[ISN] Chinese hackers seek U.S. access

From: InfoSec News (alerts@private)
Date: Sun Mar 11 2007 - 23:10:04 PST


By Jon Swartz

SAN FRANCISCO -- The cyberattack of a U.S. military computer system has 
deepened concern about cyberspying and the security of the Internet's 

Chinese hackers were most likely behind an intrusion in November that 
disabled the Naval War College's network, forcing it to disconnect from 
the Internet for several weeks, says Lt. Cmdr. Doug Gabos, a spokesman 
for the Navy Cyber Defense Operations Command in Norfolk, Va.

Forensic analysis indicates the hackers may have sought information on 
war games in development at the naval college, he said. The college was 
vulnerable because it did not have the latest security protections, 
Gabos said.

The November attack was part of an ongoing campaign by Chinese hackers 
to penetrate government computers. The attacks often come in the form of 
"spear phishing," scams where attackers craft e-mail messages that seem 
to originate from the recipient's organization in a ploy to gain 
unauthorized access to confidential data.

China is also using more traditional hacking methods, such as computer 
viruses and worms, but in sophisticated ways, says Alan Paller, director 
of the security research organization SANS Institute.

Hackers are directly breaking into military and government computers, 
and exploiting the side doors of private networks connected to them, 
Paller says.

The intrusions spotlight the soft underbelly in U.S. cybersecurity. They 
also underline the need for the federal government to develop policies 
that define responsibilities between the public and private sectors to 
fend off hackers and terrorists, say military officials and 
cybersecurity experts including Jody Westby, CEO of Global Cyber Risk.

The attacks also underscore flaws in Internet security and the 
difficulty in tracking bad guys, says Westby, a cybersecurity consultant 
in Washington. Such "Swiss cheese" holes, she says, not only compromise 
military and government networks but those of businesses and critical 

"The Internet was not designed for security, and there are 243 countries 
connected to the Internet," says Westby, who estimates 100 countries are 
planning infowar capabilities. "What's more, many countries don't have 
cybercrime laws."

Chinese hackers gained notoriety in the USA after a series of 
coordinated attacks on American computer systems at NASA and Sandia 
National Laboratories, dating to 2003, were traced to a team of 
researchers in Guangdong province. The program, called Titan Rain by the 
Defense Department, first became public in August 2005. The Defense 
Department has since retitled the program under a classified name.

The hackers are still active, but Gabos would not say if the intrusion 
at the Naval War College was linked to previous attacks.

China is aggressively improving its information warfare capabilities, 
according to a December 2006 Chinese military white paper. Its goal is 
to be "capable of winning informationized wars" by the mid-21st century.

The motives of Chinese hackers run the gamut from intelligence gathering 
to technology theft and the infiltration of defense networks for future 
action, cybersecurity experts say.

The intent of Chinese operatives is unclear, but most agree they are 
gathering information, says Peter Neumann, a scientist at SRI 
International, a non-profit research institute.

U.S. cyberwarfare strategy, meanwhile, is disjointed because 
organizations responsible for cyberoffense, such as the National 
Security Agency, and defense, such as the Naval Network Warfare Command, 
are not linked, Gen. James Cartwright, commander of the Strategic 
Command, said in a speech at the Air Warfare Symposium in Florida in 

The U.S. must take aggressive measures against foreign hackers and 
websites that help others attack government systems, Gen. Ronald Keys, 
commander of Air Combat Command, told reporters in Florida on Feb. 9.

"I think it's going to take an Internet 9/11, and we've had some pretty 
serious problems on the Internet" for the country to seriously 
re-examine its approach to cyberwarfare, he said, according to a 

Visit the InfoSec News Security Bookstore

This archive was generated by hypermail 2.1.3 : Sun Mar 11 2007 - 23:19:11 PST