While news organizations have long known their China-based correspondents are spied upon at times, outlines of a far-larger global campaign targeting news organizations that report on China are now emerging, cybersecurity experts told the Monitor. It is part of a massive effort identified since about 2007 that these experts call the "advanced persistent threat."
That label once referred to unknown cyberhackers invading a corporate network, creating digital backdoors, and spending months or years sending intellectual property data – like oil bid data and pharmaceutical formulas – back through the Internet to points unknown. But now the "A.P.T." is seen in the cybersecurity industry as a mere shorthand for "getting hacked by the Chinese."
"We have data that to me makes it definitely clear that there's a pattern here – hacks on industry, activists, government – and journalists around the world," says Joe Stewart, a cybersecurity expert with Dell Secureworks who has tracked cyberespionage attacks, including a number against news organizations, back to Internet addresses in China.
In late 2011 and early 2012, he says, cyberintruders whose digital signatures he tracked back to China invaded newspapers in Vietnam and Japan. In those cases, he said, he attempted to contact the news organizations to let them know – successfully in the case of the Japanese newspaper.
In August 2011, the Associated Press was reported to be among 72 companies and government agencies targeted in a broad-based global cyberespionage campaign identified by McAfee, the cybersecurity company. McAfee, which dubbed the China-based campaign "ShadyRAT," did not identify the AP by name in its report.