Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Government Politics

Chinese Hack Attacks on DoD Networks Coordinated 295

An anonymous reader writes " The Naval Network Warfare Command says that Chinese hackers are relentlessly targeting Defense Department networks with cyber attacks. The 'volume, proficiency and sophistication' of the attacks supports the theory that the attacks are government supported. The motives of the attacks emanating from China include technology theft, intelligence gathering, exfiltration, research on DOD operations and the creation of dormant presences in DOD network for future action. Onlookers warn that current US defenses against these attacks are 'dysfunctional', and that more aggressive measures should be taken to ensure government network safety."
This discussion has been archived. No new comments can be posted.

Chinese Hack Attacks on DoD Networks Coordinated

Comments Filter:
  • by ShaunC ( 203807 ) * on Saturday February 17, 2007 @03:43PM (#18054038)

    Attacks coming from China, probably with government support, far outstrip other attackers in terms of volume, proficiency and sophistication, said a senior Netwarcom official

    Gee, ya think? China has more than a billion people. I know they're not all running around with shiny new laptops, but come on - this is akin to saying that the majority of low-temperature attacks on the United States come from Canada. Well, duh!

    I can make the same "cyberattack" claims about my not-worth-cracking dedicated servers and the dinky firewall machine sitting on my cable modem, too, but that doesn't mean I'm engaged in a "cyberwar" with anyone. The majority of rooted machines trying to root mine are in China. Most of this comes in the form of automated attempts to bruteforce ssh, but I've seen targeted attempts where there's clearly a human on the other end of the wire.

    While I don't doubt that DoD machines are probably being targeted intentionally, there's an overwhelming amount of garbage traffic coming out of central and eastern Asia, and it hits everyone. Nearly half of all my rejected SMTP traffic is from Chinese netspace, but most of it's trying to peddle western products to American consumers, the Chinese people have nothing to do with it. China's so full of compromised hosts that whoever's actually cracking DoD machines is probably sitting in an internet cafe in Milan, piping data through some rooted .gov.cn box...

    Oh, and the next person to use "spear phishing" in an article is getting a swift kick in the nuts!
    • by zappepcs ( 820751 ) on Saturday February 17, 2007 @03:51PM (#18054102) Journal
      That is an interesting statement:

      "China's so full of compromised hosts that whoever's actually cracking DoD machines is probably sitting in an internet cafe in Milan, piping data through some rooted .gov.cn box..."

      I wonder how easy it would be to pin this on MS products that have been pirated?

      Its an interesting twist of thought to think that MS is responsible for cyber attacks on the DOD. While that isn't true, it's still interesting in a 'haha' kind of way.

      Makes me believe that there will be counter-attack strategies that include government sponsored worms traversing the Internet trying to secure those compromised hosts.
    • by Vicissidude ( 878310 ) on Saturday February 17, 2007 @04:26PM (#18054388)
      China has more than a billion people.

      Yes, and of those, only 137 million Chinese are online. In contrast, the US has about 185 million online. So, the fact that the majority of the attacks are coming from China is indeed significant. That is particularly true given the sophistication of the attacks cited and the military targets they are going after.
    • by woolio ( 927141 )
      Most of it's trying to peddle western products to American consumers, the Chinese people have nothing to do with it

      I think I know what you are trying to say, but your statement as written above is probably not accurate..

      Most "western products" (including the USA's flag), that I've have seen say "Made in China" on the bottom/back. I would say there would be those residing in China who would be interested in bumping up sales through all possible means.
    • Gee, ya think? China has more than a billion people.

      Not even addressing how many of these have Internet, and how many of those are "sophisticated" users, we're talking about Chinese government hackers here. How many Chinese there are is irrelivent.

  • by Kohath ( 38547 ) on Saturday February 17, 2007 @03:48PM (#18054068)
    Time for the US to execute a "phased redeployment" away from the Internet.

    Back to uunet or fidonet, where our bits can be safe.
    • by Keruo ( 771880 )

      Time for the US to execute a "phased redeployment" away from the Internet.

