“Highly sophisticated Chinese state-sponsored” cyberattack hits Canada Government’s top research organization

Note: Foreign Affairs Minister John Baird is in Beijing

A “highly sophisticated Chinese state-sponsored actor” recently managed to hack into the computer systems at Canada’s National Research Council, confirms the country’s chief information officer, Corinne Charette. Read the rest of this entry »

China Hackers Target Remote Conferencing Devices: Dell Researchers

(Reuters) – A Chinese hacking group tied to the breach of security company RSA two years ago has targeted a maker of audio-visual conference equipment in a likely attempt to tap into boardroom and other high-level remote meetings. Read the rest of this entry »

“Dirty little secret”: Chinese Hacker Breaks in Australian Federal Government departments, ABC reports

While debate rages over Australia’s border security, there’s growing evidence that the greatest threat to Australia’s national security potentially comes from foreign computer hackers. Few in government or business will admit the full extent of the break-ins, with one expert calling it a “dirty little secret”.

Next on Four Corners reporter Andrew Fowler reveals that hackers, working from locations overseas, have targeted key Federal Government departments and major corporations in Australia. Their intention is to steal national security secrets and vital business information. Read the rest of this entry »

Chinese Hackers Strike Australian Intelligence Agency 2 Months After “strategic partnership” Negotiation

Blueprints for the new headquarters’ (building) of Australia’s intelligence agency, located in the capital of Canberra, have been stolen by Chinese hackers, according to the Australian Broadcasting Corporation.

The news, which hit hard in Australia on Monday night, comes less than two months after Australian Prime Minister Julia Gillard negotiated a “strategic partnership” with the Chinese Communist Party’s new leadership, and a subsequent Defence White Paper was released stating that the People’s Republic of China is no longer seen as a threat. Read the rest of this entry »

Chinese Hackers Found Sensitive U.S. Government Data on Google Servers

When Chinese hackers breached Google servers in 2010, they were not targeting the Gmail accounts of human rights activists, as the company claimed at the time.

What the hackers were actually after was a database containing years of sensitive information related to U.S. surveillance. Now we have learned that the attack was successful, and the data compromised. Read the rest of this entry »

Chinese Hackers Accessed Sensitive Data After Breached Google, U.S. officials say

Chinese hackers who breached Google’s servers several years ago gained access to a sensitive database with years’ worth of information about U.S. surveillance targets, according to current and former government officials.

The breach appears to have been aimed at unearthing the identities of Chinese intelligence operatives in the United States who may have been under surveillance by American law enforcement agencies. Read the rest of this entry »

What Are Chinese Government Hackers Looking For?

Recent hacker attacks on U.S. media organizations thought to have originated in China are likely to have been motivated by a desire to uncover the sources of information embarrassing to leaders in Beijing, according to Chinese communications and security experts.

Last week, The New York Times newspaper accused hackers traced to China of “persistently” infiltrating its computer networks over the last four months, sparking an angry denial from Beijing. Read the rest of this entry »

Government-linked Hackers From China Hit U.S. Medias

WASHINGTON—Chinese hackers believed to have government links have been conducting wide-ranging electronic surveillance of media companies including The Wall Street Journal, apparently to spy on reporters covering China and other issues, people familiar with incidents said.

Journal publisher Dow Jones & Co. said Thursday that the paper’s computer systems had been infiltrated by Chinese hackers, apparently to monitor its China coverage. New York Times Co. disclosed Wednesday night that its flagship newspaper also had been the victim of cyberspying. Read the rest of this entry »

China’s Cyber Attack Targets Fortune 100 Chemical Firms: Report

Canadian operators of telecommunications networks, power grids, water systems and other services of vital importance are growing less prepared for a potentially devastating cyber attack, Symantec Corp. said in a report released on Monday.

In a separate report, the world’s largest security software maker also uncovered a series of attacks targeting dozens of companies in the industrial chemical production sector, which the company traced to a single user based in China.

Applied Research telephoned 3,475 companies in 37 countries between August and September, including 625 in Canada, on behalf of Symantec. The second annual Symantec Critical Infrastructure Protection Survey found providers were growing complacent about potential threats posed by computer hackers.

