Posted on 01/18/2008 4:41:50 PM PST by JACKRUSSELL
An aggressive, non-stop campaign by China to penetrate key government and industry databases in the United States already has succeeded and the United States urgently needs to monitor all internet traffic to critical government and private-sector networks “to find the enemy within,” SANS Institute Director of Research Alan Paller told SCMagazineUS.com.
“They are already in and we have to find them,” Paller said.
Paller said that empirical evidence analyzed by researchers leaves little doubt that the Chinese government has mounted a non-stop, well-financed attack to breach key national security and industry databases, adding that it is likely that this effort is making use of personnel provided by China's People's Liberation Army.
The “smoking guns” pointing to a government-directed effort are keystroke logs of the attacks, which have been devoid of errors usually found in amateur hack attacks, the use of spear phishing to gain entry into computer networks, and the massively repetitive nature of the assault, the SANS research director said.
“This is not amateur hacking. They are going back to the same places 100 times a day, every day. This kind of an effort requires a massive amount of money and resources,” Paller told SCMagazineUS.com.
Paller said that monitoring all internet traffic – including email – to government and private-sector networks is necessary in order to pinpoint breaches and, ultimately, to prevent cyberspies from extracting critical data. The traffic must be carefully analyzed to detect “micro-patterns” that reveal breaches, he said.
“We have to find the needle in the haystack,” he said.
SANS earlier this week placed espionage from China and other nations near the top of its annual list of cybersecurity menaces, reporting that targeted spear phishing is the weapon of choice used in the assault on U.S. databases and those of its allies.
“They are using spear phishing because it is so effective, and it is the least difficult technique [of gaining entry]” Paller said. “They can target anyone within an organization who has a computer. Once they get in, they can go everywhere.”
In November, President Bush requested $154 million in funding for what is expected to be a seven-year, multibillion-dollar program to track cyberthreats on government and private networks. The proposed countermeasures include the reduction of access points between government computers and the internet from a current level of 2,000 to 50, and the assignment of up to 2,000 DHS and NSA security experts to full-time monitoring of critical infrastructure networks to prevent unauthorized instrusion.
Key members of Congressional oversight committees have complained that they have not been fully briefed on the proposal and they have raised concerns about the potential infringement on privacy.
According to SANS' research director, the monitoring envisioned by the government's cybersecurity plan can be implemented without trampling on privacy rights as long as procedures are in place to ensure that it is the traffic itself, rather than the contents of email messages, that is being monitored.
“Monitoring email traffic is not the same thing as reading everyone's email,” Paller said.
The scope of the cybersecurity problem was underlined this week in a profile of U.S. Director of National Intelligence (DNI) Mike McConnell published this week in the New Yorker magazine.
The New Yorker article reported that the Defense Department currently is detecting about three million unauthorized probes on its computer networks every day, while the State Department fends off two million probes daily.
These probes often turn into full-scale attacks, the magazine reported, such as the assault last year on the Pentagon that required 1,500 computers to be taken offline. American allies also have been targeted: In May, the German government blamed the Chinese military after it discovered a spyware program had been planted inside government computers in several key ministries. Chinese officials called the accusation “preposterous.”
McConnell has made information security a top priority for the myriad intelligence agencies he oversees, including the NSA, CIA and the Pentagon's intelligence arm.
The DNI said that Chinese computer attacks have intensified in recent months, while hacking activity emanating from Russia has remained at Cold War levels. Ed Giorgio, a security consultant who worked at the NSA under McConnell, told the New Yorker that China now has 40,000 hackers collecting intelligence off U.S. information systems and those of U.S. allies.
As intense as the assault on U.S. intelligence networks appears to be, cyberespionage directed by foreign governments against U.S. companies is an even bigger problem, McConnell said. “The real question is what to do about industry. Ninety-five percent of this is a private-sector problem,” he told the New Yorker.
The SANS Institute's annual listing of top 10 cyber menaces reported that China and other nations last year had engineered “massive penetration” of U.S. federal agencies and defense contractors, stealing terabytes of data. The institue said that these attacks are expected to intensify this year.
“In 2008, despite intense scrutiny, these nation-state attacks will expand,” SANS warned. “More targets and increased sophistication will mean many successes for attackers. Economic espionage will be increasingly common as nation-states use cybertheft of data to gain economic advantage in multinational deals.”
SANS said the “attack of choice” by foreign cyberwarriors is a form of targeted spear phishing using attachments and well-researched social engineering methods to make the victim believe that an attachment comes from a trusted source. SANS also said overseas hackers are making use of newly discovered Microsoft Office vulnerabilities and hiding their techniques to circumvent virus checking.
McAfee's Avert Labs, in its McAfee Virtual Criminology Report, predicted that the rise in international cyber spying will pose the number one security threat in 2008.
Screw china. People that vote for that screw us.
They are too fat and slow to stop this certain death by 100,000 cuts.
They are more interested in administering social programs and maintaining voting blocs than protecting the country. The best and brightest are driven out while Affirmative Action applicants and Politically Correct appointees are given free reign. Incompetence is the S.O.P. in this P.O.S. government culture.
You want to do something? You want to fight those our government won't? You will! You will be FORCED to do something, if you are alive, after the smoke from the first strike clears. You will have plenty of time to be heroes and tribal Chieftans and warriors of the wasteland then...for now, I say all we can do is prepare. Stock up! The shit storm approaches. Hint: Start with currency. Whether it is gold, silver or your liberal neighbor's teenage daughter...You will need currency in this Brave New World...
Sorry, but I’m not for screwing 300 million Americans out of opportunity just because we have weak leaders and negotiators.
Even if we hadn’t given them MFN, we would still be buying “Made in China” crap. It just would’ve been sold to us through another free trade Country...at a higher price.
Fred and FAIR Trade is a fight I’m up for, I’m not a defeatist. I know we can beat them.
Thank you very much.
All you free traitors, this is the price we pay..
“Even if we hadn’t given them MFN, we would still be buying “Made in China” crap. It just would’ve been sold to us through another free trade Country...at a higher price.”
I’m not going to respond with what I think.
At the least it proves that insufferable arrogance and smugness about our presumably invincible national security technology advantage is epidemic in both parties....
The U.S. is truly finished as a country anyways. China is only helping to speed up the process of destroying the U.S. as a country while leftist politicians in the U.S. take care of the rest.
Seems unlikely that President Romney or McCain would do anything. Romney has his hands dirty with complicity... Bain Financial and Huwai Technology....and McCain would regard it as "torture" or some other damn weasel evasion.
SANS is what?
SANS (System Administration, Networking, and Security) Institute.
Organization with focus on network security. Founded in 1989.Homepage: http://www.sans.org/
Thank you. That is a troubling report.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.