Red Hackers Target US?

We've known about this for a while, but it is scary nonetheless. Whether it is a bunch of hippie hacksters protesting something by hacking the Pentagon or if it is a concerted effort by the Chinese to gain American secrets, it has to be stopped.

Hackers Attack Via Chinese Web Sites
U.S. Agencies' Networks Are Among Targets
By Bradley Graham
Washington Post Staff Writer
Thursday, August 25, 2005

Web sites in China are being used heavily to target computer networks in the Defense Department and other U.S. agencies, successfully breaching hundreds of unclassified networks, according to several U.S. officials.

Classified systems have not been compromised, the officials added. But U.S. authorities remain concerned because, as one official said, even seemingly innocuous information, when pulled together from various sources, can yield useful intelligence to an adversary.

"The scope of this thing is surprisingly big," said one of four government officials who spoke separately about the incidents, which stretch back as far as two or three years and have been code-named Titan Rain by U.S. investigators. All officials insisted on anonymity, given the sensitivity of the matter.

Whether the attacks constitute a coordinated Chinese government campaign to penetrate U.S. networks and spy on government databanks has divided U.S. analysts. Some in the Pentagon are said to be convinced of official Chinese involvement; others see the electronic probing as the work of other hackers simply using Chinese networks to disguise the origins of the attacks.

"It's not just the Defense Department but a wide variety of networks that have been hit," including the departments of State, Energy and Homeland Security as well as defense contractors, the official said. "This is an ongoing, organized attempt to siphon off information from our unclassified systems."

Another official, however, cautioned against exaggerating the severity of the intrusions. He said the attacks, while constituting "a large volume," were "not the biggest thing going on out there."

Apart from acknowledging the existence of Titan Rain and providing a sketchy account of its scope, the officials who were interviewed declined to offer further details, citing legal and political considerations and a desire to avoid giving any advantage to the hackers. One official said the FBI has opened an investigation into the incidents. The FBI declined to comment.

One official familiar with the investigation said it has not provided definitive evidence of who is behind the attacks. "Is this an orchestrated campaign by PRC or just a bunch of disconnected hackers? We just can't say at this point," the official said, referring to the People's Republic of China.

With the threat of computer intrusions on the rise generally among Internet users, U.S. government officials have made no secret that their systems, like commercial and household ones, are subject to attack. Because the Pentagon has more computers than any other agency -- about 5 million worldwide -- it is the most exposed to foreign as well as domestic hackers, the officials said.

The disturbing part to me is the willingness of the government to use commercial software to run sensitive systems. I had always just assumed that our secret info was stored on systems that were not only firewalled but physically disconnected from the Internet. And that beyond being physically secure that they utilized software that wasn't available to anyone and everyone. I certainly hope that the version of Windows running on Pentagon computers is a special version created by Microsoft just for the US Government and not the version I can hack in 2 minutes with free software.

Pentagon figures show that more attempts to scan Defense Department systems come from China, which has 119 million Internet users, than from any other country. VanPutte said this does not mean that China is where all the probes start, only that it is "the last hop" before they reach their targets.

He noted that China is a convenient "steppingstone" for hackers because of the large number of computers there that can be compromised. Also, tracing hackers who use Chinese networks is complicated by the lack of cyber investigation agreements between China and the United States, another task force official said.

The number of attempted intrusions from all sources identified by the Pentagon last year totaled about 79,000, defense officials said, up from about 54,000 in 2003. Of those, hackers succeeded in gaining access to a Defense Department computer in about 1,300 cases. The vast majority of these instances involved what VanPutte called "low risk" computers.

That isn't the point. The point is that they got in at all. I've done work for the government in the IT area. I know the laxidasical mentality that, when combined with the normal bureaucratic incomptetence, leads to simply astounding lapses in basic security protocols. Seriously. There are gas station companies I've done IT work for that have better information security than some government agencies.

Concern about computer attacks from China comes amid heightened U.S. worry generally about Chinese military activities. Defense Secretary Donald H. Rumsfeld warned in June that China's military spending threatened the security balance in Asia, and the Pentagon's latest annual report on Chinese military power, released last month, described the ongoing modernization of Beijing's armed forces.

The report contained a separate section on development of computer attack systems by China's military. It said the People's Liberation Army (PLA) sees computer network operations as "critical to seize the initiative" in establishing "electromagnetic dominance" early in a conflict to increase effectiveness in battle.

"The PLA has likely established information warfare units to develop viruses to attack enemy computer systems and networks, and tactics to protect friendly computer systems and networks," the report said.

"The PLA has increased the role of CNO [computer network operations] in its military exercises," the report added. "Although initial training efforts focused on increasing the PLA's proficiency in defensive measures, recent exercises have incorporated offensive operations, primarily as first strikes against enemy networks."

The computer attacks from China have given added impetus to Pentagon moves to adopt new detection software programs and improve training of computer security specialists, several officials said.

"It's a constant game of staying one step ahead," one said.

The notion that these attacks are just a loose grouping of disgruntled people in the hacker community is laughable to me and likly is to the Pentagon's infosys security folks. The attacks are coordinated, systematic, and thorough. Teenage hackers aren't typically interested in gleaning information unless there is profit to be made from it (i.e. credit card numbers). The type of information being stolen, such as mapping information, weather data, etc., much of which is publicly available, is not commercially valuable. On the other hand, it is vital information for an opponent. Furthermore, it gives them valuable information on how and where to compromise our systems rapidly in the opening hours of war.