizations, and had maintained a "short list" of journalists whose accounts they repeatedly attack.
While computer security experts say China is most active and persistent, it is not alone in using computer attacks for a variety of national purposes, including corporate espionage. The United States, Israel, Russia and Iran, among others, are suspected of developing and deploying cyberweapons.
The United States and Israel have never publicly acknowledged it, but evidence indicates they released a sophisticated computer worm starting around 2008 that attacked and later caused damage at Iran's main nuclear enrichment plant. Iran is believed to have responded with computer attacks on targets in the United States, including American banks and foreign oil companies.
Russia is suspected of having used computer attacks during its war with Georgia in 2008.
The following account of the attack on The Times -- which is based on interviews with Times executives, reporters and security experts -- provides a glimpse into one such spy campaign.
After The Times learned of warnings from Chinese government officials that its investigation of the wealth of Mr. Wen's relatives would "have consequences," executives on Oct. 24 asked AT&T, which monitors The Times's computer network, to watch for unusual activity.
On Oct. 25, the day the article was published online, AT&T informed The Times that it had noticed behavior that was consistent with other attacks believed to have been perpetrated by the Chinese military.
The Times notified and voluntarily briefed the Federal Bureau of Investigation on the attacks and then -- not initially recognizing the extent of the infiltration of its computers -- worked with AT&T to track the attackers even as it tried to eliminate them from its systems.
But on Nov. 7, when it became clear that attackers were still inside its systems despite efforts to expel them, The Times hired Mandiant, which specializes in responding to security breaches. Since learning of the attacks, The Times -- first with AT&T and then with Mandiant -- has monitored attackers as they have moved around its systems.
Hacker teams regularly began work, for the most part, at 8 a.m. Beijing time. Usually they continued for a standard work day, but sometimes the hacking persisted until midnight. Occasionally, the attacks stopped for two-week periods, Mandiant said, though the reason was not clear.
Investigators still do not know how hackers initially broke into The Times's systems. They suspect the hackers used a so-called spear-phishing attack, in which they send e-mails to employees that contain malicious links or attachments. All it takes is one click on the e-mail by an employee for hackers to install "remote access tools" -- or RATs. Those tools can siphon off oceans of data -- passwords, keystrokes, screen images, documents and, in some cases, recordings from computers' microphones and Web cameras -- and send the information back to the attackers' Web servers.
Michael Higgins, chief security officer at The Times, said: "Attackers no longer go after our firewall. They go after individuals. They send a malicious piece of code to your e-mail account and you're opening it and letting them in."
Lying in Wait
Once hackers get in, it can be hard to get them out. In the case of a 2011 breach at the United States Chamber of Commerce, for instance, the trade group worked closely with the F.B.I. to seal its systems, according to chamber employees. But months later, the chamber discovered that Internet-connected devices -- a thermostat in one of its corporate apartments and a printer in its offices -- were still communicating with computers in China.
In part to prevent that from happening, The Times allowed hackers to spin a digital web for four months to identify every digital back door the hackers used. It then replaced every compromised computer and set up new defenses in hopes of keeping hackers out.
"Attackers target companies for a reason -- even if you kick them out, they will try to get back in," said Nick Bennett, the security consultant who has managed Mandiant's investigation. "We wanted to make sure we had full grasp of the extent of their access so that the next time they try to come in, we can respond quickly."
Based on a forensic analysis going back months, it appears the hackers broke into The Times computers on Sept. 13, when the reporting for the Wen articles was nearing completion. They set up at least three back doors into users' machines that they used as a digital base camp. From there they snooped around The Times's systems for at least two weeks before they identified the domain controller that contains user names and hashed, or scrambled, passwords for every Times employee.
While hashes make hackers' break-ins more difficult, hashed passwords can easily be cracked using so-called rainbow tables -- readily available databases of hash values for nearly every alphanumeric character combination, up to a certain length. Some hacker Web sites publish as many as 50 billion hash values.
Investigators found evidence that the attackers cracked the passwords and used them to gain access to a number of computers. They created custom software that allowed them to search for and grab Mr. Barboza's and Mr. Yardley's e-mails and documents from a Times e-mail server.
Over the course of three months, attackers installed 45 pieces of custom malware. The Times -- which uses antivirus products made by Symantec -- found only one instance in which Symantec identified an attacker's software as malicious and quarantined it, according to Mandiant.
