Cyber officials: Chinese hackers attack 'anything and everything'
By Josh Rogin
Published on February 13, 2007
NORFOLK, Va. -- At the Naval Network Warfare Command here, U.S. cyber defenders track and investigate hundreds of suspicious events each day. But the predominant threat comes from Chinese hackers, who are constantly waging all-out warfare against Defense Department networks, Netwarcom officials said.
Attacks coming from China, probably with government support, far outstrip other attackers in terms of volume, proficiency and sophistication, said a senior Netwarcom official, who spoke to reporters on background Feb 12. The conflict has reached the level of a campaign-style, force-on-force engagement, he said.
“They will exploit anything and everything,” the senior official said, referring to the Chinese hackers’ strategy. And although it is impossible to confirm the involvement of China’s government, the attacks are so deliberate, “it’s hard to believe it’s not government-driven,” the official said.
The motives of Chinese hackers run the gamut, including technology theft, intelligence gathering, exfiltration, research on DOD operations and the creation of dormant presences in DOD networks for future action, the official said.
A recent Chinese military white paper states that China plans to be able to win an “informationized war” by the middle of this century. Overall, China seeks a position of power to ensure its freedom of action in international affairs and the ability to influence the global economy, the senior official said.
Chinese hackers were responsible for an intrusion in November 2006 that disabled the Naval War College’s network, forcing the college to shut down its e-mail and computer systems for several weeks, the official said. Forensic analysis showed that the Chinese were seeking information on war games in development at NWC, the official said.
NWC was vulnerable because it was not part of the Navy Marine Corps Intranet and did not have the latest security protections, the official explained. He said this was indicative of the Chinese strategy to focus on weak points in the network.
China has also been using spear phishing, sending deceptive mass e-mail messages to lure DOD users into clicking on a malicious URL, the official said. China is also using more traditional hacking methods, such as Trojan horse viruses and worms, but in innovative ways.
For example, a hacker will plant a virus as a distraction and then come in “slow and low” to hide in a system while the monitors are distracted. Hackers will also use coordinated, multipronged attacks, the official added.
Chinese hackers gained notoriety in the United States when a series of devastating intrusions, beginning in 2003, was traced to a team of researchers in Guangdong Province. The program, which DOD called Titan Rain, was first reported by Federal Computer Week in August 2005. Following that incident, DOD renamed the program and then classified the new name.
|
Digg
De.licio.us
Slashdot
Technorati
