Posted on 02/17/2007 10:45:50 PM PST by Windcatcher
NORFOLK, Va. -- At the Naval Network Warfare Command here, U.S. cyber defenders track and investigate hundreds of suspicious events each day. But the predominant threat comes from Chinese hackers, who are constantly waging all-out warfare against Defense Department networks, Netwarcom officials said.
Attacks coming from China, probably with government support, far outstrip other attackers in terms of volume, proficiency and sophistication, said a senior Netwarcom official, who spoke to reporters on background Feb 12. The conflict has reached the level of a campaign-style, force-on-force engagement, he said.
They will exploit anything and everything, the senior official said, referring to the Chinese hackers strategy. And although it is impossible to confirm the involvement of Chinas government, the attacks are so deliberate, its hard to believe its not government-driven, the official said.
The motives of Chinese hackers run the gamut, including technology theft, intelligence gathering, exfiltration, research on DOD operations and the creation of dormant presences in DOD networks for future action, the official said.
A recent Chinese military white paper states that China plans to be able to win an informationized war by the middle of this century. Overall, China seeks a position of power to ensure its freedom of action in international affairs and the ability to influence the global economy, the senior official said.
Chinese hackers were responsible for an intrusion in November 2006 that disabled the Naval War Colleges network, forcing the college to shut down its e-mail and computer systems for several weeks, the official said. Forensic analysis showed that the Chinese were seeking information on war games in development at NWC, the official said.
NWC was vulnerable because it was not part of the Navy Marine Corps Intranet and did not have the latest security protections, the official explained. He said this was indicative of the Chinese strategy to focus on weak points in the network.
China has also been using spear phishing, sending deceptive mass e-mail messages to lure DOD users into clicking on a malicious URL, the official said. China is also using more traditional hacking methods, such as Trojan horse viruses and worms, but in innovative ways.
For example, a hacker will plant a virus as a distraction and then come in slow and low to hide in a system while the monitors are distracted. Hackers will also use coordinated, multipronged attacks, the official added.
Chinese hackers gained notoriety in the United States when a series of devastating intrusions, beginning in 2003, was traced to a team of researchers in Guangdong Province. The program, which DOD called Titan Rain, was first reported by Federal Computer Week in August 2005. Following that incident, DOD renamed the program and then classified the new name.
That particular set of hackers is still active, the Netwarcom official said. He would not confirm whether the Titan Rain group was linked to the NWC attack or any other recent high-profile intrusions.
Other senior military officials have spoken out recently on U.S. cyber strategy, saying the country urgently needs to develop new policies and procedures for fighting in the cyber domain.
Current U.S. cyber warfare strategy is dysfunctional, said Gen. James Cartwright, commander of the Strategic Command (Stratcom), in a speech at the Air Warfare Symposium in Orlando, Fla., last week. Offensive, defensive and reconnaissance efforts among U.S. cyber forces are incompatible and dont communicate with one another, resulting in a disjointed effort, Cartwright said.
Gen. Ronald Keys, commander of Air Combat Command, told reporters at the conference that current policies prevent the United States from pursuing cyberthreats based in foreign countries. Technology has outpaced policy in cyberspace, he said.
The United States should take more aggressive measures against foreign hackers and Web sites that help others attack government systems, Keys said. It may take a cyber version of the 2001 terrorist attacks for the country to realize it must re-examine its approach to cyber warfare, he added.
Netwarcom officials described their approach as an active defense, in which monitors build defenses around the perimeter of DOD systems, work to mitigate the effects of attacks and restore damaged parts of the network.
Meanwhile, the consolidation of DODs cyber resources is ongoing. Netwarcom works directly with the Joint Task Force for Global Network Operations, DODs lead agency on network defense and operations, a component of Stratcom.
Netwarcom, the Navys lead cyber agency, is moving from monitoring the networks to full command-and-control capabilities. The Air Force announced in October 2006 that it will create a Cyber Command, based on the infrastructure of the 8th Air Force under Lt. Gen. Robert Elder, at Barksdale Air Force Base, La., to coordinate its cyber warfare efforts.
In the end, the cyberthreat is revolutionary, officials said, because it has no battle lines, the intelligence is intangible, and attacks come without warning, leaving no time to prepare defenses. Education and training of computer users, not enforcement, are the most effective defense measures, officials said.
Look for Part III in the series, on China, tomorrow morning.
Cheers!
It's actually good for us to have these kind of attacks going on. Teaches us to better defend our networks and keeps the DoD's cowboys well-trained and on their toes.
You would think we would create a private web for some of the vulnerable systems. That way users would have to be part of the system. I'm no expert....it's just a thought.
Well, yeah. As long as they aren't sucessful.
I would suggest sending 50 container ships back to China with their cargo everytime they attempt to hack into our computers.
