By Bill Gertz
THE WASHINGTON TIMES
November 30, 2006
Chinese computer hackers penetrated the Naval War College network
earlier this month, forcing security authorities to shut down all e-mail
and official computer network work at the Navy's school for senior
Navy officials said the computer attack was detected Nov. 15 and two
days later the U.S. Strategic Command raised the security alert level
for the Pentagon's 12,000 computer networks and 5 million computers.
A spokesman for the Navy Cyber Defense Operations Command, located in
Norfolk, said "network intrusions" were detected at the Newport, R.I.,
military school two weeks ago.
"The system-network connection was terminated and known affected systems
were removed and are being examined for forensic evidence to determine
the extent of the intrusion," said Lt. Cmdr. Doug Gabos, the spokesman.
"The Naval War College computer system-network is used by students at
the war college and contains Navy Professional Reading Program and other
materials, all of which are unclassified information."
The FBI and Naval Criminal Investigative Service are investigating the
breach, another official said.
The Naval War College trains senior officers, conducts war games and
carries out some classified research such as studies of future warfare.
The college's Web site was not accessible yesterday.
Adm. Michael Mullen, chief of naval operations, recently directed the
war college's Strategic Studies Group to begin work to develop concepts
for waging cyber-warfare, a Navy spokesman said.
"The Naval War College is where the Navy's Strategic Studies Group is
planning and practicing cyber-war techniques, and now they don't even
have e-mail access," one U.S. official said.
U.S. defense officials said intelligence reports indicated that the
cyber-attack on the college came from China, which a recent
congressional report said has begun a series of computer network attacks
against defense and military systems in the United States code-named
Retired Air Force Maj. Gen. Richard Goetze, a Naval War College
professor, told a class Monday in Washington that Chinese computer
hackers were behind the network attack. Gen. Goetze told students that
communications were hobbled because the Chinese "took down" the entire
Naval War College computer network.
Students and professors at the college now have to use private e-mail
from home, raising security questions.
Cmdr. Gabos declined to comment on the origin of the attack. "The nature
and extent of intrusion are operational issues," he said. "I can tell
you it was an isolated incident and did not affect other elements of
Department of Defense."
However, the U.S. Strategic Command, which is in charge of Defense
Department computer warfare and defenses, issued a directive about the
time the attack was detected ordering all defense computer users to
heighten security by changing passwords.
The Strategic Command directive stated that the "information condition"
was to be raised Nov. 17 from Infocon 5 to Infocon 4, or heightened
alert against attack.
Alan Paller, a computer security specialist with the private SANS
Institute, said the Chinese network attack against the war college is
"the tip of the iceberg."
"The depth of the penetration is more than anybody is even admitting,"
he said in an interview. "People are trying to hide this because they're
Mr. Paller said the Chinese military's doctrine calls for waging
cyber-warfare against computer networks. "Part of it is gathering data
and part is leaving a back door so they can get in [to military
computers] in the future," he said.
The annual report by the U.S.-China Economic and Security Review
Commission, released Nov. 16, stated that there are "clear examples of
computer network penetrations coming from China," including those linked
to Titan Rain.
The report said the Chinese military has "information warfare units
[that] are developing viruses to harm the computer systems of its
Copyright 2006 News World Communications, Inc. All rights reserved.
Subscribe to InfoSec News