Hackers Attack Via Chinese Web Sites
Thursday, August 25, 2005
Web sites in China are being used heavily to target computer networks in the Defense Department and other U.S. agencies, successfully breaching hundreds of unclassified networks, according to several U.S. officials.
Classified systems have not been compromised, the officials added. But U.S. authorities remain concerned because, as one official said, even seemingly innocuous information, when pulled together from various sources, can yield useful intelligence to an adversary.
"The scope of this thing is surprisingly big," said one of four government officials who spoke separately about the incidents, which stretch back as far as two or three years and have been code-named Titan Rain by U.S. investigators. All officials insisted on anonymity, given the sensitivity of the matter.
Whether the attacks constitute a coordinated Chinese government campaign to penetrate U.S. networks and spy on government databanks has divided U.S. analysts. Some in the Pentagon are said to be convinced of official Chinese involvement; others see the electronic probing as the work of other hackers simply using Chinese networks to disguise the origins of the attacks.
"It's not just the Defense Department but a wide variety of networks that have been hit," including the departments of State, Energy and Homeland Security as well as defense contractors, the official said. "This is an ongoing, organized attempt to siphon off information from our unclassified systems."
Another official, however, cautioned against exaggerating the severity of the intrusions. He said the attacks, while constituting "a large volume," were "not the biggest thing going on out there."
Apart from acknowledging the existence of Titan Rain and providing a sketchy account of its scope, the officials who were interviewed declined to offer further details, citing legal and political considerations and a desire to avoid giving any advantage to the hackers. One official said the FBI has opened an investigation into the incidents. The FBI declined to comment.
One official familiar with the investigation said it has not provided definitive evidence of who is behind the attacks. "Is this an orchestrated campaign by PRC or just a bunch of disconnected hackers? We just can't say at this point," the official said, referring to the People's Republic of China.
With the threat of computer intrusions on the rise generally among Internet users, U.S. government officials have made no secret that their systems, like commercial and household ones, are subject to attack. Because the Pentagon has more computers than any other agency -- about 5 million worldwide -- it is the most exposed to foreign as well as domestic hackers, the officials said.
Over the past few years, the Defense Department has taken steps to better organize what had been a rather disjointed approach to cyber security by individual branches of the armed forces. Last year, responsibility for managing the Pentagon's computer networks was assigned to the new Joint Task Force for Global Network Operations under the U.S. Strategic Command.
"Like everybody connected to the Internet, we're seeing a huge spike" in outside scanning of Pentagon systems, said Lt. Col. Mike VanPutte, vice director of operations at the task force. "That's really for two reasons. One is, the tools are much simpler today. Anyone can download an attack tool and target any block on the Internet. The second is, the intrusion detection systems in place today," which are more sophisticated and can identify more attacks.
Pentagon figures show that more attempts to scan Defense Department systems come from China, which has 119 million Internet users, than from any other country. VanPutte said this does not mean that China is where all the probes start, only that it is "the last hop" before they reach their targets.