The Hacker – Columbia Journalism Review

/in


Getting hacked is very much like catching a nasty flu. It begins with an infection of malware—malicious software that spreads across a network—and ends with a feeling of deep enfeeblement. In late 2012, not long after the New York Times reported on a corruption scandal involving China’s former prime minister, the newsroom got a bad case. AT&T, which maintains the Times’ servers, notified the company that suspicious activity had been detected on its network. An internal investigation revealed an attack on a dramatic scale: Chinese hackers had broken into email accounts, stolen the passwords of every employee, installed forty-five pieces of customized malware, and begun spying on fifty-three employees, seeking information about anything related to the Chinese prime minister’s family. Day after day, using the methods of the Chinese military, the hackers started at 8am and worked sometimes until midnight, deploying remote-access tools, or RATs, that enabled them to steal a tremendous cache of sensitive information and even to activate a computer’s microphone and Web camera, transforming it into a secret recording device. It was a complicated and devastating infection—a near masterpiece.

It took four months of tracking for the Times to finally expel the hackers from its network. The Chinese government denied any involvement. But the more the newsroom looked into what happened, the more it became clear that the attack was part of a “far-reaching spying campaign,” according to a Times report, that pried into multiple outlets; the Wall Street Journal soon confirmed that Chinese hackers had broken into its system, and there were attempts made on the Washington Post and Bloomberg. The event ushered in a stunning realization for journalists: that the most powerful asset they had—confidentiality for their sources via secure channels of communication—could no longer be guaranteed. Not only were news organizations vulnerable to cyberattacks, they were targets.

Runa Sandvik was living in London when she first heard about the hack—and it stunned her. She was twenty-five at the time, a cybersecurity expert working for a grassroots…

Source…