      Or perhaps DoD should have secondary network physically separated from internet, where workstations with important data are kept. These workstations wouldn't be allowed direct access to internet, instead you'd have another computer sitting next to them, and if you need to move data between, you do it by burning it on dvd or using usb drive. Didn't look if they actually use that kind of system but I would assume they do. It would be

      • Re: (Score:2, Interesting)

        by finity ( 535067 )
        http://en.wikipedia.org/wiki/SIPRNet [wikipedia.org]

        SIPRNet is mostly separate. From what I've heard, people aren't allowed to move information between SIPRNet computers and other 'insecure' computers at all.

      • Re: (Score:2, Redundant)

        by YrWrstNtmr ( 564987 )
        Or perhaps DoD should have secondary network physically separated from internet, where workstations with important data are kept. We do. I'll not go into any specifics, but yeah, we do.
  • Sure (Score:5, Funny)

    by TheRealMindChild ( 743925 ) on Saturday February 17, 2007 @03:48PM (#18054072) Homepage Journal
    Onlookers warn that current US defenses against these attacks are 'dysfunctional', and that more aggressive measures should be taken to ensure government network safety.

    Sure... drop some bombs. What could possibly go wrong?
  • Onlookers? (Score:4, Insightful)

    by rehtonAesoohC ( 954490 ) on Saturday February 17, 2007 @03:49PM (#18054078) Journal
    I am a civilian contractor for the US government, and I can guarantee that we are hit all the time with attempts to get into our networks on the secret and SCI sides.

    However, I would like to know who these "onlookers" are... The defense measures (can't say specifically of course) that we take are plenty effective against all types of attacks we get. One of our top priorities is writing code that is solid and secure. We run scans (again, specifics are classified) nightly to test the security of our infrastructure and applications.

    Whoever these "onlookers" are, I would love to hear about how THEY successfully hacked into our network instead of just criticizing with no actual knowledge.
    • Re:Onlookers? (Score:4, Informative)

      by Anonymous Coward on Saturday February 17, 2007 @03:56PM (#18054138)
      Why in the hell do you have your secret and SCI sides on the internet? That's DOD/DOE no-no number one!

      Separate systems, separate networks, separate terminals.

      I can tell you from my experience as a person who contracts as a "Q" that not only is the DOE stepping up their security methods, they're cutting funding to places that don't keep the mustard. LANL may be cut at the end of this FY -- thanks to the fiasco a few weeks ago where someone walked out of the labs with thumb drives of info. Needless to say, they were audited, and they brought out a lot of epoxy to glue down the USB/Firewire ports.

      Also, weak passwords should be pretty much a thing of a past -- now that DOE's mandating that everyone use CryptoCards in the next year-ish (no, not those expensive RSA things -- they're out of a company in Canada).

      • Re:Onlookers? (Score:4, Interesting)

        by Anonymous Coward on Saturday February 17, 2007 @04:47PM (#18054572)

        Why in the hell do you have your secret and SCI sides on the internet? That's DOD/DOE no-no number one!

        To answer you, the guy is speaking out of his ass. He's probably an EDS sub-contractor on the NMCI handling help desk calls about email and web proxies and probably thinks SNORT ACID is something he can get busted for.

        Mr. ChooseAnother probably doesn't realize that commenting on this, attributing to himself as an insider is a sure-fire way to get his nads hooked to some 'trodes and get his non-clearance revoked.

        But, man, he does sound so C O O L don't you want to be just like him when you grow up?

      • by sconeu ( 64226 )
        Exactly. When setting up a red system, the *FIRST* thing you do is pull the Internet connection, and keep it on a private red net.
    • by b4stard ( 893180 ) on Saturday February 17, 2007 @04:08PM (#18054228)
      I, also, am a civilian contractor for the US government. I can't say specifically, of course, but we got these lasers and we laser stuff. Yes indeed. Lasering stuff is what we do. Whenever we're cracked (or partially cracked), we laser the crackers. We are no ordinary crackees, though I can't say specifically in what way (other than what I just mentioned about the lasers).