“Critical infrastructure providers are less engaged with their government’s CIP [critical infrastructure protection] programs, less concerned about threats and less ready than 12 months ago,” reads an excerpt from the 15-page report. Read the rest of this entry »

Six western energy companies Hacked Through China Internet Servers, including Exxon, Shell, BP

Computer hackers working through Internet servers in China broke into and stole proprietary information from the networks of six U.S. and European energy companies, including Exxon Mobil Corp., Royal Dutch Shell Plc and BP Plc, according to one of the companies and investigators who declined to be identified.

McAfee Inc., a cyber-security firm, reported Feb. 10 that such attacks had resulted in the loss of “project-financing information with regard to oil and gas field bids and operations.” In its report, Santa Clara, California-based McAfee, assisted by other cyber-security firms, didn’t identify the energy companies targeted. The attacks, which it dubbed “Night Dragon,” originated “primarily in China” and occurred during the past three years. Read the rest of this entry »

Chinese Hosting Company Named In Cyber Attacks On U.S. Oil Companies

(The Hosting News) – Song Zhiyue, a technician for the website hosting company Science and Technology Internet, in northeaster Shandong province of China was recently named by McAfee in relation to attack against U.S. oil and gas companies over the past years. In an interview with The Wall Street Journal, Zhiyue stated over the phone “What? You’re sure it’s my company?”

McAfee’s report found that hackers broke into computers of these companies in the Unites States, Taiwan, Greece, and Kazakhstan and regularly stole private information about bidding, operations, and the company’s finances. Their was no information regarding China’s state owned oil companies benefitting from the attacks or information received. Read the rest of this entry »

Chinese Hackers Targeted a Dozen Oil Companies in U.S. Kazakhstan, Taiwan, and Greece: McAfee

By Sara Yin, PC Magazine, Feb. 10, 2010-

Highly skilled hackers in China have been stealing information from Western oil and gas companies since at least November 2009, according to a white paper from McAfee.

The cybercriminals compromised servers in the United States and Netherlands to infiltrate oil, gas, and petrochemical companies in the United States, Kazakhstan, Taiwan, and Greece. Roughly a dozen companies were penetrated, with five firms confirming the attacks, the report said.

McAfee has nicknamed the coordinated attacks “Night Dragon” for its Chinese origins. Read the rest of this entry »

Australia Companies Rio, BHP, Fortescue Hit by China Computer Hackers, ABC Reports

By Jesse Riseborough, The Bloomberg, Apr.19, 2010-

April 19 (Bloomberg) — Rio Tinto Group faced cyber attacks from China at about the time of the arrest of four executives in the country, while BHP Billiton Ltd. and Fortescue Metals Group Ltd. have also been hit, Australian Broadcasting Corp. reported.

Hackers attacked Rio’s computer network last year, ABC said on its ‘Four Corners’ program, citing former employees and an Australian government official it didn’t identify. Rio took its Singapore office offline for almost three days to boost security while its Perth office was also affected, the program said.

Rio Tinto spokeswoman Christina Mills declined to comment.

BHP was targeted by hackers during a takeover bid for Rio, ABC reported, citing an unidentified former BHP executive. Ruban Yogarajah, a spokesman for BHP in London, wouldn’t comment.

Fortescue upgraded security after hackers sought to access its systems in Perth and the Pilbara in Australia, ABC said, citing mining executives it didn’t name. The company doesn’t comment on security, spokesman Cameron Morse said.

– Bloomberg.com

China Hackers Penetrate The White House Computer Network

Financial Times, UK, 7 Nov 2008-

Chinese hackers have penetrated the White House computer network on multiple occasions and obtained e-mails between government officials, a senior US official told the Financial Times.

On each occasion, the attackers accessed the White House computer system for brief periods, allowing them enough time to steal information before US computer experts patched the system.

US government cyber intelligence experts suspect the attacks were sponsored by the Chinese government because of their targeted nature. But they concede that it is extremely difficult to trace the exact source of an attack beyond a server in a particular country.

“We are getting very targeted Chinese attacks so it stretches credulity that these are not directed by government-related organisations,” said the official.

The official said the Chinese cyber attacks had the characteristics of the “grain of sands” approach taken by Chinese intelligence, which involves obtaining and pouring over lots of – often low-level – information to find a few nuggets.

