In an extraordinary story that has become depressingly ordinary, the New York Times reports that Chinese hackers "persistently" attacked the newspaper, "infiltrating its computer systems and getting passwords for its reporters and other employees." The attacks began around the time journalists were preparing a story on the massive wealth the family of China's Prime Minister Wen Jiabao has allegedly accumulated, but the methods, identification, and apparent objectives of the hackers have been seen before in previous attacks on defense contractors, technology companies, journalists, academics, think tanks, and NGOs. Bloomberg, which published a story on the wealth of the family of Xi Jinping, China's top leader, has also been reportedly attacked. While just one case in a sweeping cyber espionage campaign that appears endemic, the attack on the Times does highlight both the willingness of Beijing lean out and shape the narrative about China as well as the vulnerability the top leadership feels about how they are portrayed.
As with many cases of cyber espionage, the break-in is assumed to have started with a spear-phishing email, a socially engineered message containing malware attachments or links to hostile websites. In the case of the attack on the security firm RSA in 2011, for example, an email with the subject line "2011 Recruitment Plan" was sent with an attached Excel file. Opening the file downloaded software that allowed attackers to gain control of the user's computers. They then gradually expanded their access and moved into different computers and networks.