There have been an unusually high number of hacks this week, and today The Washington Post confirmed yesterday's reports that it was also the target of what the publication suspects is Chinese hackers. The Post joins The Wall Street Journal and The New York Times, which all appear to have been hacked to monitor their coverage of China. However, the Post reports that the extent of its attack, which may have begun as early as 2008 or 2009, was "unusual."
"The extent of the Post intrusion appears to have been unusual."
In an official statement, the Post confirmed reports from Krebs on Security that the publication had indeed been hacked. Anonymous sources speaking to the Post provided further information, and said that the hack targeted the publication's main server and several other computers. It's not clear what information was taken, but the Post reports that administrative passwords were likely compromised, giving hackers access to a number of company systems during the attack. However, the Post denies allegations from Krebs that the company turned over one of its servers to the NSA and Department of Defense for analysis, saying "that would be an unusual step for a news organization that traditionally has carefully guarded the security of its e-mail and other information from government intrusion."
"They want to understand how the media is portraying them — what they’re planning and what’s coming."
In 2011, the Post consulted Mandiant — a security firm that was also consulted in the WSJ and NYT hacks — which secured the company's systems and determined that China was likely behind the attack. Mandiant vice president Grady Summers said that the hackers behind all three attacks want to know "who in China is talking to the media." When asked about the recent string of cyberattacks on media, China's Defense Ministry told the Post "the Chinese military has never supported any hack attacks. Cyberattacks have transnational and anonymous characteristics. It is unprofessional and groundless to accuse the Chinese military of launching cyberattacks without any conclusive evidence." All three publications have already or are currently working to strengthen their security to guard against potential future attacks.