Some US defence companies have privately warned about attacks on their systems that they believe are attempts to learn about future weapons systems.

The National Cyber Investigative Joint Task Force, a new unit established in 2007 to tackle cyber security, detected the attacks on the White House. But the official stressed that the hackers had accessed only the unclassified computer network, not the more secure classified network.

“For a short period of time they successfully breach a wall and then you rebuild the wall . . . It is not as if they have continued access,” said the official. “It is constant cat and mouse.”

Dana Perino, the White House press secretary, declined to comment. The Chinese embassy also did not comment but in the past China has said similar allegations reflect “cold war thinking”. The US has increased efforts to tackle cyber security, particularly since Chinese hackers believed to be associated with the Peoples’ Liberation Army perpetrated an attack on the Pentagon last year.

US military computer experts battled for weeks against a sustained attack that eventually overcame the Pentagon’s defences. The attackers managed to obtain information and e-mail traffic from the unclassified computer system that supports Robert Gates, the defence secretary. Pentagon IT technicians were forced to take the network down for days to conduct repairs……. Read the rest of this entry »

Two US Lawmakers Say China Hacked Their Office Computers

By VOA News, US, 11 June 2008-

Two members of the U.S. Congress say the Federal Bureau of Investigation has found that their computers were hacked by sources inside China.

Representative Frank Wolf of Virginia and Representative Chris Smith of New Jersey said Wednesday they suspect China targeted their computers because they are longtime critics of China’s human rights record.

Representative Wolf says four of his computers were hacked beginning in August of 2006. Representative Smith says two of his computers were compromised beginning in December of 2006.

Wolf and Smith say hackers have attacked the computers of other U.S. lawmakers as well.

China has not yet responded to the allegations.

The threat of Chinese Internet espionage has been an increasing concern for the United States.

U.S. officials say they are investigating whether Chinese operatives secretly copied the contents of a U.S. government laptop last year during a visit to China by Commerce Secretary Carlos Gutierrez.

China’s Foreign Ministry last week called the allegation “totally groundless” and “highly irresponsible.”

Last year, a report by the U.S.-based software security company McAfee said China is the most aggressive of 120 countries that carry out Internet espionage.

The report said Chinese computer hackers allegedly gained access to German, Indian and U.S. government computer networks during 2006 and 2007.

– Original from VOA News

China Suspected In New Zealand Government Computer Systems Hacking

By HANK SCHOUTEN, The Dominion Post, Via http://www.stuff.co.nz/, New Zea;and, 11 September 2007-

Government computer systems have been hacked into by foreign governments, the country’s chief spymaster says.

Government departments’ websites have been attacked, information has been stolen and hard-to-detect software has been installed that could be used to take control of computer systems, Security Intelligence Service director Warren Tucker said.

In his first interview since taking up the post in November, Mr Tucker said there was evidence that foreign governments were responsible for the attacks.

He would not discuss what country was responsible but referred to comments by Canada’s security service about Chinese spying activities.

Russia and China have been implicated in attacks on the British parliament’s computer system.

Mr Tucker also noted the bungled attempt by Mossad agents from Israel to secure New Zealand passports in 2004.

China was accused last week of hacking into German Government systems and the Pentagon’s computer systems in the United States.

Mr Tucker said the SIS and its kindred agency, the Government Communications Security Bureau, had responded to the cyber attacks by stepping up a security awareness campaign.

In some cases, departments did not even realise their computer systems had been breached.

Sensitive information had been stolen and attempts had been made to gain access to classified information.

In one attack, a department had been penetrated and a programme had been inserted to generate bogus but genuine looking e-mails. Mr Tucker would not name the department or elaborate.

But he said the SIS was stepping up its foreign intelligence gathering operations as part of a realignment of the service, which had just 166 staff when he took over but now has over 200.

“As we’ve stepped up our activities we’ve become more concerned about what we have found,” said Mr Tucker, who consented to the interview on condition that he would not be questioned about Algerian refugee Ahmed Zaoui.

Mr Tucker said the terrorist threat to New Zealand was low but rising – a reflection of overseas concerns about Islamic extremists and the radicalisation of some communities.