A Symantec spokesman said that, as a matter of policy, the company does not comment on its customers.
The attackers were particularly active in the period after the Oct. 25 publication of The Times article about Mr. Wen's relatives, especially on the evening of the Nov. 6 presidential election. That raised concerns among Times senior editors who had been informed of the attacks that the hackers might try to shut down the newspaper's electronic or print publishing system. But the attackers' movements suggested that the primary target remained Mr. Barboza's e-mail correspondence.
"They could have wreaked havoc on our systems," said Marc Frons, the Times's chief information officer. "But that was not what they were after."
What they appeared to be looking for were the names of people who might have provided information to Mr. Barboza.
Mr. Barboza's research on the stories, as reported previously in The Times, was based on public records, including thousands of corporate documents through China's State Administration for Industry and Commerce. Those documents -- which are available to lawyers and consulting firms for a nominal fee -- were used to trace the business interests of relatives of Mr. Wen.
A Tricky Search
Tracking the source of an attack to one group or country can be difficult because hackers usually try to cloak their identities and whereabouts.
To run their Times spying campaign, the attackers used a number of compromised computer systems registered to universities in North Carolina, Arizona, Wisconsin and New Mexico, as well as smaller companies and Internet service providers across the United States, according to Mandiant's investigators.
The hackers also continually switched from one I.P. address to another; an I.P. address, for Internet protocol, is a unique number identifying each Internet-connected device from the billions around the globe, so that messages and other information sent by one device are correctly routed to the ones meant to get them.
Using university computers as proxies and switching I.P. addresses were simply efforts to hide the source of the attacks, which investigators say is China. The pattern that Mandiant's experts detected closely matched the pattern of earlier attacks traced to China. After Google was attacked in 2010 and the Gmail accounts of Chinese human rights activists were opened, for example, investigators were able to trace the source to two educational institutions in China, including one with ties to the Chinese military.
Security experts say that by routing attacks through servers in other countries and outsourcing attacks to skilled hackers, the Chinese military maintains plausible deniability.
"If you look at each attack in isolation, you can't say, 'This is the Chinese military,' " said Richard Bejtlich, Mandiant's chief security officer.
But when the techniques and patterns of the hackers are similar, it is a sign that the hackers are the same or affiliated.
"When you see the same group steal data on Chinese dissidents and Tibetan activists, then attack an aerospace company, it starts to push you in the right direction," he said.
Mandiant has been tracking about 20 groups that are spying on organizations inside the United States and around the globe. Its investigators said that based on the evidence -- the malware used, the command and control centers compromised and the hackers' techniques -- The Times was attacked by a group of Chinese hackers that Mandiant refers to internally as "A.P.T. Number 12."
A.P.T. stands for Advanced Persistent Threat, a term that computer security experts and government officials use to describe a targeted attack and that many say has become synonymous with attacks done by China. AT&T and the F.B.I. have been tracking the same group, which they have also traced to China, but they use their own internal designations.
Mandiant said the group had been "very active" and had broken into hundreds of other Western organizations, including several American military contractors.
To get rid of the hackers, The Times blocked the compromised outside computers, removed every back door into its network, changed every employee password and wrapped additional security around its systems.
For now, that appears to have worked, but investigators and Times executives say they anticipate more efforts by hackers.
"This is not the end of the story," said Mr. Bejtlich of Mandiant. "Once they take a liking to a victim, they tend to come back. It's not like a digital crime case where the intruders steal stuff and then they're gone. This requires an internal vigilance model."
By Mark McDonald - International Herald Tribune - The Global Edition of the New York Times
October 18, 2012
China was at the center of one of the harshest exchanges during the U.S. presidential debate on Tuesday night, with President Barack Obama and his Republican challenger, Mitt Romney, both flashing their tough-on-Beijing credentials. But the politician who really knows about China was not on the stage, although he had tried to be.
Jon M. Huntsman Jr., who campaigned for the Republican nomination, has solid connections to both candidates: He served as the U.S. ambassador to China under Mr. Obama until April 2011, and when Mr. Huntsman abandoned his campaign in January, he immediately endorsed Mr. Romney.
As they prep and do role playing for their final debate, both candidates might do well to recruit Mr. Huntsman for a lay of the land on China. The debate, set for Monday in Boca Raton, Florida, will focus on foreign policy issues, with China one of the selected topics.
