December 4,2008:
U.S. military commanders are alarmed at the growing number of targeted
hacking attacks on their networks. The hackers are trying to get at specific
items of military information, and are even going after individual military
computer users.
This all
began about eight years ago, with an increasing number of very well executed
Internet attacks hitting U.S. government (especially Department of Defense)
computers. Analysis of these attacks indicated that the hackers appeared to be
coming from China and Russia. At first, it was thought to be adventurous
computer science students, or criminals out to steal something they could sell.
Then, in
2003, came the "Titan Rain" incident. This was a massive and well
organized attack on American military networks. The people carrying out the
attack really knew what they were doing, and thousands of military and
industrial documents were sent back to China. The attackers were not able to
cover their trail completely, and some of the attackers were traced back to a
Chinese government facility in southern China. The Chinese government denied
all, and the vast amounts of technical data American researchers had as proof
was not considered compelling enough for the event to be turned into a major
media or diplomatic episode.
In the wake
of Titan Rain, governments around the world began to improve their Internet
security. But not enough. The attacks kept coming, primarily out of China. And
the attackers were getting better. In 2005, a well organized attack was made on
the networks of the British parliament. This time, the defense won the battle.
Mostly. The carefully prepared emails (with virus attached), would have fooled
many recipients, because they were personalized, and this helped prevent
network defenses from detecting the true nature of these messages. These
targeted emails from hackers were very successful. If the recipient tried to
open the attached file, their computer who have hacking software secretly
installed. This software would basically give the hacker control of that PC,
making it possible to monitor what the user does on the computer, and have
access to whatever is on that machine.
While many
recipients sense that the "spear fishing" (or "phishing")
attack is just that, some don't, and it only takes a few compromised PCs to give
someone access to a lot of secret information. This would be the case even if
it is home PCs that are being infected. American legislators have discovered
office and personal PCs of themselves and their staffers infected.
But many
other attacks are only discovered when they are over, or nearly so. The
attackers are very well prepared, and usually first make probes and trial run
attacks on target systems. When the attackers come in force, they don't want to
be interrupted. And usually they aren't. The Chinese attackers use techniques
similar to those employed by criminal gangs trying to get into banks,
brokerages and big businesses in general. Thus it is believed that the Chinese
hackers try, as much as possible, to appear like just another gang of cyber
criminals. But the Chinese have certain traits that appear more military than
gangster.
The Chinese
cyber army keeps getting better, and that includes covering their tracks. It
may take a defector or three to make it definite that China is waging a stealthy
war over the Internet. Meanwhile, the Chinese and Russians reap enormous
economic and political benefits from their raids on economic and technical
secrets in the West.
U.S.
commanders are hoping president-elect Obama, the most computer literate presidents
ever, will provide more support for Cyber War efforts, both defensive and
offensive.