The service was engaged on issues of real concern to New Zealand. “The relatively small number of people we monitor are the sort of people you would want us to monitor and would be surprised if we didn’t.”

The SIS had also moved to boost its security vetting of people entering New Zealand and to speed up security clearance processes for people handling sensitive Government information.

The scandal last year when a Beehive messenger leaked a Cabinet paper about the Government’s plan to open Telecom to competition had had a bearing on the initiative.

Mr Tucker, a former director of the Government Communications Security Bureau, told The Dominion Post he believed there was a need for the service to be more open, accessible and more closely aligned to the core values of New Zealand, which were integrity, trustworthiness, being upfront and a willingness to admit mistakes.

It was important for the SIS to be seen as an integral part of the machinery of government, and that its work was seen as necessary and important and that the service was trusted.

– Original report from stuff.co.nz : NZ spies uncover cyber attacks

China’s Cyber Army Is Preparing To March on America, says Pentagon

Tim Reid in Washington, The Times, UK, September 8, 2007-

Chinese military hackers have prepared a detailed plan to disable America’s aircraft battle carrier fleet with a devastating cyber attack, according to a Pentagon report obtained by The Times.

The blueprint for such an assault, drawn up by two hackers working for the People’s Liberation Army (PLA), is part of an aggressive push by Beijing to achieve “electronic dominance” over each of its global rivals by 2050, particularly the US, Britain, Russia and South Korea.

China’s ambitions extend to crippling an enemy’s financial, military and communications capabilities early in a conflict, according to military documents and generals’ speeches that are being analysed by US intelligence officials. Describing what is in effect a new arms race, a Pentagon assessment states that China’s military regards offensive computer operations as “critical to seize the initiative” in the first stage of a war.

The plan to cripple the US aircraft carrier battle groups was authored by two PLA air force officials, Sun Yiming and Yang Liping. It also emerged this week that the Chinese military hacked into the US Defence Secretary’s computer system in June; have regularly penetrated computers in at least 10 Whitehall departments, including military files, and infiltrated German government systems this year.

Cyber attacks by China have become so frequent and aggressive that President Bush, without referring directly to Beijing, said this week that “a lot of our systems are vulnerable to attack”. He indicated that he would raise the subject with Hu Jintao, the Chinese President, when they met in Sydney at the Apec summit. Mr Hu denied that China was responsible for the attack on Robert Gates, the US Defence Secretary.

Larry M. Wortzel, the author of the US Army War College report, said: “The thing that should give us pause is that in many Chinese military manuals they identify the US as the country they are most likely to go to war with. They are moving very rapidly to master this new form of warfare.” The two PLA hackers produced a “virtual guidebook for electronic warfare and jamming” after studying dozens of US and Nato manuals on military tactics, according to the document.

The Pentagon logged more than 79,000 attempted intrusions in 2005. About 1,300 were successful, including the penetration of computers linked to the Army’s 101st and 82nd Airborne Divisions and the 4th Infantry Division. In August and September of that year Chinese hackers penetrated US State Department computers in several parts of the world. Hundreds of computers had to be replaced or taken offline for months. Chinese hackers also disrupted the US Naval War College’s network in November, forcing the college to shut down its computer systems for several weeks. The Pentagon uses more than 5 million computers on 100,000 networks in 65 countries.

Jim Melnick, a recently retired Pentagon computer network analyst, told The Times that the Chinese military holds hacking competitions to identify and recruit talented members for its cyber army.

He described a competition held two years ago in Sichuan province, southwest China. The winner now uses a cyber nom de guerre, Wicked Rose. He went on to set up a hacking business that penetrated computers at a defence contractor for US aerospace. Mr Melnick said that the PLA probably outsourced its hacking efforts to such individuals. “These guys are very good,” he said. “We don’t know for sure that Wicked Rose and people like him work for the PLA. But it seems logical. And it also allows the Chinese leadership to have plausible deniability.”

In February a massive cyber attack on Estonia by Russian hackers demonstrated how potentially catastrophic a preemptive strike could be on a developed nation. Pro-Russian hackers attacked numerous sites to protest against the controversial removal in Estonia of a Russian memorial to victims of the Second World War. The attacks brought down government websites, a major bank and telephone networks.

