[ISN] Hackers' Chinese Staging Ground

From: InfoSec News (isn@private)
Date: Thu Aug 25 2005 - 03:43:29 PDT


http://www.washingtonpost.com/wp-dyn/content/article/2005/08/24/AR2005082402318.html

By Bradley Graham
Washington Post Staff Writer
August 25, 2005

Web sites in China are being used heavily to target computer networks
in the Defense Department and other U.S. agencies, successfully
breaching hundreds of unclassified networks, according to several U.S.  
officials.

Classified systems have not been compromised, the officials added. But
U.S. authorities remain concerned because, as one official said, even
seemingly innocuous information, when pulled together from various
sources, can yield useful intelligence to an adversary.

"The scope of this thing is surprisingly big," said one of four
government officials who spoke separately about the incidents, which
stretch back as far as two or three years and have been code-named
Titan Rain by U.S. investigators. All officials insisted on anonymity,
given the sensitivity of the matter.

Whether the attacks constitute a coordinated Chinese government
campaign to penetrate U.S. networks and spy on government databanks
has divided U.S. analysts. Some in the Pentagon are said to be
convinced of official Chinese involvement; others see the electronic
probing as the work of other hackers simply using Chinese networks to
disguise the origins of the attacks.

"It's not just the Defense Department but a wide variety of networks
that have been hit," including the departments of State, Energy and
Homeland Security as well as defense contractors, the official said.  
"This is an ongoing, organized attempt to siphon off information from
our unclassified systems."

Another official, however, cautioned against exaggerating the severity
of the intrusions. He said the attacks, while constituting "a large
volume," were "not the biggest thing going on out there."

Apart from acknowledging the existence of Titan Rain and providing a
sketchy account of its scope, the officials who were interviewed
declined to offer further details, citing legal and political
considerations and a desire to avoid giving any advantage to the
hackers. One official said the FBI has opened an investigation into
the incidents. The FBI declined to comment.

One official familiar with the investigation said it has not provided
definitive evidence of who is behind the attacks. "Is this an
orchestrated campaign by PRC or just a bunch of disconnected hackers?  
We just can't say at this point," the official said, referring to the
People's Republic of China.

With the threat of computer intrusions on the rise generally among
Internet users, U.S. government officials have made no secret that
their systems, like commercial and household ones, are subject to
attack. Because the Pentagon has more computers than any other agency
-- about 5 million worldwide -- it is the most exposed to foreign as
well as domestic hackers, the officials said.

Over the past few years, the Defense Department has taken steps to
better organize what had been a rather disjointed approach to cyber
security by individual branches of the armed forces. Last year,
responsibility for managing the Pentagon's computer networks was
assigned to the new Joint Task Force for Global Network Operations
under the U.S. Strategic Command.

"Like everybody connected to the Internet, we're seeing a huge spike"  
in outside scanning of Pentagon systems, said Lt. Col. Mike VanPutte,
vice director of operations at the task force. "That's really for two
reasons. One is, the tools are much simpler today. Anyone can download
an attack tool and target any block on the Internet. The second is,
the intrusion detection systems in place today," which are more
sophisticated and can identify more attacks.

Pentagon figures show that more attempts to scan Defense Department
systems come from China, which has 119 million Internet users, than
from any other country. VanPutte said this does not mean that China is
where all the probes start, only that it is "the last hop" before they
reach their targets.

He noted that China is a convenient "steppingstone" for hackers
because of the large number of computers there that can be
compromised. Also, tracing hackers who use Chinese networks is
complicated by the lack of cyber investigation agreements between
China and the United States, another task force official said.

The number of attempted intrusions from all sources identified by the
Pentagon last year totaled about 79,000, defense officials said, up
from about 54,000 in 2003. Of those, hackers succeeded in gaining
access to a Defense Department computer in about 1,300 cases. The vast
majority of these instances involved what VanPutte called "low risk"  
computers.

Concern about computer attacks from China comes amid heightened U.S.  
worry generally about Chinese military activities. Defense Secretary
Donald H. Rumsfeld warned in June that China's military spending
threatened the security balance in Asia, and the Pentagon's latest
annual report on Chinese military power, released last month,
described the ongoing modernization of Beijing's armed forces.

The report contained a separate section on development of computer
attack systems by China's military. It said the People's Liberation
Army (PLA) sees computer network operations as "critical to seize the
initiative" in establishing "electromagnetic dominance" early in a
conflict to increase effectiveness in battle.

"The PLA has likely established information warfare units to develop
viruses to attack enemy computer systems and networks, and tactics to
protect friendly computer systems and networks," the report said.

"The PLA has increased the role of CNO [computer network operations]
in its military exercises," the report added. "Although initial
training efforts focused on increasing the PLA's proficiency in
defensive measures, recent exercises have incorporated offensive
operations, primarily as first strikes against enemy networks."

The computer attacks from China have given added impetus to Pentagon
moves to adopt new detection software programs and improve training of
computer security specialists, several officials said.

"It's a constant game of staying one step ahead," one said.

Staff writer Dan Eggen contributed to this report.

© 2005 The Washington Post Company



_________________________________________
Attend ToorCon 
Sept 16-18th, 2005
Convention Center
San Diego, California
www.toorcon.org 



This archive was generated by hypermail 2.1.3 : Thu Aug 25 2005 - 03:59:43 PDT