Dec 12, 2005
A systematic effort by hackers to penetrate US government and industry
computer networks stems most likely from the Chinese military, the
head of a leading security institute said. The attacks have been
traced to the Chinese province of Guangdong, and the techniques used
make it appear unlikely to come from any other source than the
military, said Alan Paller, the director of the SANS Institute, an
education and research organization focusing on cybersecurity.
"These attacks come from someone with intense discipline. No other
organization could do this if they were not a military organization,"
Paller said in a conference call to announced a new cybersecurity
In the attacks, Paller said, the perpetrators "were in and out with no
keystroke errors and left no fingerprints, and created a backdoor in
less than 30 minutes. How can this be done by anyone other than a
Paller said that despite what appears to be a systematic effort to
target government agencies and defense contractors, defenses have
remained weak in many areas.
"We know about major penetrations of defense contractors," he said.
Security among private-sector Pentagon contractors may not be as
robust, said Paller, because "they are less willing to make it hard
for mobile people to get their work done."
Paller said the US government strategy appears to be to downplay the
attacks, which has not helped the situation.
"We have a problem that our computer networks have been terribly and
deeply penetrated throughout the United States ... and we've been
keeping it secret," he said.
"The people who benefit from keeping it secret are the attackers."
Although Paller said the hackers probably have not obtained classified
documents from the Pentagon, which uses a more secure network, it is
possible they stole "extremely sensitive" information.
He said it has been documented that US military flight planning
software from its Redstone Arsenal was stolen.
Pentagon officials confirmed earlier this year that US Defense
Department websites are probed hundreds of times a day by hackers, but
maintained that no classified site is known to have been penetrated by
The US military has code-named the recent hacker effort "Titan Rain"
and has made some strides in counter-hacking to identify the
attackers, Paller said. This was first reported by Time magazine.
Paller said a series of attacks on British computer networks reported
earlier this year may have similar goals, but seems to use different
In the United States, he said there are some areas of improvement such
as the case of the Air Force, which has been insisting on better
security from its IT vendors. But he argued that "the fundamental
error is that America's security strategy relies on writing reports
rather than hardening systems."
Earn your Master's degree in Information Security ONLINE
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.