Linton Wells, the chief computer networks official at the Pentagon, said that the Estonia attacks “may well turn out to be a watershed in terms of widespread awareness of the vulnerability of modern society”.

After the attacks, computer security experts from Nato, the EU, US and Israel arrived in the capital, Tallinn, to study its effects.

Sami Saydjari, who has been working on cyber defence systems for the Pentagon since the 1980s, told Congress in testimony on April 25 that a mass cyber attack could leave 70 per cent of the US without electrical power for six months.

He told The Times that all major nations – including China – were scrambling to defend against, and working out ways to cause, “maximum strategic damage” by taking out banking systems, power grids and communications networks. He said that there were at least a thousand attempted attacks every hour on American computers. “China is aggressive in this,” he said.

– Original report from The Times 

China Hackers Have Been Attacking UK Government Departments for 4 Years

Richard Norton-Taylor, The Guardian, Wednesday September 5, 2007-

Chinese hackers, some believed to be from the People’s Liberation Army, have been attacking the computer networks of British government departments, the Guardian has learned.

The attackers have hit the network at the Foreign Office as well as those in other key departments, according to Whitehall officials.

The Ministry of Defence declined yesterday to say whether it had been hit. An incident last year that shut down part of the House of Commons computer system, initially believed to be by an individual, was discovered to be the work of an organised Chinese hacking group, officials said.

Security and defence officials are coy about what they know of specific attacks. However, they say several Whitehall departments have fallen victim to China’s cyberwarriors. One expert described it as a “constant ongoing problem”.

The disclosures came after reports that the Chinese military had hacked into a Pentagon military computer network in June. The Financial Times said American officials called it the most successful cyber attack on the US defence department.

Defence department officials confirmed that there had been a “detected penetration” of elements of the email system used by the network serving the office of Robert Gates, the US defence secretary. US officials were reported to have said that an investigation had discovered that the People’s Liberation Army (PLA) was responsible.

The US gave the codename “Titan Rain” to the growing number of Chinese attacks, notably directed at the Pentagon but also hitting other US government departments, over the past few years.

The latest attack caused some minor administrative disruptions, but there had been no adverse impact on operations, an official said.

Angela Merkel, Germany’s chancellor, is reported to have raised the issue of Chinese attacks on her government’s computers during a visit to Beijing. Officials here declined to say whether the British government had raised the issue with the Chinese authorities.

Alex Neill, China expert and head of the Asia Security Programme at the Royal United Services Institute, Rusi, said cyber attacks by the Chinese had been going on for at least four years. He described the reported attack on the Pentagon as the “most flagrant and brazen to date”.

He said such attacks reflected a new doctrine of the PLA described as “pressure point warfare” – the attacking of specific nodes to leave the adversary paralysed.

The incidents should be seen against the background of the forthcoming 17th Chinese Communist party congress, which could determine the next generation of leaders, and the PLA keen to flex its muscles, Mr Neill suggested.

The attacks on the Pentagon’s computer system were described by Dr Sandra Bell, head of Rusi’s homeland security department, as “very much a wake-up call”. She added: “The Chinese see no difference between asymmetric warfare and conventional warfare”.

Analysts have argued over the seriousness of the attacks, and China has officially denied responsibility. However, the latest attack was said by officials and analysts yesterday to be the most serious discovered so far.

Responsibility for advising government departments on how to protect their networks rests with MI5, GCHQ, and the Centre for the Protection of the National Infrastructure in the Cabinet Office.

– Original report from The Guardian : Titan Rain – how Chinese hackers targeted Whitehall

China Military Hacked Into Pentagon

By Demetri Sevastopulo in Washington and Richard McGregor in Beijing, the Financial Times, September 3 2007-

The Chinese military hacked into a Pentagon computer network in June in the most successful cyber attack on the US defence department, say American ­officials.

The Pentagon acknowledged shutting down part of a computer system serving the office of Robert Gates, defence secretary, but declined to say who it believed was behind the attack.

Current and former officials have told the Financial Times an internal investigation has revealed that the incursion came from the People’s Liberation Army.

One senior US official said the Pentagon had pinpointed the exact origins of the attack. Another person familiar with the event said there was a “very high level of confidence…trending towards total certainty” that the PLA was responsible. The defence ministry in Beijing declined to comment on Monday.

