[ISN] Computer System Under Attack

From: InfoSec News (alerts@private)
Date: Thu Oct 05 2006 - 23:31:16 PDT


http://www.washingtonpost.com/wp-dyn/content/article/2006/10/05/AR2006100501781.html

By Alan Sipress
Washington Post Staff Writer
Friday, October 6, 2006; A21

Hackers operating through Chinese Internet servers have launched a 
debilitating attack on the computer system of a sensitive Commerce 
Department bureau, forcing it to replace hundreds of workstations and 
block employees from regular use of the Internet for more than a month, 
Commerce officials said yesterday.

The attack targeted the computers of the Bureau of Industry and 
Security, which is responsible for controlling U.S. exports of 
commodities, software and technology having both commercial and military 
uses. The bureau has stepped up its activity in regulating trade with 
China in recent years as the United States increased its exports of such 
dual-use items to the growing Chinese market.

This marked the second time in recent months that U.S. officials 
confirmed that a major attack traced to China had succeeded in 
penetrating government computers.

"Through established security procedures, BIS discovered a targeted 
effort to gain access to BIS user accounts," said Commerce Department 
spokesman Richard Mills. "We have no evidence that BIS data has been 
lost or compromised."

The significance of the attacks was underscored in a series of e-mails 
sent to BIS employees by acting Undersecretary of Commerce Mark Foulon 
since July, informing them of "a number of serious threats to the 
integrity of our systems and data." In an August e-mail, Foulon reported 
that the bureau had "identified several successful attempts to attack 
unattended BIS workstations during the overnight hours." Then, early 
last month, he wrote: "It has become clear that Internet access in 
itself is a vulnerability that we cannot mitigate. We have tried 
incremental steps and they have proven insufficient."

A source familiar with the security breach said the hackers had 
penetrated the computers with a "rootkit" program, a stealthy form of 
software that allows attackers to mask their presence and then gain 
privileged access to the computer system. The attacks were traced to Web 
sites registered on Chinese Internet service providers, Commerce 
officials said. "We determined they were owned by the Chinese," a senior 
Commerce official said. He did not say who in China was responsible or 
whether officials had even been able to identify the culprits. Although 
bureau employees were informed of the problem in July, commerce 
officials declined to say when the attacks were discovered and how long 
they had been going on. Only over time did bureau officials realize the 
extent of the damage from the breach.

"The more we learned, the more we did," the senior official said.

Since Sept. 1, the bureau has blocked employees from accessing the 
Internet from their own computers. Instead, several separate computers 
unconnected to the BIS computer network have been set up so employees 
can try to continue carrying out their duties.

Commerce officials have also decided they cannot salvage the 
workstations that employees had been using and instead will build an 
entirely new system for the bureau in the coming months with "clean 
hardware and clean software," the senior official said. Foulon told 
employees in late August that they hoped to replace all the bureau's 
workstations within three months.

The official acknowledged that some of the emergency measures have made 
it more difficult for the bureau to communicate with other government 
agencies and the public, including companies that turn to BIS for export 
licenses.

In July, the State Department confirmed that hackers in China had broken 
into its computers in Washington and overseas. Last year, U.S. officials 
reported that the Defense Department and other U.S. agencies were under 
relentless attack from unidentified computers in China.

China has long been a focus of high-level attention at BIS and was the 
destination for the largest number of licenses approved by the bureau in 
2004, according to the bureau's most recent annual report. In weighing 
applications for licenses, bureau officials seek to protect U.S. 
national security interests without hamstringing legitimate commercial 
trade.

Commerce officials recently reported that they had taken significant 
steps to enhance computer security at the department, both by deploying 
new software and improving the management of the system.

These steps came after the General Accounting Office (since renamed the 
Government Accountability Office) issued a scathing report five years 
ago, which concluded that "significant and pervasive computer security 
weaknesses place Department of Commerce systems at risk." The report 
found that outsiders could gain unauthorized access to the computer 
system and access confidential data. "Intruders could disrupt the 
operations of systems that are critical to the mission of the 
department," the report found.

Copyright 2006 The Washington Post Company


_________________________________
Donate online for the Ron Santo Walk to Cure Diabetes!
http://www.c4i.org/ethan.html



This archive was generated by hypermail 2.1.3 : Thu Oct 05 2006 - 23:50:20 PDT