In a fascinating new interview with Isaac Stone Fish of Foreign Policy magazine, Mr. Huntsman was asked about the differences between the two candidates in their approach to China.
"Well, they differ in some senses in the levers of power that are being pulled," he said. "I think Obama has chosen more the soft levers of power, and Romney is at least articulating some of the hard levers of power, where in reality, we need a combination of both.
"During campaign season, you never want to talk about anything except the hard levers of power. But we're also trying to get over 10 years of war in the Middle East that have set us back enormously economically and diplomatically, and in terms of loss of life. And that's a reality that we're not having a conversation about."
Beijing canceled Mr. Huntsman's visa last month, he told Mr. Stone Fish, as he was preparing to travel to China to make a speech. (This probably has not happened very often in peacetime diplomacy, a country refusing entry to a former ambassador, especially for fear that he would give a speech.)
"Why? Because I talk too much about human rights and American values, and they know that," said Mr. Huntsman, who speaks Mandarin. "And at a time of leadership realignment, the biggest deal in 10 years for them, they didn't want the former U.S. ambassador saying stuff that might create a narrative that they would have to fight. I understand that.
"But when the transition is done, the crazy American ambassador will be let back in, and I can say whatever I want. As they used to tell me when I was over there was 'Women zhongguo ye you zhengzhi' -- 'We have politics too in China.' "
Mr. Huntsman said he was subsequently approved for entry -- to attend a board meeting. No speechmaking.
A condensed excerpt from Mr. Stone Fish's interview:
Put yourself in the shoes of the moderator at the upcoming foreign-policy debate on Oct. 22. What do you think he should ask about China?
What are the core philosophical drivers that inform the thinking of the candidates? What are our national interests at play? How do we maximize our position in the Asia-Pacific region, understanding that China is the centerpiece geographically. And fourth, given that it is the relationship of the 21st century, how do we intend to sustain the cyclicality that is inherent in a large, complicated relationship?
Are you surprised that China hasn't become a bigger issue in the campaign?
Beyond it being used as a political tool rhetorically, we've had very little talk of China at a time when we ought to be having a substantive conversation, because it is the relationship that will matter the most in the 21st century.
What's your understanding of what Chinese officials think about all this rhetoric and what's behind it? Do they see this as one of the downsides of democracy, or of Americans playing into the fears of American decline?
I think it's happened for so long that they've grown to expect it during the election season. I think it affected them more in the earlier years, but now they've grown accustomed to the political cycle, just as we've grown accustomed to the leadership cycles in China, where they do the same thing to us. We just have a bigger megaphone. And they tend to be a little more sensitive, because face still matters a whole lot in terms of human interaction.
The current U.S. ambassador to China, Gary F. Locke, revealed Wednesday that he had traveled last month to a Tibetan area of western China where "dozens of Tibetans disaffected with Chinese rule have set themselves on fire," as my colleague Edward Wong reported.
Mr. Locke visited two Tibetan Buddhist monasteries in Aba Prefecture of Sichuan Province. He went there, he told The Times, "to see it for myself."
The visit, which came during a wider trip to Chongqing, was noteworthy if only for the fact that Beijing permitted it. The area is tightly controlled by Chinese security forces and the issue of Tibetan autonomy and Buddhist activism is a highly sensitive one for Beijing.
Mr. Locke only revealed his trip on Wednesday. And for those belonging to the there-are-no-coincidences-in-politics school of thought, it was five years ago on Wednesday -- Oct. 17, 2007 -- that the Dalai Lama received the Congressional Gold Medal in Washington.
The award was met with fury and outrage from Beijing, and one senior official called it a "farce." The Dalai Lama, the Tibetan spiritual leader who has lived in exile since 1959, is particularly reviled by the leadership in Beijing.
President George W. Bush attended the elaborate ceremony in the Capitol Rotunda and called the Dalai Lama "a man of faith and sincerity and peace."
By Damian Grammaticas | BBC World News
October 08, 2012
China's Communist rulers are trying to force the country's jailed Peace Prize laureate into going into exile by putting pressure on his wife, who is not well, the BBC has been told.
A source close to the family has told us that Liu Xiaobo will not agree to leave China as that would lead to his voice being marginalised.
But the source said that Liu Xiaobo's wife Liu Xia is "suffering mentally" because she has now spent two years under illegal house arrest and continues to be detained.