Angela Merkel, Germany’s chancellor, raised reports of Chinese infiltration of German government computers with Wen Jiabao, China’s premier, in a visit to Beijing, after which the Chinese foreign ministry said the government opposed and forbade “any criminal acts undermining computer systems, including hacking”. …… ( more details from the Financial Times’ report)

German Politicians Want to be informed on China Trojan Attacks

Heise.de, Germany, 27.08.2007- 

German politicians request information on alleged Chinese attacks with Trojan programs on systems of the federal government.

In an interview with Spiegel Online, Ruprecht Polenz (CDU), chairman of the Committee on Foreign Affairs, said: “If there is clear evidence that the Chinese state is responsible for these attacks, we cannot let the matter rest.”

According to a Spiegel report, the Federal Office for the Protection of the Constitution assumes that experts of the Chinese army have conducted the online espionage attacks against the Federal Chancellery, the ministry of economics, the ministry of research and also the ministry of foreign affairs.

Rolf Mützenich, foreign expert of the SPD, requested Chancellor Angela Merkel (CDU) to address this issue during her current trip to China. Max Stadler, home affairs specialist of the FDP, requested the federal government to report to the Interior Committee of the German Bundestag: “We want to know whether the ministries use state-of-the-art technology when it comes to computer security”, he said in an interview with Passauer Neue Presse.

German business leaders have cautioned about fear-mongering. In an interview with Financial Times Deutschland, Jürgen Thumann, president of the “Bundesverband der Deutschen Industrie” (BDI) said: “We must not blame China for everything”. And Jürgen Hambrecht, CEO of BASF and chairman of the “Asien-Pazifik-Ausschuss der Wirtschaft“, explained: “I am very worried about some public discussions; they do not reflect the reality.” Thumann and Hambrecht are accompanying the Chancellor on her trip to China.

The trade union of the police requested better equipment for their fight against cybercrime. “We lack experts and state-of-the-art technology. The offenders are far ahead”, Konrad Freiberg, chairman of the trade union, complained in an interview with Hanover-based Neue Presse.

– Original report from Heise.de

China hackers target German government computers: report

DPA, via EarthTimes.org-

Berlin – Chinese hackers have infiltrated German government computers with spy programmes, the news magazine Der Spiegel reported Saturday. The report said the malicious programmes, called Trojans, were discovered when experts examined computers in Chancellor Angela Merkel’s office complex and several government ministries.

Trojans pretend to be useful but actually install software that allows unauthorized remote access to a victim’s system.

The first Trojans were found several months ago, but attempts are still being made to sneak such programmes into government computers via the internet, Der Spiegel said on its website.

A spokesman for the Interior Ministry declined to confirm the report.

He said that preventive measures had been introduced in government offices to guard against Trojan programmes. So far no damage had occurred, he added.

The magazine said German intelligence services suspect hackers in the Chinese army are behind the onslaught.

In addition to the Federal Chancellery, Trojans were also found in computers at the Foreign Ministry, the Ministry of Economics and the Research and Development Ministry, the report said.

The disclosure comes a day before Merkel leaves for Beijing on a six-day visit to China and Japan.

– Report from EarthTimes.org

Chinese Hackers Wake Up to Malware

Tom Sanders in California, vnunet.com, IT Week, UK, 16 Mar 2007-

Security researchers are noticing an increase in malware originating from China, which is adding to the challenge of investigating online threats.

“The past three to four months have seen a slow increase in Chinese malware. It used to be the odd file every now and then, but it is now almost every day,” Chris Boyd, director of malware research at FaceTime Communications, told vnunet.com.

China has traditionally been a hotbed of password stealers who go after log-in names and passwords for online games such as World of Warcraft. The criminals are after virtual currencies and goods which can be sold on auction websites.

But FaceTime is reporting a new trend of Chinese criminals developing their own file downloaders and rootkits.

This malware can be used to control botnets, install adware and evade detection by security software. Just like in other parts of the world, money is the big driver. …… (more details from IT Week website)

Cyber Officials: China Hackers Attack ‘anything and everything’

BY Josh Rogin, FCW.com, VA, Feb. 13, 2007-

NORFOLK, VA. — At the Naval Network Warfare Command here, U.S. cyber defenders track and investigate hundreds of suspicious events each day. But the predominant threat comes from Chinese hackers, who are constantly waging all-out warfare against Defense Department networks, Netwarcom officials said.

