In a detailed report published Thursday, the newspaper said hackers used tactics known to be employed by the Chinese military to break into its network and steal the email passwords of several senior reporters and other employees.
The paper said the attacks began about the same time it published a blockbuster October story detailing $2.7 billion allegedly accumulated by the family of outgoing Chinese Premier Wen Jiabao.
At the time, China reacted angrily to the story, which threatened the reputation of a leader known for his clean image. It immediately blocked the Times’ English and Chinese websites and threatened unspecified “consequences” for the story.
On Thursday, foreign ministry spokesperson Hong Lei called the hacking charges “irresponsible” and “baseless.”
“According to some investigative results, which showed no proof and had uncertain evidence and a baseless conclusion, China had participated in online attacks,” said Hong. “That is a totally irresponsible conclusion. China is also a victim of online attacks. China’s laws clearly ban online attacks.”
The Times says the hacking attempt was discovered, in part, by Mandiant, a computer security company, which alerted the Times to the cyber attacks just one day after the Wen Jiabao article was published.
The paper does not know how the hackers broke into its network, but it suspects they used an email to employees containing malicious links or attachments. It says they were soon able to steal the corporate passwords for “every Times employee.”
The hackers then used the passwords to access dozens of employees’ personal computers, with the apparent aim of finding the sources of information for the article. It says the primary target was Shanghai bureau chief David Barboza, who wrote the article.
Jill Abramson, executive editor of the Times, said hackers were not able to access sensitive emails or files from the article on Wen, which relied on publicly available records such as corporate documents. The paper also said no customer data was stolen.
The paper said when Mandiant security officials became aware of the attack, they allowed the hackers to “spin a digital web” for four months in an effort to discover their identity. The investigation showed that hackers tried to conceal their activities by routing their attacks through computers at universities in the United States. They also tried to hide their location by continually switching IP addresses, a code that identifies computers on a network.
Other details suggested that the source of the attacks was China. The paper said hacker teams regularly attacked the system beginning at 8 a.m. Beijing time, continuing for a standard work day.
Mandiant, the security company, says those methods are consistent with previous cyber attacks associated with the Chinese military, which observers say regularly outsources cyber attacks and uses other ways to conceal its activities.
The Times says it has expelled the attackers by blocking the compromised outside computers, changing every employee password, and undertaking other security measures. But it said it expects more hacking attempts in the future.
When confronted by the New York Times about the attack, Chinese defense officials denied any involvement, calling it “unprofessional and baseless.”
Chinese censors later deleted conversations about the hacking controversy on domestic social media sites.