      Our lasers are plenty effective. Don't criticize me with no actual knowledge.
    • It seems to be part of US culture at the moment. Get a few terrorist attacks, suddenly there are legions of terrorists 'out there' just waiting to kill you. Get a few cyber attacks and there are legions of crackers out there trying to destroy your technology and infrastructure.
    • by t14m4t ( 205907 ) *
      FYI, any and all internally-available details of any cracking attempts (such as which organization is instigating, intensity, effectiveness of our measures, etc.) are FOUO at the very least, and usually CONFIDENTIAL or better. Having seen the SECRET messages, and dealing with the CTOs and INFOCON changes (I'm the CIO at my command), I've had to deal with a few situations where the classification has mattered.

      weylin
  • The United States really needs to change doctrine to prevent these sorts of attacks in the future. An assault on government networks by a foreign country should be responded to like any other attempt to impair, hinder, or steal information from the government by a foreign country - with an escalating response based on severity from diplomatic rebukes, cyber counterattacks, sanctions, and ultimately military strikes.
    • Re: (Score:3, Interesting)

      by davidsyes ( 765062 )
      So much for the Interstellar Ark:

      http://science.slashdot.org/science/07/02/18/13592 14.shtml [slashdot.org]

      Only when humans decide to get out of and deprive governments and wealthy of the "defense" industry will humans have money and worthiness of being allowed doe DESERVE an interstellar ark.

      Elevating Chinese attempts to breach a DOD (or any government) database to the level of military attack is just ASKING for excuses to wage war. Since vastly many interconnected ties exist in economics, land, and employment schemes, t
    • by Greyfox ( 87712 )
      Unplug the routers into China for a couple of weeks. There aren't many points of entry to the USA, and we'd enjoy a couple of lovely spam-free weeks.
  • by Kludge ( 13653 ) on Saturday February 17, 2007 @03:51PM (#18054098)
    Shouldn't this be expected? It's not as if this is a surprise. Their systems should be built from the ground up expecting every and any kind of attack.
  • Speculation? (Score:5, Insightful)

    by Brian Cohen ( 1027542 ) on Saturday February 17, 2007 @03:57PM (#18054146)
    "Attacks coming from China, probably with government support, far outstrip other attackers in terms of volume, proficiency and sophistication" Government support of attacks on DOD networks is not a minor accusation. You would need a lot more evidence beyond potential motives and speculation to suggest that such an attack is government supported.
    • Yes, it's not like China has ever tried to steal our secrets before. Why presume such now?
      • Because a lot of people attempt to hack into goverment networks who aren't connected to forigen goverments. Everyone wants our secrets. Picking one country or another at random is just stupid.
      • by leoc ( 4746 )
        Yeah and its not like the USA has ever lied about intelligence before, so why should we not believe them this time when they cry wolf?
  • Nethack Terminus (Score:3, Interesting)

    by SMACX guy ( 1003684 ) on Saturday February 17, 2007 @04:07PM (#18054214) Homepage
    By creating a planetary network, mankind on Planet now has the ability to share information at light-speed. But by creating a single such network, each faction has brought themselves closer to discovery as well. At the speed of light, we will catch your information, tag it like an animal in the wild, and release it unharmed -- if such should serve our purposes.
    • laughing my ass off.. ;-)
      thanks.
    • Re:Nethack Terminus (Score:4, Interesting)

      by nuzak ( 959558 ) on Saturday February 17, 2007 @06:55PM (#18055570) Journal
      C'mon, we're talking about a Chinese distributed hack here. Here's the quote that should have leaped into your head.

      "If I determine the enemy's disposition of forces while I have no perceptible form, I can concentrate my forces while the enemy is fragmented. The pinnacle of military deployment approaches the formless: if it is formless, then even the deepest spy cannot discern it nor the wise make plans against it." -- Sun Tzu, The Art of War


  • counterattack? (Score:5, Interesting)

