The New York Times reported Thursday that, after four months, it has expelled what it believes to be China-based hackers from its computer system and has, so far, kept them from breaking back in. The paper said a group had been "infiltrating its computer systems and getting passwords for its reporters and other employees." The paper linked the attacks to a Times investigation, published in October, finding that the relatives of Prime Minister Wen Jiabao "had accumulated a fortune worth several billion dollars through business dealings."
The Times, pulling no punches, said the security experts it hired to monitor and block the attacks "gathered digital evidence that Chinese hackers, using methods that some consultants have associated with the Chinese military in the past" were responsible. Later Thursday, The Wall Street Journal reported that its computer systems also "had been infiltrated by Chinese hackers for the apparent purpose of monitoring the newspaper's China coverage."
China's surveillance of the Internet and its use of the Web as a battleground for taking on those who oppose its policies are not new. Journalists and, frankly, virtually every citizen and foreigner in China have long operated under the assumption that they are liable to be under surveillance. For safety's sake, they must act as if the government is watching: They know to not only turn their cellphone off when going to see a contact who might be victimized for meeting with them, but to remove the battery too. They assume their email is wide open, that Skype is monitored, that Internet service providers will cooperate with government demands not only for connection details--who talked with whom, when, and where--but the content of the communication as well. Texting? Might as well write your message in large characters on the Great Wall.
On the other hand--and this is in no way meant to exonerate China--any government, and many individuals operating on their own criminally or idealistically, can pretty much do the same thing. As the Times points out:
While computer security experts say China is most active and persistent, it is not alone in using computer attacks for a variety of national purposes, including corporate espionage. The United States, Israel, Russia, and Iran, among others, are suspected of developing and deploying cyber-weapons.
The United States and Israel have never publicly acknowledged it, but evidence indicates they released a sophisticated computer worm starting around 2008 that attacked and later caused damage at Iran's main nuclear enrichment plant. Iran is believed to have responded with computer attacks on targets in the United States, including American banks and foreign oil companies.
Russia is suspected of having used computer attacks during its war with Georgia in 2008.
That list of belligerents, accurately, gives the impression an all-out, worldwide information war is being waged on the digital mesh that now encircles the globe. Beneath the arcs of all those cyber-missiles flying overhead, what can journalists do? The Information Security section of CPJ's Journalist Security Guide lays out the risks, and the strategies to minimize them. But it's not a one-size-fits-all approach. "Good information security is rarely about fending off sophisticated cyberattacks and Hollywood-style hackers," writes CPJ Internet Advocacy Coordinator Danny O'Brien. "It's about understanding the motives and capabilities of those who might want to attack you, and developing consistent habits based on those assessments."