It was exactly two years ago when Liu Xiaobo, a soft-spoken academic, won the Peace Prize for his calls for peaceful political reform in China.
He never collected it as he was already in a jail in China, where he remains, convicted of subversion.
His wife Liu Xia, an even softer-spoken poet and photographer, has been similarly silenced. She's being held in her own flat in Beijing.
She's been there for two years, detained just a couple of days after her husband was announced as the 2010 winner.
And Norway too is, it seems, still being punished. The prize has nothing to do with the Norwegian government.
But China continues to snub Norwegian ministers, diplomats and politicians, according to other diplomats in Beijing.
But the BBC has spoken to an individual in contact with Liu Xiaobo and Liu Xia's families, who has given some new insights into the couple's situation.
The individual asked that we don't name them, and told us that Liu Xiaobo is in reasonable health, but his stomach problem "is getting worse".
China's authorities allow only three people to visit Liu Xiaobo in Jinzhou prison where he's being held: his two brothers who can see him about once every six months, and his wife who sees the Nobel Peace Prize winner every two to three months, the source said.
They have to ask for permission in advance and wait for notification.
"They are not allowed to go and visit him together. Only one person is allowed each time. And the police watch them during the entire meeting," our source told us.
"They are forbidden to talk about anything else other than family matters. The police don't want the family to bring in any information from outside to Liu Xiaobo."
The two brothers did visit together once, in September last year. That was to inform Liu Xiaobo that his father had died. He was then allowed a brief visit home to pay his respects before he was whisked back to jail.
His wife, Liu Xia, meanwhile, has not committed any crime in China but is being held in her home.
"There are two policewomen living with her in her apartment. And lots of plain-clothes police watching the compound constantly," our source told us.
"Liu Xia's health is not very well. Mentally she suffers a lot because of the loss of personal freedom and the worries about her jailed husband."
"She is allowed to go out and visit her mother and meet one of her best friends roughly once a month, escorted by policewomen the entire time. Other than visits to her husband, that's it.
"She is not allowed to go anywhere else, not even to the park or shop. And no-one is allowed to even approach her compound, let alone visit her."
The individual added: "What the government is doing to Liu Xia is illegal. They do this routinely to dissidents in order to prevent them speaking to the press and tainting the government's image.
"Her husband is currently the most famous dissident in China, so she suffers tighter control than other dissidents."
His view is backed up by Joshua Rosenzweig, a human rights researcher at the Chinese University of Hong Kong who said he was "not aware of any legal authority for restricting Liu Xia's liberty".
"Her relegation to this ambiguous zone appears to be deliberate, because if you can't treat [her detention] as something sanctioned or even covered by law, then how do you begin to challenge it? Liu Xia effectively ceases to exist, both as a human being and as an issue," he said.
China's government insists Liu Xia is not being held against her will. But Mr Rosenzweig says its aim is to silence Liu Xia, her husband and their families, so there is no news about the jailed laureate.
"One of the few ways the outside world has to learn anything about individuals who have been imprisoned in China is through what their relatives learn and observe during periodic prison visits," he says.
"I don't know the last time that Liu Xia was able to visit her husband, but I am fairly certain that any interaction she has been able to have with him has been under the precondition that she remain silent.
"To the extent that this reflects an official strategy to counter Liu Xiaobo's influence, it would have to be deemed successful. There's only so much interest that can be sustained by a person's continued absence.
"That's why you don't see too many headlines proclaiming 'no news of Nobel laureate again this month'."
And the friend of the family who spoke to the BBC says that, by being so harsh on his wife, China is trying to pressure Liu Xiaobo into cutting a deal to go into exile.
"The government is trying to force Liu Xiaobo to leave China by taking his wife's personal freedom away. At the same time, the government threatens both their families, saying if they try to speak to the media or leak any information their right to visit Liu Xiaobo will be taken away.
"This is very cruel. It has forced the family to keep quiet."
But, the family friend added, Liu Xiaobo will not agree to leave China, despite the fact that his prison term lasts until 2020.
"The government has always wanted Liu Xiaobo to leave China because the fact that a Nobel Peace Prize winner is in jail, is a constant reminder of China's poor human rights situation.
"When previous dissidents have left China their voices gradually fade and their influence disappears. That's why Liu Xiaobo insists he'll stay even if it means staying in jail. Remaining in China is what's significant for him."
