“Like other companies in the news recently, we face cybersecurity threats,” Post spokeswoman Kris Coratti said. “In this case, we worked with [security company] Mandiant to detect, investigate, and remediate the situation promptly at the end of 2011. We have a number of security measures in place to guard against cyberattacks on an ongoing basis.”
The New York Times and the Wall Street Journal reported this week on major hacking campaigns they said likely originated in China.
The Times and The Post used the same Alexandria-based security company, Mandiant, to secure their systems. Grady Summers, a vice president at Mandiant, declined to comment on the intrusion at The Post but said that in general, Chinese government hackers “want to know who the sources are, who in China is talking to the media. . . . They want to understand how the media is portraying them — what they’re planning and what’s coming.”
The Chinese Embassy in Washington and officials in Beijing did not respond to calls for comment. When questioned by The Post on Thursday about cyberattacks on media organizations, China’s Defense Ministry said, “The Chinese military has never supported any hack attacks. Cyberattacks have transnational and anonymous characteristics. It is unprofessional and groundless to accuse the Chinese military of launching cyberattacks without any conclusive evidence.”
The cyberattack targeted The Post’s main information technology server and several other computers, said people familiar with the incident who spoke on the condition of anonymity to describe details the company did not release publicly.
These people said that sensitive administrative passwords likely were compromised, giving hackers potentially wide-ranging access to The Post’s systems before the computers were taken offline and enhanced monitoring was put in place to prevent a recurrence. It was not clear what information, if any, was stolen by the hackers.
The intruders gained access as early as 2008 or 2009, according to these accounts. In 2011, Mandiant neutralized the malicious software, which had been sending a signal to an Internet command-and-control server associated with a Chinese hacking group.
This description tracks in general terms with one posted Friday on the blog “Krebs on Security,” authored by former Washington Post reporter Brian Krebs. He quoted an unidentified former information technology employee at the company.
Krebs’s report included the assertion that The Post turned over one of its servers to the National Security Agency and the Defense Department for analysis. That would be an unusual step for a news organization that traditionally has carefully guarded the security of its e-mail and other information from government intrusion.