    by gravesb ( 967413 ) on Saturday February 17, 2007 @04:08PM (#18054220) Homepage
    I wonder how much China would complain if the NSA launched an attack against any confirmed hosts? If there is evidence that computers are attacking use, either live or as bots, can China make a real complaint about us protecting our interests?
  • by DaMattster ( 977781 ) on Saturday February 17, 2007 @04:08PM (#18054222)
    The DoD should create a firewall rule to automatically drop any packets it recieves from China, North Korea, South Korea, or any of those countries trying to root its machines. On my dad's dinky little small business network with one segment and 10 machines, I saw no less than 300 daily attempts to root the gateway via SSH coming from North Korean and Chinese IP addresses. Now, mind you, I use SSH to remotely administer the gateway. Naturally, the gateway is a secure BSD machine as I wouldn't dare front end a network with a Windows 2003 server. I was dismayed that, in these attempts, the attackers are getting a login and password prompt. Thank God syslog reported that no attempts got past that point. So, I made SSH listen to a non-standard port and added a PF firewall rule to drop ANY incoming connection attempts from Pacific Rim countries. I also checked to see if there were any strange binaries or daemons running and ran a netstat -n to look at activity and there was nothing suspicious. Finally, as an additional safety precaution, I decided I would add firewalls to drop the Microsoft ports in and outbound. Now, instead of reporting access denied, syslog reported copious amounts of dropped packets for about two weeks and then the attacks seemed to drop off altogether. Now I see one only occasionally.
    • by fishthegeek ( 943099 ) on Saturday February 17, 2007 @04:20PM (#18054332) Journal
      I strongly suspect that DoD WANTS to see the attacks. You are exactly right, if the DoD were really concerned about the loss of classified information they would simply block those IP ranges. Something more sophsiticated is probably at work.

      1. Create a honeypot that doesn't look like a honeypot.
      2. Fire off press releases complaining about how intelligent and crafty those 1337 Chinese Hackers are.
      3. Watch and learn.

      I can't think of a better way to assess the level of skill the Chinese possess. I seriously doubt that valuable classified information is within reach of internet connected machines. This article and probably most like it are misinformation designed to encourage the Chinese.
      • by TubeSteak ( 669689 ) on Saturday February 17, 2007 @06:16PM (#18055320) Journal

        I seriously doubt that valuable classified information is within reach of internet connected machines.
        You are probably right.
        But only in the most literal sense.

        There are multiple levels of classification and squarely in the middle of unclassified and secret is sensitive information. If you add enough of it together, you can end up with information that can be considered secret.

        The best example i can think of is this story:
        Grad Student's Work Reveals National Infrastructure [slashdot.org]
        Duped the next day: Fiber-Optic Map: A Classified Dissertation? [slashdot.org]

        Just because information isn't classified as secret, doesn't mean it's useless.
      • 1. Create a honeypot that doesn't look like a honeypot. 2. Fire off press releases complaining about how intelligent and crafty those 1337 Chinese Hackers are. 3. Watch and learn.

        Personally, I'd go with this as the "truth" behind the story. However...

        I seriously doubt that valuable classified information is within reach of internet connected machines.

        Never underestimate the power of stupidity. It's happened in the past, and history has a tendency of repeating itself.

    • Comment removed based on user account deletion
    • by jpop32 ( 596022 )
      I saw no less than 300 daily attempts to root the gateway via SSH coming from North Korean and Chinese IP addresses.

      Just out of curiosity, which is the IP range for North Korea?
    • Re: (Score:3, Insightful)

      On my dad's dinky little small business network with one segment and 10 machines, I saw no less than 300 daily attempts to root the gateway via SSH coming from North Korean and Chinese IP addresses.


      Thats a little hard to believe given most North Korean's dont have computers let alone internet access. If they really are attacks from North Korea, your dad must be involved in more than a "dinky little small business".

  • PC Anywhere (Score:3, Funny)

    by skinfitz ( 564041 ) on Saturday February 17, 2007 @04:16PM (#18054294) Journal
    By 'hackers' do they mean people scanning their networks for machines with no firewall running PC Anywhere with default passwords like Gary McKinnon did?
  • It's like their food: you hack away, but find you are not satisfied after a few hours and have to hack some *more* ;-P
             
  • by Anonymous Coward on Saturday February 17, 2007 @04:38PM (#18054496)
    I often find those postings one-sided. In this case,some posters are readily to advocate the USE of military as a result of this. We have the most sophisticated electronic and information warfare capability in the world and people just tend to pretend that we don't do this kind of information warfare everyday. And whenever other nations are "alleged" to conduct such, those ignorant people just ready to beat the drum of war.

    Another thing is, as of now, China doesn't even need to fire a single bullet to beat the crap out of us if we decide to launch a war on them.

    China currently has 1000 billion US dollar foreign reserve, that is somewhere 1/5 to 1/4 of ALL US dollar reserve held by foreign countries. At the onset of the war, China will have three options: one is conventional warfare, two is nuclear warfare, three is financial warfare.

    Conventional warfare is something US would avoid, think Korean War. Nuclear Warfare is something both would avoid, unless the fat lady sings(the absolute last resort.)

