The Washington Post building in downtown Washington, DC. (Alex Wong/GETTY IMAGES )
A sophisticated cyberattack targeted The Washington Post in an operation that resembled intrusions against other major American news organizations and that company officials suspect was the work of Chinese hackers, people familiar with the incident said.
Post company officials confirmed the broad outlines of the infiltration, which was discovered in 2011 and first reported by an independent cybersecurity blog on Friday. But they did not elaborate on the circumstances, the duration of the intrusion or its apparent origin.
“Like other companies in the news recently, we face cybersecurity threats,” Post spokeswoman Kris Coratti said. “In this case, we worked with [security company] Mandiant to detect, investigate, and remediate the situation promptly at the end of 2011. We have a number of security measures in place to guard against cyberattacks on an ongoing basis.”
The New York Times and the Wall Street Journal reported this week on major hacking campaigns they said likely originated in China.
The Times and The Post used the same Alexandria-based security company, Mandiant, to secure their systems. Grady Summers, a vice president at Mandiant, declined to comment on the intrusion at The Post but said that in general, Chinese government hackers “want to know who the sources are, who in China is talking to the media. . . . They want to understand how the media is portraying them — what they’re planning and what’s coming.”
The Chinese Embassy in Washington and officials in Beijing did not respond to calls for comment. When questioned by The Post on Thursday about cyberattacks on media organizations, China’s Defense Ministry said, “The Chinese military has never supported any hack attacks. Cyberattacks have transnational and anonymous characteristics. It is unprofessional and groundless to accuse the Chinese military of launching cyberattacks without any conclusive evidence.”
The cyberattack targeted The Post’s main information technology server and several other computers, said people familiar with the incident who spoke on the condition of anonymity to describe details the company did not release publicly.
These people said that sensitive administrative passwords likely were compromised, giving hackers potentially wide-ranging access to The Post’s systems before the computers were taken offline and enhanced monitoring was put in place to prevent a recurrence. It was not clear what information, if any, was stolen by the hackers.
The intruders gained access as early as 2008 or 2009, according to these accounts. In 2011, Mandiant neutralized the malicious software, which had been sending a signal to an Internet command-and-control server associated with a Chinese hacking group.
This description tracks in general terms with one posted Friday on the blog “Krebs on Security,” authored by former Washington Post reporter Brian Krebs. He quoted an unidentified former information technology employee at the company.
Krebs’s report included the assertion that The Post turned over one of its servers to the National Security Agency and the Defense Department for analysis. That would be an unusual step for a news organization that traditionally has carefully guarded the security of its e-mail and other information from government intrusion.
“We are confident that did not happen,” Coratti said. Other Post officials speaking on condition of anonymity said the company would investigate the claim.
The National Security Agency and the Defense Department declined to comment.
Though U.S. news organizations and other companies frequently are the target of cyber-espionage, the extent of the Post intrusion appears to have been unusual and was kept secret from most company employees.
After the report by Krebs on Friday, some Post journalists grumbled about not being alerted to the intrusion and expressed concern that outside hackers may have had access to their e-mails or documents kept on their computers. Reporting that dealt with dissidents or political issues in China would have been especially sensitive.
“Nobody told me a word. Wish they had,” said longtime Post foreign correspondent Keith B. Richburg, who was acting bureau chief in Beijing at the time of the cyberattack and is leaving the company for a job at Harvard University.
He said that correspondents based in China assumed they were being monitored by the government there and took measures to protect sources and evade spying — especially while working in offices owned by the government or while reporting by e-mail. “We always joked that if the toilet didn’t flush, we could stand in the middle of the room and say, ‘Can’t they fix the toilet?’ ”
Security experts regard the Chinese government as the most aggressive hackers of Western companies and government agencies.