And that too.
Absolutely. Better now than after the shooting starts.
I'll show this to my "smart guy"
I guess I'm not too worried about that. I can't imagine that the DoD keeps anything too valuable attached to a computer network.
So the Chinese are just wasting their time?
Political sites are also probed and copied in Chinese attacks. Then the Chinese use the political information to complain against our USA at UN meetings. I've monitored such attacks in the past. Chinese techs. also use bots (spiders, crawlers,...) to gather e-mail addresses, then spam them.
Those efforts, IMO, are mostly for the purpose of pushing US political site admins. to block Chinese zones for the purpose of walling our part of the Net from Chinese civilians. I encourage civilian admins. here to keep those IP zones (first octets) open. Our US Defense and other sensitive facility admins., though, should probably block them.
*BUMP*!
Ping. You probably already knew this.
The sensitive ones are already on complete, separate secure networks. No connection to the Internet whatsoever. Still not immune from inside attack but at least the intruder will have to be someone you know and can lay hands on as opposed to a PRC-financed, directed, and supervised cell in China.
What we are dealing with in these hacking attacks are Defense Department networks that have been deliberately provided access to the Internet for all of the convenience it provides. By doing this, the government doesnot have to duplicate all of the communication infrastructure that already exists in the Internet. In addition, there is a lot of open source material on the Internet that the government wants easy access to. In a way, it is sort of like connecting to the public telephone system or using wireless networks. They are open systems anyone, including those with malicious intent, can connect to. Protection against these types of intrusion comes from the security measures you adopt at the threshold of your computer/network-to-Internet connection point and the layers of defense you put up around the more sensitive parts of your system and the data stored on it.
Unfortunately, most of the government is wedded (welded might be a better term) to the Microsoft family of operating systems and the applications based on it. This is a fork in the government computing and network deployment road taken nearly 25 years ago. Like it or not, until the government concludes it really needs something better and someone will build it for them, the compelling massiveness of the government's use of Microsoft's systems is going to dictate its use by a lot of commercial companies and private users (including yours truly). In the mean time, it will continue to provide a lot of opportunity for hacking attacks due to the numerous and severe flaws in its security.
(At this point, I invite the Apple users to remind us, ONE MORE TIME, of the vastly superior security of the Apple family of operating systems. Right after that, they can explain why Apple computers have to continue to cost so much more than PCs. (Outside of pure greed, that is.))
Would sending these hackers a 10 terabyte message filled with gibberish slow their computers and hacking efforts down?
The really frustrating thing about this is that most of these PLA hackers were trained in computer science/engineering programs in American universities under international student exchange programs during the Clinton years. Now, these American-trained ChiCom hackers are in the PLA and are turning their training against us in cyberspace.
I'm struck by the fact that attempting to hack into Chinese servers would land someone in jail here, yet they are apparently free to wage their undeclared war on us without the slightest peep from our government. We still sleepily buy their goods, enriching their war machine which is day by day attempting to catch up to us (and they know how much they have to catch up because of the information they're stealing). And yet we just keep enriching them, while it's as clear as day that these people mean us harm.And we allow them to come over here and attend our colleges, then take the technology and science they've learned back to China. In my opinion, there ought to be an acceptable level of "cyber behavior" that every country that wants to be on the Internet must meet. Failure to have and enforce adequate laws against this sort of activity (or outright sponsoring of it) should result in immediate disconnection of your connections to the rest of the world.
Probably not.
That would be a form of denial of service attack and the countermove is just to stop receiving packets from your Internet address (which is part of each packet). Not to mention, I think it is a federal crime to launch such an attack from US soil.
Probable outcomes:
- Jam your own computer (do you realize how long it would take to SEND a 10 terabyte message? If my math is correct, at say, 1MB/s, it's 10 million seconds or about 115 days!),
- Really, really annoy your ISP, and, lastly,
- Get a visit from the Feds.
From some classes and discussions I have had over the years with Internet security people dealing with these issues, you get the feeling we (the US government and specifically, DoD) are gaining valuable insight into enemy operations by letting these attacks occur, learning how to recognize their onset and defeat/mitigate them, and making US systems more secure against attack from any quarter by making the general on-line population improve their security practices. (Remember, whose fault is it if you or your organization has poor information assurance and data security/recovery practices? Clue: not the attackers.)
Personally, I'd say it is the Chinese who need to worry about what we will do to them if a cyberwar comes. Just how competent are they to defend against continuing attacks on the same scale, magnitude, and sophistication as the attacks we are now having to routinely deal with? Not to mention dealing with all the stuff we are cooking up on our own. They are showing us their approaches, techniques and tactics, I doubt we are showing them much of ours.
But, I could be wrong. Time will tell.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.