.

Chinese Hackers Attack 'Anything and Everything'

<<

don

User avatar

Administrator
Administrator

Posts: 4259

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Sat Feb 17, 2007 4:11 pm

Chinese Hackers Attack 'Anything and Everything'

Interesting article by by Josh Rogin of fcw.com:

Published on Feb. 13, 2007 NORFOLK, Va. -- At the Naval Network Warfare Command here, U.S. cyber defenders track and investigate hundreds of suspicious events each day. But the predominant threat comes from Chinese hackers, who are constantly waging all-out warfare against Defense Department networks, Netwarcom officials said.

Attacks coming from China, probably with government support, far outstrip other attackers in terms of volume, proficiency and sophistication, said a senior Netwarcom official, who spoke to reporters on background Feb 12. The conflict has reached the level of a campaign-style, force-on-force engagement, he said.

“They will exploit anything and everything,” the senior official said, referring to the Chinese hackers’ strategy. And although it is impossible to confirm the involvement of China’s government, the attacks are so deliberate, “it’s hard to believe it’s not government-driven,” the official said.

The motives of Chinese hackers run the gamut, including technology theft, intelligence gathering, exfiltration, research on DOD operations and the creation of dormant presences in DOD networks for future action, the official said.

A recent Chinese military white paper states that China plans to be able to win an “informationized war” by the middle of this century. Overall, China seeks a position of power to ensure its freedom of action in international affairs and the ability to influence the global economy, the senior official said.

Chinese hackers were responsible for an intrusion in November 2006 that disabled the Naval War College’s network, forcing the college to shut down its e-mail and computer systems for several weeks, the official said. Forensic analysis showed that the Chinese were seeking information on war games in development at NWC, the official said.

NWC was vulnerable because it was not part of the Navy Marine Corps Intranet and did not have the latest security protections, the official explained. He said this was indicative of the Chinese strategy to focus on weak points in the network.

China has also been using spear phishing, sending deceptive mass e-mail messages to lure DOD users into clicking on a malicious URL, the official said. China is also using more traditional hacking methods, such as Trojan horse viruses and worms, but in innovative ways.

For example, a hacker will plant a virus as a distraction and then come in “slow and low” to hide in a system while the monitors are distracted. Hackers will also use coordinated, multipronged attacks, the official added.

Chinese hackers gained notoriety in the United States when a series of devastating intrusions, beginning in 2003, was traced to a team of researchers in Guangdong Province. The program, which DOD called Titan Rain, was first reported by Federal Computer Week in August 2005. Following that incident, DOD renamed the program and then classified the new name.

That particular set of hackers is still active, the Netwarcom official said. He would not confirm whether the Titan Rain group was linked to the NWC attack or any other recent high-profile intrusions.

Other senior military officials have spoken out recently on U.S. cyber strategy, saying the country urgently needs to develop new policies and procedures for fighting in the cyber domain.

Current U.S. cyber warfare strategy is dysfunctional, said Gen. James Cartwright, commander of the Strategic Command (Stratcom), in a speech at the Air Warfare Symposium in Orlando, Fla., last week. Offensive, defensive and reconnaissance efforts among U.S. cyber forces are incompatible and don’t communicate with one another, resulting in a disjointed effort, Cartwright said.

Gen. Ronald Keys, commander of Air Combat Command, told reporters at the conference that current policies prevent the United States from pursuing cyberthreats based in foreign countries. Technology has outpaced policy in cyberspace, he said.

The United States should take more aggressive measures against foreign hackers and Web sites that help others attack government systems, Keys said. It may take a cyber version of the 2001 terrorist attacks for the country to realize it must re-examine its approach to cyber warfare, he added.

Netwarcom officials described their approach as an active defense, in which monitors build defenses around the perimeter of DOD systems, work to mitigate the effects of attacks and restore damaged parts of the network.

Meanwhile, the consolidation of DOD’s cyber resources is ongoing. Netwarcom works directly with the Joint Task Force for Global Network Operations, DOD’s lead agency on network defense and operations, a component of Stratcom.

Netwarcom, the Navy’s lead cyber agency, is moving from monitoring the networks to full command-and-control capabilities. The Air Force announced in October 2006 that it will create a Cyber Command, based on the infrastructure of the 8th Air Force under Lt. Gen. Robert Elder, at Barksdale Air Force Base, La., to coordinate its cyber warfare efforts.

In the end, the cyberthreat is revolutionary, officials said, because it has no battle lines, the intelligence is intangible, and attacks come without warning, leaving no time to prepare defenses. Education and training of computer users, not enforcement, are the most effective defense measures, officials said.


For original story:
http://www.fcw.com/article97658-02-13-0 ... rintLayout

Don
CISSP, MCSE, CSTA, Security+ SME
<<

oyle

User avatar

Sr. Member
Sr. Member

Posts: 264

Joined: Mon Jan 02, 2006 11:19 am

Location: Cleveland Ohio

Post Sat Feb 17, 2007 8:39 pm

Re: Chinese Hackers Attack 'Anything and Everything'

Now THAT'S something to lose sleep over. With everything else going on in the world, Korea and it's nuclear progress, now China is trying to hack into our systems.

And there's nothing we can really do abour it, short if sending someone to China to track track down these people physically. That would be kick in the pants for diplomatic relations.

Maybe we should issue another embargo to China and stop buyong everything with a "Made in CHina" label. Yeah, right.

But this is a dplomatic issue, and this is computing. What should we do, guys?

Thanks Don. Great article.
MCP, MCP+I, MCSA, MCSE(NT4/W2K), CCNA, CCA, NWCCC, VH-PIRTS, CEH
--------------------
"hackers are like jedi, crackers are like the sith: do not fall prey to the dark side".

From 1337 h4x0r h4ndb00k: "the ten laws of geek", law x
                  -Tapeworm
<<

slimjim100

User avatar

EH-Net Columnist
EH-Net Columnist

Posts: 385

Joined: Wed Nov 08, 2006 12:50 pm

Location: Atlanta

Post Mon Feb 19, 2007 1:48 pm

Re: Chinese Hackers Attack 'Anything and Everything'

The Internet based attack’s out of China has been going on for a good long time now this is nothing new to the DoD. The biggest issue is that the complexity of the attacks is getting more difficult to block & detect. One thing that many people do not understand is that a lot of the attacks out of China are not necessarily from the Chinese but China IP space is just a relay point for attacks from other country's and people with motives against the US or other governments. The reason some of this happens is because there is very little the US government can do about hacking in China and with the politics it's not a top priority. This is also the case in a lot of countries where the west’s influence is not strong and international law means very little. I am not saying all the hacking out of china is from other people or governments but some of it is just relay attacks.

This is my option from what I have had to deal with.

Brian
CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP
<<

Kev

Post Tue Feb 20, 2007 8:04 am

Re: Chinese Hackers Attack 'Anything and Everything'

And whats really weird is how hard it is to hack the Chinese. They have a very good filtered environment. Why is that?

Return to News from the Outside World

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software