Attacks coming from China, probably with government support, far outstrip other attackers in terms of volume, proficiency and sophistication, said a senior Netwarcom official, who spoke to reporters on background Feb 12. The conflict has reached the level of a campaign-style, force-on-force engagement, he said.

“They will exploit anything and everything,” the senior official said, referring to the Chinese hackers’ strategy. And although it is impossible to confirm the involvement of China’s government, the attacks are so deliberate, “it’s hard to believe it’s not government-driven,” the official said.

The motives of Chinese hackers run the gamut, including technology theft, intelligence gathering, exfiltration, research on DOD operations and the creation of dormant presences in DOD networks for future action, the official said.

A recent Chinese military white paper states that China plans to be able to win an “informationized war” by the middle of this century. Overall, China seeks a position of power to ensure its freedom of action in international affairs and the ability to influence the global economy, the senior official said.

Chinese hackers were responsible for an intrusion in November 2006 that disabled the Naval War College’s network, forcing the college to shut down its e-mail and computer systems for several weeks, the official said. Forensic analysis showed that the Chinese were seeking information on war games in development at NWC, the official said.

NWC was vulnerable because it was not part of the Navy Marine Corps Intranet and did not have the latest security protections, the official explained. He said this was indicative of the Chinese strategy to focus on weak points in the network.

China has also been using spear phishing, sending deceptive mass e-mail messages to lure DOD users into clicking on a malicious URL, the official said. China is also using more traditional hacking methods, such as Trojan horse viruses and worms, but in innovative ways.

For example, a hacker will plant a virus as a distraction and then come in “slow and low” to hide in a system while the monitors are distracted. Hackers will also use coordinated, multipronged attacks, the official added.

Chinese hackers gained notoriety in the United States when a series of devastating intrusions, beginning in 2003, was traced to a team of researchers in Guangdong Province. The program, which DOD called Titan Rain, was first reported by Federal Computer Week in August 2005. Following that incident, DOD renamed the program and then classified the new name.

That particular set of hackers is still active, the Netwarcom official said. He would not confirm whether the Titan Rain group was linked to the NWC attack or any other recent high-profile intrusions.

Other senior military officials have spoken out recently on U.S. cyber strategy, saying the country urgently needs to develop new policies and procedures for fighting in the cyber domain.

Current U.S. cyber warfare strategy is dysfunctional, said Gen. James Cartwright, commander of the Strategic Command (Stratcom), in a speech at the Air Warfare Symposium in Orlando, Fla., last week. Offensive, defensive and reconnaissance efforts among U.S. cyber forces are incompatible and don’t communicate with one another, resulting in a disjointed effort, Cartwright said.

Gen. Ronald Keys, commander of Air Combat Command, told reporters at the conference that current policies prevent the United States from pursuing cyberthreats based in foreign countries. Technology has outpaced policy in cyberspace, he said.

The United States should take more aggressive measures against foreign hackers and Web sites that help others attack government systems, Keys said. It may take a cyber version of the 2001 terrorist attacks for the country to realize it must re-examine its approach to cyber warfare, he added.

Netwarcom officials described their approach as an active defense, in which monitors build defenses around the perimeter of DOD systems, work to mitigate the effects of attacks and restore damaged parts of the network.

Meanwhile, the consolidation of DOD’s cyber resources is ongoing. Netwarcom works directly with the Joint Task Force for Global Network Operations, DOD’s lead agency on network defense and operations, a component of Stratcom.

Netwarcom, the Navy’s lead cyber agency, is moving from monitoring the networks to full command-and-control capabilities. The Air Force announced in October 2006 that it will create a Cyber Command, based on the infrastructure of the 8th Air Force under Lt. Gen. Robert Elder, at Barksdale Air Force Base, La., to coordinate its cyber warfare efforts.

In the end, the cyberthreat is revolutionary, officials said, because it has no battle lines, the intelligence is intangible, and attacks come without warning, leaving no time to prepare defenses. Education and training of computer users, not enforcement, are the most effective defense measures, officials said.

– original report from FCW.com