By Bradley Graham
Washington Post Staff Writer
Thursday, August 25, 2005
Web sites in China are being used heavily to target computer networks in the Defense Department and other U.S. agencies, successfully breaching hundreds of unclassified networks, according to several U.S. officials.
Classified systems have not been compromised, the officials added. But U.S. authorities remain concerned because, as one official said, even seemingly innocuous information, when pulled together from various sources, can yield useful intelligence to an adversary.
"The scope of this thing is surprisingly big," said one of four government officials who spoke separately about the incidents, which stretch back as far as two or three years and have been code-named Titan Rain by U.S. investigators. All officials insisted on anonymity, given the sensitivity of the matter.
Whether the attacks constitute a coordinated Chinese government campaign to penetrate U.S. networks and spy on government databanks has divided U.S. analysts. Some in the Pentagon are said to be convinced of official Chinese involvement; others see the electronic probing as the work of other hackers simply using Chinese networks to disguise the origins of the attacks.
"It's not just the Defense Department but a wide variety of networks that have been hit," including the departments of State, Energy and Homeland Security as well as defense contractors, the official said. "This is an ongoing, organized attempt to siphon off information from our unclassified systems."
Another official, however, cautioned against exaggerating the severity of the intrusions. He said the attacks, while constituting "a large volume," were "not the biggest thing going on out there."
Apart from acknowledging the existence of Titan Rain and providing a sketchy account of its scope, the officials who were interviewed declined to offer further details, citing legal and political considerations and a desire to avoid giving any advantage to the hackers. One official said the FBI has opened an investigation into the incidents. The FBI declined to comment.
One official familiar with the investigation said it has not provided definitive evidence of who is behind the attacks. "Is this an orchestrated campaign by PRC or just a bunch of disconnected hackers? We just can't say at this point," the official said, referring to the People's Republic of China.
With the threat of computer intrusions on the rise generally among Internet users, U.S. government officials have made no secret that their systems, like commercial and household ones, are subject to attack. Because the Pentagon has more computers than any other agency -- about 5 million worldwide -- it is the most exposed to foreign as well as domestic hackers, the officials said.
Over the past few years, the Defense Department has taken steps to better organize what had been a rather disjointed approach to cyber security by individual branches of the armed forces. Last year, responsibility for managing the Pentagon's computer networks was assigned to the new Joint Task Force for Global Network Operations under the U.S. Strategic Command.
"Like everybody connected to the Internet, we're seeing a huge spike" in outside scanning of Pentagon systems, said Lt. Col. Mike VanPutte, vice director of operations at the task force. "That's really for two reasons. One is, the tools are much simpler today. Anyone can download an attack tool and target any block on the Internet. The second is, the intrusion detection systems in place today," which are more sophisticated and can identify more attacks.
Pentagon figures show that more attempts to scan Defense Department systems come from China, which has 119 million Internet users, than from any other country. VanPutte said this does not mean that China is where all the probes start, only that it is "the last hop" before they reach their targets.
He noted that China is a convenient "steppingstone" for hackers because of the large number of computers there that can be compromised. Also, tracing hackers who use Chinese networks is complicated by the lack of cyber investigation agreements between China and the United States, another task force official said.
The number of attempted intrusions from all sources identified by the Pentagon last year totaled about 79,000, defense officials said, up from about 54,000 in 2003. Of those, hackers succeeded in gaining access to a Defense Department computer in about 1,300 cases. The vast majority of these instances involved what VanPutte called "low risk" computers.
Concern about computer attacks from China comes amid heightened U.S. worry generally about Chinese military activities. Defense Secretary Donald H. Rumsfeld warned in June that China's military spending threatened the security balance in Asia, and the Pentagon's latest annual report on Chinese military power, released last month, described the ongoing modernization of Beijing's armed forces.
The report contained a separate section on development of computer attack systems by China's military. It said the People's Liberation Army (PLA) sees computer network operations as "critical to seize the initiative" in establishing "electromagnetic dominance" early in a conflict to increase effectiveness in battle.
"The PLA has likely established information warfare units to develop viruses to attack enemy computer systems and networks, and tactics to protect friendly computer systems and networks," the report said.
"The PLA has increased the role of CNO [computer network operations] in its military exercises," the report added. "Although initial training efforts focused on increasing the PLA's proficiency in defensive measures, recent exercises have incorporated offensive operations, primarily as first strikes against enemy networks."
The computer attacks from China have given added impetus to Pentagon moves to adopt new detection software programs and improve training of computer security specialists, several officials said.
"It's a constant game of staying one step ahead," one said.
Staff writer Dan Eggen contributed to this report.