By Alan Sipress
Washington Post Staff Writer
Friday, October 6, 2006; A21
Hackers operating through Chinese Internet servers have launched a
debilitating attack on the computer system of a sensitive Commerce
Department bureau, forcing it to replace hundreds of workstations and
block employees from regular use of the Internet for more than a month,
Commerce officials said yesterday.
The attack targeted the computers of the Bureau of Industry and
Security, which is responsible for controlling U.S. exports of
commodities, software and technology having both commercial and military
uses. The bureau has stepped up its activity in regulating trade with
China in recent years as the United States increased its exports of such
dual-use items to the growing Chinese market.
This marked the second time in recent months that U.S. officials
confirmed that a major attack traced to China had succeeded in
penetrating government computers.
"Through established security procedures, BIS discovered a targeted
effort to gain access to BIS user accounts," said Commerce Department
spokesman Richard Mills. "We have no evidence that BIS data has been
lost or compromised."
The significance of the attacks was underscored in a series of e-mails
sent to BIS employees by acting Undersecretary of Commerce Mark Foulon
since July, informing them of "a number of serious threats to the
integrity of our systems and data." In an August e-mail, Foulon reported
that the bureau had "identified several successful attempts to attack
unattended BIS workstations during the overnight hours." Then, early
last month, he wrote: "It has become clear that Internet access in
itself is a vulnerability that we cannot mitigate. We have tried
incremental steps and they have proven insufficient."
A source familiar with the security breach said the hackers had
penetrated the computers with a "rootkit" program, a stealthy form of
software that allows attackers to mask their presence and then gain
privileged access to the computer system. The attacks were traced to Web
sites registered on Chinese Internet service providers, Commerce
officials said. "We determined they were owned by the Chinese," a senior
Commerce official said. He did not say who in China was responsible or
whether officials had even been able to identify the culprits. Although
bureau employees were informed of the problem in July, commerce
officials declined to say when the attacks were discovered and how long
they had been going on. Only over time did bureau officials realize the
extent of the damage from the breach.
"The more we learned, the more we did," the senior official said.
Since Sept. 1, the bureau has blocked employees from accessing the
Internet from their own computers. Instead, several separate computers
unconnected to the BIS computer network have been set up so employees
can try to continue carrying out their duties.
Commerce officials have also decided they cannot salvage the
workstations that employees had been using and instead will build an
entirely new system for the bureau in the coming months with "clean
hardware and clean software," the senior official said. Foulon told
employees in late August that they hoped to replace all the bureau's
workstations within three months.
The official acknowledged that some of the emergency measures have made
it more difficult for the bureau to communicate with other government
agencies and the public, including companies that turn to BIS for export
In July, the State Department confirmed that hackers in China had broken
into its computers in Washington and overseas. Last year, U.S. officials
reported that the Defense Department and other U.S. agencies were under
relentless attack from unidentified computers in China.
China has long been a focus of high-level attention at BIS and was the
destination for the largest number of licenses approved by the bureau in
2004, according to the bureau's most recent annual report. In weighing
applications for licenses, bureau officials seek to protect U.S.
national security interests without hamstringing legitimate commercial
Commerce officials recently reported that they had taken significant
steps to enhance computer security at the department, both by deploying
new software and improving the management of the system.
These steps came after the General Accounting Office (since renamed the
Government Accountability Office) issued a scathing report five years
ago, which concluded that "significant and pervasive computer security
weaknesses place Department of Commerce systems at risk." The report
found that outsiders could gain unauthorized access to the computer
system and access confidential data. "Intruders could disrupt the
operations of systems that are critical to the mission of the
department," the report found.
Copyright 2006 The Washington Post Company
Donate online for the Ron Santo Walk to Cure Diabetes!