New York Times Reportedly Targeted by Russian Hackers

As FBI Investigates, Publisher Sees 'No Evidence' Systems Were Breached
New York Times Reportedly Targeted by Russian Hackers

The New York Times says its Moscow bureau has been targeted by suspected Russian cyberattackers, but its internal systems have not been compromised.

See Also: Hunt Cloud Threats or Be Hunted | CISO Guide to Cloud Compromise Assessments

The confirmation follows a CNN report on Aug. 23 that the FBI is investigating a series of cyberattacks that affected the Times and other unidentified U.S. news organizations. The report, which cited anonymous U.S. officials, said the attacks had been detected in recent months and implied that some have been successful.

The Times reacted quickly to that report by publishing one of its own. "We are constantly monitoring our systems with the latest available intelligence and tools. We have seen no evidence that any of our internal systems, including our systems in the Moscow bureau, have been breached or compromised," spokeswoman Eileen Murphy says in a news story published by the Times.

An FBI spokesman declined to comment on those reports or any potential investigation being undertaken by the bureau.

U.S. and Russian tensions over cyber activity are at an all-time high. Experts widely suspect Russia is behind a series of cyberattacks against several Democratic Party organizations and Democratic presidential nominee Hillary Clinton's campaign (see DNC Breach More Severe Than First Believed).

"Attribution can be hard, although in the last five years, it has gotten better as the government has concluded that good attribution was necessary if it wanted to have a chance at a viable deterrence policy," says Martin Libicki, a domestic and national security expert at the think tank The Rand Corp. "One thing that makes attribution easier is that hackers persist in doing the same thing over and over again - and they can afford to be repetitive because the downside of a hack being attributed have, so far, been modest."

Russia may have also had a hand in the recent leak of a powerful set of software exploits and spying tools that security experts were built by the NSA, although clear evidence of Russia's involvement has not emerged (see Confirmed: Leaked Equation Group Hacking Tools Are Real).

Follows Critical Reports

The New York Times's coverage has often deeply antagonized countries such as Russia and China, so it's perhaps no surprise that spies would want to keep tabs on their reporters.

China warned the Times of "consequences" even before the paper published an October 2012 expose describing vast wealth accumulated by family members of former Prime Minister Wen Jiabao.

Three months later, the Times said suspected Chinese hackers had used malware to obtain access to its networks. Corporate passwords for all of its employees were stolen, and the hackers accessed the personal computers of 53 employees. The email accounts of both the Times' Shanghai bureau chief and former Beijing bureau chief were accessed.

"It was presumed that they were looking for sources that helped The New York Times story on corruption associated with Premier Wen," Rand's Libicki says. "The Russians may have similar motivations, although recent Russian behavior suggests they also could have been looking to dox NYT employees or those mentioned in internal Times documents and messages."

This year, in early May, the Times published an extensive report on how Russia ran a sophisticated laboratory at the 2014 Winter Games in Sochi that aimed to conceal Russian athletes' use of banned substances. The story featured the first public comments from laboratory director Grigory Rodchenkov, who fled to Los Angeles after those games, fearing for his safety.

Tough to Defend Reporters

In theory, news organizations would carefully safeguard their reporters, given that the information they collect could be attractive targets for intelligence agencies or organizations conducting corporate espionage.

But reporters stationed overseas are often at a defensive disadvantage. In-country equipment providers could supply routers to reporters and news organizations' bureaus, for example, that have been tampered with to facilitate remote surveillance. Network traffic flows through in-country carriers may also be monitored by intelligence agencies. Physical access to offices is also potentially easier overseas, creating the possibility that sophisticated monitoring equipment has also been surreptitiously installed.

Using a VPN service, which encrypts traffic from a computer to the VPN services' computers, can offer some security by not exposing browsing traffic to local ISPs. But even those connections could be compromised if users' login credentials get stolen, perhaps through simple phishing attacks or if the VPN service itself has been compromised. Mobile phone connections and landlines, meanwhile, would have to be treated as being completely insecure.

"Reporters are particularly vulnerable because they need a lot of latitude to effectively do their jobs," says Ryan Stolte, CTO for cybersecurity firm Bay Dynamics. "They travel to countries and connect to diverse networks which are more easily exploitable. All of those factors make them more vulnerable to a cyberattack than your average corporate employee."

Journalists Are Valuable Targets

Journalists are prized targets because they have data that sometimes is never published, says James Lewis, a senior vice president and director of strategic technologies programs at the Center for Strategic and International Studies in Washington. They can also talk to people that foreign agents have trouble engaging, he says.

News organizations have traditionally been soft targets. "At least until recently, media network security was terrible," Lewis says.

Lewis believes the recent attacks aren't a warning or a threat but rather an effort to figure out who the Times is speaking with and what it knows. "If there are embarrassing emails that can be leaked - so much the better," he says. "It's a favorite Russian trick."

Executive Editor Eric Chabrow contributed to this report.

About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.