By Jon Swartz
SAN FRANCISCO -- The cyberattack of a U.S. military computer system has
deepened concern about cyberspying and the security of the Internet's
Chinese hackers were most likely behind an intrusion in November that
disabled the Naval War College's network, forcing it to disconnect from
the Internet for several weeks, says Lt. Cmdr. Doug Gabos, a spokesman
for the Navy Cyber Defense Operations Command in Norfolk, Va.
Forensic analysis indicates the hackers may have sought information on
war games in development at the naval college, he said. The college was
vulnerable because it did not have the latest security protections,
The November attack was part of an ongoing campaign by Chinese hackers
to penetrate government computers. The attacks often come in the form of
"spear phishing," scams where attackers craft e-mail messages that seem
to originate from the recipient's organization in a ploy to gain
unauthorized access to confidential data.
China is also using more traditional hacking methods, such as computer
viruses and worms, but in sophisticated ways, says Alan Paller, director
of the security research organization SANS Institute.
Hackers are directly breaking into military and government computers,
and exploiting the side doors of private networks connected to them,
The intrusions spotlight the soft underbelly in U.S. cybersecurity. They
also underline the need for the federal government to develop policies
that define responsibilities between the public and private sectors to
fend off hackers and terrorists, say military officials and
cybersecurity experts including Jody Westby, CEO of Global Cyber Risk.
The attacks also underscore flaws in Internet security and the
difficulty in tracking bad guys, says Westby, a cybersecurity consultant
in Washington. Such "Swiss cheese" holes, she says, not only compromise
military and government networks but those of businesses and critical
"The Internet was not designed for security, and there are 243 countries
connected to the Internet," says Westby, who estimates 100 countries are
planning infowar capabilities. "What's more, many countries don't have
Chinese hackers gained notoriety in the USA after a series of
coordinated attacks on American computer systems at NASA and Sandia
National Laboratories, dating to 2003, were traced to a team of
researchers in Guangdong province. The program, called Titan Rain by the
Defense Department, first became public in August 2005. The Defense
Department has since retitled the program under a classified name.
The hackers are still active, but Gabos would not say if the intrusion
at the Naval War College was linked to previous attacks.
China is aggressively improving its information warfare capabilities,
according to a December 2006 Chinese military white paper. Its goal is
to be "capable of winning informationized wars" by the mid-21st century.
The motives of Chinese hackers run the gamut from intelligence gathering
to technology theft and the infiltration of defense networks for future
action, cybersecurity experts say.
The intent of Chinese operatives is unclear, but most agree they are
gathering information, says Peter Neumann, a scientist at SRI
International, a non-profit research institute.
U.S. cyberwarfare strategy, meanwhile, is disjointed because
organizations responsible for cyberoffense, such as the National
Security Agency, and defense, such as the Naval Network Warfare Command,
are not linked, Gen. James Cartwright, commander of the Strategic
Command, said in a speech at the Air Warfare Symposium in Florida in
The U.S. must take aggressive measures against foreign hackers and
websites that help others attack government systems, Gen. Ronald Keys,
commander of Air Combat Command, told reporters in Florida on Feb. 9.
"I think it's going to take an Internet 9/11, and we've had some pretty
serious problems on the Internet" for the country to seriously
re-examine its approach to cyberwarfare, he said, according to a
Visit the InfoSec News Security Bookstore