April 23, 2009:
A recent news story, claiming that unknown hackers had breached Department of Defense Internet security, and stolen terabytes (millions of megabytes) of classified data on the new F-35 fighter-bomber, caused considerable alarm. The Department of Defense and the manufacturer (Lockheed Martin) denied that this penetration and theft took place.
The U.S. Department of Defense is the largest user of computers, and networks, in the world. This includes 11 million Internet users, over six million PCs and over 10,000 networks. This has always attracted a lot of hacker attention. For over a decade, all the services have been scrambling to get their Cyber War defenses strengthened. But so many networks and PCs make an attractive target, and provide many potential weak areas that can be penetrated. The Department of Defense systems suffer thousands of serious attacks a day. But getting to terabytes of F-35 design data, and transferring it, would have been difficult, especially in light of what the Department of Defense had been dealing with on the Cyber War front.
Many people are trying to get into Department of Defense networks, and the practitioners are doing it covertly, to avoid the victims realizing the danger and increasing their defenses. The key here is hiding your tracks. The earliest signs of major foreign attacks was the highly damaging Code Red virus of 2001, which apparently came from China. It was discovered, picked apart and the origin of the virus was traced. China denied any responsibility and believed they had got away with it.
This penetration was on the same scale as several others in the last three years. There have been at least ten major attacks, hitting targets like the State Department, the National Defense University, the Naval War College and Fort Hood. Each of these cost $20-30 million to clean up after. Nothing was said about how defenses were adjusted as a result of these attacks. But that's normal, as hacking is all about keeping your own secrets, and finding out what everyone else's are.
China, unlike other nations hostile to America (North Korea, Cuba, Iran), has a large and growing Internet presence. China has thousands of skilled Internet programmers, and has admitted it is putting together military units for developing and using cyberweapons. These undeclared, and unofficial, Cyber War operations, mainly espionage, have been going on for over a decade now. And the tools available to the attackers are becoming more powerful. Helping out the government hackers are several dozen gangs that undertake large scale criminal operations on the Internet. Most people see the results in the form of spam email (over 90 percent of all email is spam) and operations that secretly take over personal and business PCs, so these computers can secretly transmit spam, or huge quantities of bogus messages that shut down targeted web sites (DDOS, or distributed denial or service attacks). The gangs also specialize on finding all manner of secret, or sensitive, information, and selling it. Intelligence agencies are often eager buyers.
It appears that China and Russia, or at least their security services, have made deals with some of the gangs. It works like this. If the secret police want some Internet based spying done, or a DDOS attack unleashed on someone, the gangs will do it, or help government Cyber War organizations do so. In return, the gangs have a safe haven. The gangs have to refrain from major operations against the country they are in, but most of the targets are in the West (that's where most of the money is). Of course, no one will admit to this sort of thing. But criminal gangs working for the secret police is an ancient practice in these two countries, something that goes back centuries.
The U.S. is the main target for the Internet based espionage, and has not yet come up with a way to get the foreign hackers to stop. American officials don't want details of this war reported in the media either, because the losses are embarrassing, as is the lack of an effective plan to halt the plundering. Occasionally, some details leak out, like the military asking Congress for permission to use more aggressive methods in going after the cyber spies. This quiet war could have enormous implications for any future conventional conflict. The Chinese are going after military technology, and it's not always obvious what they've got, and what they haven't. This increases the probability of some nasty, and painful, surprises when the shooting starts.
Little information on American defensive efforts becomes public, for the obvious reason that this would help the people trying to hack their way in. But there is a lot of activity in the Internet defense area. It will be years, if not decades, before the full story of who got what from whom, and how. Just like any past situation involving espionage and technology.