By BBC World News
September 06, 2012
Two Indian air force pilots who flew the visiting Chinese defence minister from Mumbai to Delhi were given 100,000 rupees ($1,788; £1,124) as "tips".
The pilots were given envelopes containing the money by General Liang Guanglie who returned to China on Thursday after a four-day India visit.
Surprised by the "unusual gift", the pilots informed their superiors.
Officials said the money would be deposited in the government gift chest along with other official gifts.
Reports said Gen Liang was "pleased" with the way the pilots handled the flight in the stormy monsoon weather.
Officials said the Chinese minister was possibly not briefed properly on Indian protocol and customs which forbid government officials from accepting money as gifts.
Gen Liang, the first Chinese defence minister to visit Delhi in eight years, also did some sightseeing during his tour.
He met Indian Defence Minister AK Antony after which the two countries announced plans to resume joint military exercises after a gap of four years.
Relations between India and China have been uneasy - the two countries dispute several Himalayan border areas and fought a brief war in 1962.
By Marc Santora and Jeffrey E. Singer | The New York Times
September 01, 2012
A year ago, Cao Erxing and his wife, Chen Zengrong, both 56, were killed in a high-speed train crash in China. But it was not until Saturday that their relatives in New York City were finally able to gather to mourn their loss and bury their loved ones.
And though the accident was in 2011, the pain was fresh at the memorial service for the couple in Elmhurst, Queens.
"They are gone, they are gone," one relative cried. "We will never see them again."
The memorial and burial service seemed to offer some dignity in an ordeal that began with one of the biggest rail disasters in China's history, which left 40 people dead and 191 passengers injured in July 2011.
The accident rattled the Chinese government and raised questions about the safety of the nation's high-speed rail system, an ambitious public-works project that has been used as a symbol of China's emergence as a global power.
Yet for the Cao family, the accident was only the beginning of the tragedy.
For more than a year, the Cao sons -- Henry, who was severely injured in the crash, and Leo -- have been caught up in a confusing and often maddening bureaucratic nightmare. They have raised questions about their mother's treatment immediately after the accident, and fought government officials for adequate compensation and to bring their parents' bodies home.
"I don't want them to go down in history as just anonymous Americans who died," Leo Cao said. "I want people to know these people lived. Their lives meant something."
Cao Erxing and his wife left their home in Fujian Province for New York in the 1980s. For the couple, equipped with only middle school educations and no English skills, life was a struggle from the start.
Mr. Cao worked as a dishwasher but was felled by mental illness. To support the family, his wife took a job as a seamstress, working grueling hours for little pay.
With their parents, who were naturalized American citizens, doing all they could to scrape by, the Cao brothers were often left on their own.
Still, Leo said, he was able to enroll at Stony Brook University when he was 16 and graduated when he was 19.
His brother, Henry, was also forging ahead in his career in the import business.
The family worked hard and was eventually able to buy a house in Queens.
The trip to China was the first vacation that the parents ever took, their first chance to return to their birthplace and reconnect with relatives they had not seen in years, their family said.
But what was supposed to be a joyous occasion turned to disaster when the train in which they were riding rear-ended another train in the eastern city of Wenzhou, sending several cars careering off the tracks and plummeting off an overpass.
Henry, who was traveling with his parents, had to have his spleen and a kidney removed as a result of his injuries, which also included a broken ankle and ribs.
"I can't keep going on like before," he said. "Before the crash, I used to play with my children often. No more."
While Henry recovered, Leo began to wage what turned out to be a lengthy battle with the Chinese authorities.
Immediately after the accident, victims' families were warned against holding public memorials. The Cao family wanted to hold a ceremony in its ancestral village, but the authorities forbade it. Instead, the family had to settle for a ceremony in the city where the crash took place.
But it was not until 150 friends and family members gathered at the Gerard Neufeld Funeral Home in Elmhurst on Saturday that they could mourn properly. Last month, the brothers went to China to collect the remains.
Many of the relatives in America were able to come here with the assistance of the Cao family, and many were inconsolable in their grief.
While the brothers' struggle with the Chinese government has garnered wide attention, the comments at the service were focused on the moment: paying tribute to the dead and offering blessings.
"It's been a very bad year," Leo said after the service. "The reason we need to get this over with is for my family, my brother."
Still, he said, he anticipated more fighting with Chinese officials over compensation claims.
"My brother, his family, my parents, we lost so much," he said. "We can't just lay down."
But Henry said, "I just try and forget."