    At the beginning, we of course would bomb the crap out of their infrastructure and military installation, given our air superiority, as we did in Iraq. And China knows this and know they would not win in this course of action.

    All they need to do is to make a threat or actually dump US dollar reserve on the international market.

    Don't think this would happen? Brush up your knowledge of Suez Canal crisis of 1956. That was exactly what happened when British and French forces rapily withdrew after successful military invasion after Eisnehower threathened to sell US reserves of British pound and thereby to collapse the British currency. Of course the British pound was already under pressure after decades of British colonial expansions that spent a lot of money, not unlike the current US national debt of today. Most historians agree the Suez Canal is the major milestone of the demise of British empire.

    When you have 25% of another country's currency on the market, that is a pretty powerful hand. All you need to do is dump all that at once onto the international market. It effectively and immediately collapses the US currency and the whole American economy. Do you think other countries will have the capacity and more importantly the willingness to buy those currency. Do you think other nations would be willing to lend us money by buying up treasury bills, knowing our money would be worthless on the market.Hell no. People all over the world will be dumping US dollar like crazy. US stockmarket will crash; there will be endless runs to the bank.

    The economy as we know of will cease to exist.

    Some people of course will doubt that China woud do this. But when you are been bombed crap out of you a-ss and you are getting desperate. Trust me, you'lldo anything.

    This, my friend, is how the war between China and US will play out NOW. But very very unlikely to happen. It is like two big boys on the playground. Of course it is nice to be the only king of THE playground. But sometimes it easier to share it a little with someone as strong as you are. That is, the essence of international relation. Boy, I just hope we don't have some airheads in the administration thinking otherwise.

    So for those people ignorant of economy and internation politics, you can stop making those senseless remarks. Brush up on your knowledge before making a fool out of yourself.
    • The tit-for-tat response to economic warfare exercised by China would probably be a blockade/embargo of oil to China. They currently import roughly half of their oil, and this dependence is as much a weakness to them as our dependence is to us. (Perhaps even more so, if our government gets its collective head out of its ass and starts putting real effort into converting our oil-based infrastructure to something else.)
    • Re: (Score:2, Insightful)

      by Anonymous Coward

      China currently has 1000 billion US dollar foreign reserve, that is somewhere 1/5 to 1/4 of ALL US dollar reserve held by foreign countries. At the onset of the war, China will have three options: one is conventional warfare, two is nuclear warfare, three is financial warfare.

      Their reserves include US treasury bonds and other debt instruments, which makes financial warfare a case of Mutually Assured Destruction. At the outset of war, renege: declare all bonds in their hands to be enemy assets: void,worthle

  • by dpbsmith ( 263124 ) on Saturday February 17, 2007 @04:39PM (#18054508) Homepage
    "My job is to pertect the American people from cyberattack. When we find IP packets that are in that country that are hurting our computers, we're going to do something about it. ... Does this mean I'm looking for a pretext to start a war with China? No. It means I'm trying to protect our computers. That's what that means.

    Despite our warrantless wiretaps, I don't think we know who picked up the phone and said .Hackers, go do this,. but we know it's a vital part of the Chinese government."

    Secretary of States Bill Gates added "For the umpteenth time, we are not looking for an excuse to go to war with China. We are not planning a war with China. Yes, we do have contingency plans for wars with every other country in the world, but not China. And even it we did, we have not taken any actual final decisions to act on them in the immediately foreseeable future. We have just sent elint-equipped cruisers to the East China Sea, but those are just there to help Taiwan with its streaming internet video capacity."

    In response to a question from reporters as to whether cyberattacks originating from other countries, such as Saudi Arabia, had been observed, Gates said "That's classified information. And besides, who cares? We're not talking about Saudi Arabia, we're talking about China."
  • Once upon a time (Score:3, Insightful)

    by Beryllium Sphere(tm) ( 193358 ) on Saturday February 17, 2007 @04:46PM (#18054556) Journal
    the military drove technology advances and used their money to get computer systems researched and built to their requirements.

    Why aren't they running hardened clients on the inside? Why are they running systems against which phishing is useful? Why aren't they deploying advanced OS technology in which stealing a password or compromising a browser doesn't give away the entire machine?

