[ISN] China prevented repeat cyber attack on US

From: InfoSec News (isnat_private)
Date: Tue Oct 29 2002 - 22:59:32 PST

  • Next message: InfoSec News: "[ISN] Securing the cloud"

    Forwarded from: William Knowles <wkat_private>
    By Pamela Hess
    UPI Pentagon Correspondent
    From the International Desk
    Published 10/29/2002 
    NASHVILLE, Oct. 29 (UPI) -- The Defense Department was braced for a
    new onslaught of cyber attacks from Chinese hackers in May 2002 but
    they never materialized: the Chinese government asked private hackers
    not to repeat the 2001 defacement of U.S. government Web sites, a top
    Defense Department official said Tuesday.
    "We expected another series of attacks from Chinese hackers, but
    actually the government of China asked them not to do that," said Air
    Force Maj. Gen. John Bradley, deputy commander of the Pentagon's Joint
    Task Force on Computer Network Operations, at an electronic warfare
    conference Tuesday.
    "I wouldn't call it state-sponsored, but state-controlled, I guess,"  
    he said at the Annual Association of Old Crows conference being held
    in Nashville.
    The original hacking war took place in April and May 2001. It
    coinciding with the second anniversary of the U.S. bombing of the
    Chinese Embassy in Belgrade, and marked the collision of a U.S.  
    surveillance plane and a Chinese fighter. The Chinese pilot was killed
    in the collision. The U.S. plane and its crew were held on Hainan
    Island for 11 days.
    The hackers attacked a handful of government sites last year,
    emblazoning the Web pages with a Chinese flag. No serious damage was
    reported but Web sites were disabled for a period of time. The concern
    was serious enough that the FBI's National Infrastructure Protection
    Center put out an official warning.
    Denial of service attacks on Web sites and networks, primarily through
    viruses, is one of the most vexing problems faced by the Defense
    Department. It uses the publicly available Internet to manage its
    deployment, logistics, medical and personnel system.
    "We couldn't wage war without using the Internet," Bradley said.
    However, 85 percent of the successful infiltrations and attacks on
    these unclassified military computer networks are preventable with
    available patches and proper security procedures but system
    administrators do not use them. Every time a new computer is unpacked
    and plugged in to the Pentagon's network without patches installed --
    an apparently frequent occurrence -- the entire network is exposed to
    that one computer's vulnerabilities.
    "We are our own worst enemy," said Bradley. "The Defense Department is
    more vulnerable than anyone in the world."
    Through September 2002 there have been 32,465 attempts on the network
    by hackers, about 110 a day. Bradley did not say how many were
    successful. But of those that were "99 percent would have been very
    easily prevented."
    Roughly 200 new viruses are spawned each month, each of which requires
    a unique patch or firewall.
    More than a third of the successful attempts by hackers exploit
    vulnerabilities already directed to be fixed by Bradley's
    organization. Actually doing the work falls to low-level system
    This is nothing new. The infamous Solar Sunrise attack of 1998 which
    compromised information on thousands of Defense Department computers
    at a time when the Pentagon was preparing for a possible strike in
    Iraq exploited a vulnerability discovered and warned about by the
    Pentagon two months before the attack took place.
    Another third of the successful attempts are attributed to poor
    security practices -- like using "password" as a password.
    "These are just stupid mistakes that are easily avoided," Bradley
    Nevertheless, computer network security has dramatically improved
    since the Solar Sunrise wake up call. There is now 24-hour-a-day
    monitoring of computer networks to detect illicit activity and
    automated intrusion detection devices in place.
    "By and large I'd call it highly successful," Bradley said. "We've not
    been shut down very often or damaged too badly."
    The Joint Task Force for Computer Network Operations is responsible
    not just for the daunting work of securing the vast network but also
    for the still evolving and highly classified area of computer network
    At its simplest, computer network attack would be government
    sanctioned hacking -- an attempt to deny an enemy use of is own
    computer networks in wartime, to change critical information, or to
    trick him into thinking they were working when they are not.
    "The attacks could be extremely precise. We have a wide range of
    capabilities but there are very, very tight controls on this," Bradley
    Only the president of the defense secretary can authorize a computer
    network attack, according to the policies now being crafted.
    The potential for network attacks as a "precision weapon" is high but
    has not yet seen the light of day. There is not even a network attack
    cadre set up yet, according to Air Force Deputy Director for
    Information Warfare Col. Chris "Bulldog" Glaze.
    Progress toward that end is moving quickly, however.
    "I've got to tell you we spend more time on the computer network
    attack business than we do on computer network defense because so many
    people at very high levels are interested in developing the policy for
    it," Bradley said.
    The Pentagon is moving cautiously, aware of the potential for
    collateral damage to the world's computer networks and economy.
    "Any kind of attack we will have to know a great amount of detail
    about the systems being used," he said. "It's a very challenging new
    mission area for a us ... Many are very wary because its so new.
    "We haven't see what the consequences are, what the collateral damage
    is. These are precision munitions of the non-kinetic kind," Bradley
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Oct 30 2002 - 01:23:35 PST