RealTime IT News

China Sites Said Behind U.S. Network Attacks

Perpetrators are using Web sites in China to breach computer networks in the Department of Defense (DoD) and other U.S. agencies, according to U.S. officials.

While classified systems have not yet been breached, officials are concerned because bits of information pieced together can provide an enemy with useful windows into the U.S. government's methods, U.S. officials told the Washington Post.

Government officials characterized the scope of the hacks, which have been occurring for the last few years, as "surprisingly big," according to the Post. The perpetrators are also trying to hack into the State, Energy and Homeland Security departments.

Officials at the Pentagon are reportedly torn about whether the attacks are the result of a Chinese government campaign to spy on government databases, or the work of other hackers using Chinese networks to cloak the origins of the attacks.

A DoD official confirmed attacks on the agency's systems, but declined to say where intrusions come from because it could "reveal capabilities, tactics, tools, and strategies we use to identify them."

"DoD systems are regularly probed -- breaches of our networks are taken seriously and addressed," the official said. "We work closely with law enforcement agencies and the intelligence community to investigate -- and prosecute whenever possible -- malicious intrusions."

Computer-based attacks on the U.S. government are indeed nothing new. But at least one analyst questioned the motive and direction of the attacks, which investigators have code-named Titan Rain.

John Pescatore, who covers computer security issues for researcher Gartner, cautioned against assuming the attacks were targeted at the Defense Department.

The analyst said the DoD, like many government agencies, has a spotty track record in determining whether or not attacks are targeted at the agency, or if the attacks affect the whole world.

"They don't participate in information sharing, so it's hard for them to know," Pescatore said. "Was this just targeting our government sites, or something coming out of China or Eastern Europe or Canada that spreads around the world?"

"They've gotten dinged on this for several years now. The DoD is sort of like three separate countries: Air Force, Navy, Army... If they were being targeted, it would be hard for them to tell because they're not sharing information amongst themselves."

"How do you tell whether something's attacking the country, or just one of these random things that's attacking everyone?" Pescatore continued.

To illustrate his point, Pescatore pointed to a hack on the U.S. Air Force earlier this week, when an online intruder made off with personal data on approximately half of the U.S. Air Force's 70,000 officers.

The information stolen includes birth dates and Social Security numbers on about 33,000 officers, military officials confirmed Friday.

"My bet is that it wasn't anyone targeting the government. It was identity thieves going after identity information that happens to be from the government," Pescatore said.

There is a flipside to the coin. Other countries believe U.S. universities are targeting their computer networks because their machine logs show the .edu designation when they pinpoint an attack source.

"It's really just that the college machines were broken into and used as botnet points," he said. Botnet is the term for a series of software robots which run autonomously and are often used to hack into computers.