    Not to mention that the whole article doesn't make sense. Either the source IP addresses are in China or they aren't. If they are, why haven't they simply dropped all packets from China, and why are they so convinced that a Chinese IP means a Chinese attacker? If the IP addresses aren't from China, what is their reason for believing it's a Chinese-0wned set of machines?
  • ...connected to the public internet in the first place. Most sensitive US DOD sites have armed soldiers guarding the physical gateways. They don't let the general public meander through the grounds. Yet they're doing exactly that with their computers.
  • by dysk ( 621566 ) on Saturday February 17, 2007 @04:57PM (#18054650)
    Basically, if it were the Chinese government behind it, they would find machines in the US and Europe to zombify, and launch their attacks on government computers from those machines. They would use so many layers of net access that it'd be exceedingly difficult to track it back to hacker.gov.cn. If there was a coordinated attack by the Chinese government, and the US managed to track it back to them, the NSA would probably keep quiet about it so that they don't give away their capabilities and so that they'd have a method to feed China misinformation.


    This is most likely a coordinated attack by someone who wants US information (could be any country/organization in the world) and developed a botnet which happens to mostly reside in China, since China's computers tend not to get frequent security updates. The fact that the IP addresses are originating from China indicates that it's probably anyone but China.


    However...China-bashing does score political points right now.

  • by WindBourne ( 631190 ) on Saturday February 17, 2007 @05:08PM (#18054744) Journal
    Years ago, a Japanese company found that a Chinese operative was attempting to steal info. So they fed her with their formulas for capacitors from the 60's. In particular, several formulas that were well known to fail after only a few years of service. Sound Familiar?

    We need to do the same. China is bright enough to not run Windows in their equipment (frightening that USA does on our ships which will be used in defending Tiawan). But we can provide ideas/plans that we will not use or that we found subtly flawed. Basically, disinformation. I would be surprised if we are not doing just that.
  • Since when does 'proficiency and sophistication' lead one to believe a Government is behind something? -shudder-
  • The DOD doesn't have anything even remotely valuable on a system connected to the internet. I remember a technician speaking on this matter last year with regard to a story supposedly leaked from the military regarding UFO's or something. The leak turned out to be a honeypot lie, (of course), and he described multiple levels of computer/information security in place, and even the bottom-most layers involved computers which are linked only to themselves and which had solid doors between themselves and the
  • So MS gives China the source code to MS Windows. China starts to attack all the flaws it finds. Government people scratch their heads and still say to use crappy closed source, proprietary, MS-Only software!

    Now if the US government used mostly Open Source software, this would not be an issue. The code would be available. The exploits would be found. Fixes would come quick. Not only that, being Open source, the governments top programmers could just fix the crap themselves.

    So why exactly does the
    • by bmgoau ( 801508 )
      I highly doubt that the DoD is using windows on its mission critical systems (those that hold information of any value or guard a routing point). I would guess that they run their own entire system a far cry from anything avaliable to us, something home brew and totally designed from the ground up to do one job and do it well.

      BEGIN Speculation
      The government might even have some kind of intelligent system (im not saying AI) that is able to recognise new and unfamilure traffic, and take actions accordingly to
  • so? (Score:3, Insightful)

    by whathappenedtomonday ( 581634 ) on Saturday February 17, 2007 @07:00PM (#18055610) Journal
    The DoD/gov't better stop whining, it's not like they don't spy on other nations - friendly nations at that. Think full SWIFT access [wikipedia.org], PNRs [wikipedia.org] they want to retain for some 50 years, ECHELON [wikipedia.org] and the likes.

    Everybody knows that all of this is - of course - merely a part of fighting terrorism, since industrial and military espionage require different, more sophisticated and technically more complex and costly measures. Calling any of these measures disproportionate is considered heresy.

    Sarcasm aside: protect your networks, or prepare to be hacked. [slashdot.org]

  • by e-scetic ( 1003976 ) on Saturday February 17, 2007 @11:25PM (#18057084)

    After the Iraq WMD fiasco I don't trust the US to know its ass from its elbow when it comes to these sorts of things.

    The standards of evidence are obviously so low that nowadays all you have to do is imagine a threat and suddenly it's real and all sorts of circumstantial evidence points to it being true.

Children begin by loving their parents. After a time they judge them. Rarely, if ever, do they forgive them. - Oscar Wilde

Working...