Home Black Hat Deep Tech Essays Fireside Chat My Take News Alerts Q&A RSAC Videocasts About Contact

Archive for March, 2007


Chinese hackers seek U.S. access


Find an original copy of this article here.

SAN FRANCISCO – The cyberattack of a U.S. military computer system has deepened concern about cyberspying and the security of the Internet’s infrastructure.

Chinese hackers were most likely behind an intrusion in November that disabled the Naval War College’s network, forcing it to disconnect from the Internet for several weeks, says Lt. Cmdr. Doug Gabos, a spokesman for the Navy Cyber Defense Operations Command in Norfolk, Va.

Forensic analysis indicates the hackers may have sought information on war games in development at the naval college, he said. The college was vulnerable because it did not have the latest security protections, Gabos said.

The November attack was part of an ongoing campaign by Chinese hackers to penetrate government computers. The attacks often come in the form of “spear phishing,” scams where attackers craft e-mail messages that seem to originate from the recipient’s organization in a ploy to gain unauthorized access to confidential data.

China is also using more traditional hacking methods, such as computer viruses and worms, but in sophisticated ways, says Alan Paller, director of the security research organization SANS Institute.

Hackers are directly breaking into military and government computers, and exploiting the side doors of private networks connected to them, Paller says.

The intrusions spotlight the soft underbelly in U.S. cybersecurity. They also underline the need for the federal government to develop policies that define responsibilities between the public and private sectors to fend off hackers and terrorists, say military officials and cybersecurity experts including Jody Westby, CEO of Global Cyber Risk.

The attacks also underscore flaws in Internet security and the difficulty in tracking bad guys, says Westby, a cybersecurity consultant in Washington. Such “Swiss cheese” holes, she says, not only compromise military and government networks but those of businesses and critical infrastructure.

“The Internet was not designed for security, and there are … more