December 21, 2024

Snowden’s Leaks on China Could Affect Its Role in His Fate

The South China Morning Post, a local newspaper, reported on Friday that Edward J. Snowden, the contractor, had shared detailed data showing the dates and Internet Protocol addresses of specific computers in mainland China and Hong Kong that the National Security Agency penetrated over the last four years. The data also showed whether the agency was still breaking into these computers, the success rates for hacking and other operational information.

Mr. Snowden told the newspaper that the computers were in the civilian sector. But Western experts have long said that the dividing line between the civilian sector and the government is very blurry in China. State-owned or state-controlled enterprises still control much of the economy, and virtually all are run by Communist Party cadres who tend to rotate back and forth between government and corporate jobs every few years as part of elaborate career development procedures.

Kevin Egan, a former prosecutor here who has represented people fighting extradition to the United States, said that Mr. Snowden’s latest disclosures would make it harder for him to fight an expected request by the United States for him to be turned over to American law enforcement. “He’s digging his own grave with a very large spade,” he said.

But a person with longstanding ties to mainland Chinese military and intelligence agencies said that Mr. Snowden’s latest disclosures showed that he and his accumulated documents could be valuable to China, particularly if Mr. Snowden chooses to cooperate with mainland authorities.

“The idea is very tempting, but how do you do that, unless he defects,” said the person, who spoke anonymously because of the diplomatic delicacy of the case. “It all depends on his attitude.”

The person declined to comment on whether Chinese intelligence agencies would obtain copies of all of Mr. Snowden’s computer files anyway if he were arrested by the Hong Kong police pursuant to a warrant from the United States, where the Justice Department has already been reviewing possible charges against him.

A Hong Kong Police Force spokeswoman said earlier this week that any arrest would have to be carried out by the Hong Kong police and not by foreign law enforcement. The Hong Kong police have a responsibility to share with mainland China anything of intelligence value that they find during raids or seizures of evidence, according to law enforcement experts.

Patricia Ho, a lawyer who specializes in political asylum at Daly and Associates, a Hong Kong law firm, said that if Beijing decides that it wants Mr. Snowden to stay in Hong Kong for a long time, the simplest way to do so would be for mainland officials to quietly tell Hong Kong’s government officials not to hurry the legal process.

The United States and China have long accused each other of monitoring each other’s computer networks for national security reasons. The United States has also accused China of hacking to harvest technological secrets and commercial data on a broad scale from American companies and transferring that information to Chinese companies to give them a competitive advantage.

Tom Billington, an independent cybersecurity specialist in Washington, said that mainland China could benefit by obtaining a copy of the data that Mr. Snowden gave to The South China Morning Post. The data, if independently verified, could help Chinese officials figure out which computers have been hacked, patch security holes, itemize compromised data, analyze the quality of computer security defenses and develop techniques for hardening other Chinese computers against future surveillance by the N.S.A.

“It certainly would seem valuable data for the Chinese,” Mr. Billington said.

Article source: http://www.nytimes.com/2013/06/15/world/asia/ex-nsa-contractors-disclosures-could-complicate-his-fate.html?partner=rss&emc=rss

Chinese Hackers Infiltrate New York Times Computers

After surreptitiously tracking the intruders to study their movements and help erect better defenses to block them, The Times and computer security experts have expelled the attackers and kept them from breaking back in.

The timing of the attacks coincided with the reporting for a Times investigation, published online on Oct. 25, that found that the relatives of Wen Jiabao, China’s prime minister, had accumulated a fortune worth several billion dollars through business dealings.

Security experts hired by The Times to detect and block the computer attacks gathered digital evidence that Chinese hackers, using methods that some consultants have associated with the Chinese military in the past, breached The Times’s network. They broke into the e-mail accounts of its Shanghai bureau chief, David Barboza, who wrote the reports on Mr. Wen’s relatives, and Jim Yardley, The Times’s South Asia bureau chief in India, who previously worked as bureau chief in Beijing.

“Computer security experts found no evidence that sensitive e-mails or files from the reporting of our articles about the Wen family were accessed, downloaded or copied,” said Jill Abramson, executive editor of The Times.

The hackers tried to cloak the source of the attacks on The Times by first penetrating computers at United States universities and routing the attacks through them, said computer security experts at Mandiant, the company hired by The Times. This matches the subterfuge used in many other attacks that Mandiant has tracked to China.

The attackers first installed malware — malicious software — that enabled them to gain entry to any computer on The Times’s network. The malware was identified by computer security experts as a specific strain associated with computer attacks originating in China. More evidence of the source, experts said, is that the attacks started from the same university computers used by the Chinese military to attack United States military contractors in the past.

Security experts found evidence that the hackers stole the corporate passwords for every Times employee and used those to gain access to the personal computers of 53 employees, most of them outside The Times’s newsroom. Experts found no evidence that the intruders used the passwords to seek information that was not related to the reporting on the Wen family.

No customer data was stolen from The Times, security experts said.

Asked about evidence that indicated the hacking originated in China, and possibly with the military, China’s Ministry of National Defense said, “Chinese laws prohibit any action including hacking that damages Internet security.” It added that “to accuse the Chinese military of launching cyberattacks without solid proof is unprofessional and baseless.”

The attacks appear to be part of a broader computer espionage campaign against American news media companies that have reported on Chinese leaders and corporations.

Last year, Bloomberg News was targeted by Chinese hackers, and some employees’ computers were infected, according to a person with knowledge of the company’s internal investigation, after Bloomberg published an article on June 29 about the wealth accumulated by relatives of Xi Jinping, China’s vice president at the time. Mr. Xi became general secretary of the Communist Party in November and is expected to become president in March. Ty Trippet, a spokesman for Bloomberg, confirmed that hackers had made attempts but said that “no computer systems or computers were compromised.”

Signs of a Campaign

The mounting number of attacks that have been traced back to China suggest that hackers there are behind a far-reaching spying campaign aimed at an expanding set of targets including corporations, government agencies, activist groups and media organizations inside the United States. The intelligence-gathering campaign, foreign policy experts and computer security researchers say, is as much about trying to control China’s public image, domestically and abroad, as it is about stealing trade secrets.

This article has been revised to reflect the following correction:

Correction: January 31, 2013

An earlier version of this article misstated the year that the United States and Israel were said to have started a cyber attack that caused damage at Iran’s main nuclear enrichment plant, and the article misstated the specific type of attack. The attack was a computer worm, not a virus, and it started around 2008, not 2012.

Article source: http://www.nytimes.com/2013/01/31/technology/chinese-hackers-infiltrate-new-york-times-computers.html?partner=rss&emc=rss