[tetrad]

The executive editor of the Times says “Computer security experts found no evidence that sensitive e-mails or files from the reporting of our articles about the Wen family were accessed, downloaded or copied"... but referring to their forensics they say that the attackers "search[ed] for and grab[bed] Mr. Barboza’s and Mr. Yardley’s e-mails and documents from a Times e-mail server" after cracking their password hashes.

So which is it? Did they download gigs and gigs of mail, but not the ones they were looking for? Or is "found no evidence" doublespeak for "we're pretty sure they got what they were looking for, but the logs had already rolled over on that system, so we have no evidence that they did". Based on the rough timeline presented, this was after they were known, so it may have been their honey-pot server, but the tone of the article suggests that they were not honey-potting them and simply monitoring their progress as they slowly stomped their way through their live network. This begs the question... if they were really monitoring the attackers for months, including watching them grab Barboza and Yardley's e-mails, what are we to make of the PR statement that no relevant or sensitive e-mails were obtained?