China Sites Said Behind U.S. Network Attacks


Perpetrators are using Web sites in China to breach computer networks in the
Department of Defense (DoD) and other U.S. agencies, according to U.S.
officials.


While classified systems have not yet been breached, officials are concerned
because bits of information pieced together can provide an enemy with useful
windows into the U.S. government’s methods, U.S. officials told the
Washington Post.


Government officials characterized the scope of
the hacks, which have been occurring for the last few years, as
“surprisingly big,” according to the Post. The perpetrators are also trying to hack into the State, Energy and Homeland Security departments.


Officials at the Pentagon are reportedly torn about whether the attacks are
the result of a Chinese government campaign to spy on government databases,
or the work of other hackers using Chinese networks to cloak the origins of
the attacks.


A DoD official confirmed attacks on the agency’s systems, but declined to say where intrusions come from because it could “reveal capabilities, tactics, tools, and strategies we use to identify them.”


“DoD systems are regularly probed — breaches of our networks are taken seriously and addressed,” the official said. “We work closely with law enforcement agencies and the intelligence community to investigate — and prosecute whenever possible — malicious intrusions.”


Computer-based attacks on the U.S. government are indeed nothing new. But at least one analyst questioned the motive and direction of the attacks, which investigators have code-named Titan Rain.


John Pescatore, who covers computer security issues for researcher Gartner,
cautioned against assuming the attacks were targeted at the Defense
Department.


The analyst said the DoD, like many government agencies, has a spotty track
record in determining whether or not attacks are targeted at the agency, or
if the attacks affect the whole world.


“They don’t participate in information sharing, so it’s hard for them to
know,” Pescatore said. “Was this just targeting our government sites, or
something coming out of China or Eastern Europe or Canada that spreads
around the world?”


“They’ve gotten dinged on this for several years now. The DoD is sort of
like three separate countries: Air Force, Navy, Army… If they were being
targeted, it would be hard for them to tell because they’re not sharing
information amongst themselves.”


“How do you tell whether something’s attacking the country, or just one of
these random things that’s attacking everyone?” Pescatore continued.


To illustrate his point, Pescatore pointed to a hack on the U.S. Air Force
earlier this week, when an online intruder made off
with personal data on approximately half of the U.S. Air Force’s 70,000
officers.


The information stolen includes birth dates and Social Security numbers on
about 33,000 officers, military officials confirmed Friday.


“My bet is that it wasn’t anyone targeting the government. It was identity
thieves going after identity information that happens to be from the
government,” Pescatore said.


There is a flipside to the coin. Other countries believe U.S. universities
are targeting their computer networks because their machine logs show the
.edu designation when they pinpoint an attack source.


“It’s really just that the college machines were broken into and used as
botnet points,” he said. Botnet is the term for a series of software robots
which run autonomously and are often used to hack into computers.

News Around the Web