Chinese Hack Attacks on DoD Networks Coordinated

An anonymous reader writes " The Naval Network Warfare Command says that Chinese hackers are relentlessly targeting Defense Department networks with cyber attacks. The 'volume, proficiency and sophistication' of the attacks supports the theory that the attacks are government supported. The motives of the attacks emanating from China include technology theft, intelligence gathering, exfiltration, research on DOD operations and the creation of dormant presences in DOD network for future action. Onlookers warn that current US defenses against these attacks are 'dysfunctional', and that more aggressive measures should be taken to ensure government network safety."

Re:Far outstripping other attackers

[zappepcs]

That is an interesting statement:

"China's so full of compromised hosts that whoever's actually cracking DoD machines is probably sitting in an internet cafe in Milan, piping data through some rooted .gov.cn box..."

I wonder how easy it would be to pin this on MS products that have been pirated?

Its an interesting twist of thought to think that MS is responsible for cyber attacks on the DOD. While that isn't true, it's still interesting in a 'haha' kind of way.

Makes me believe that there will be counter-attack strategies that include government sponsored worms traversing the Internet trying to secure those compromised hosts.

Nethack Terminus

[SMACX+guy]

By creating a planetary network, mankind on Planet now has the ability to share information at light-speed. But by creating a single such network, each faction has brought themselves closer to discovery as well. At the speed of light, we will catch your information, tag it like an animal in the wild, and release it unharmed -- if such should serve our purposes.

Re:Nethack Terminus

[nuzak]

C'mon, we're talking about a Chinese distributed hack here. Here's the quote that should have leaped into your head.

"If I determine the enemy's disposition of forces while I have no perceptible form, I can concentrate my forces while the enemy is fragmented. The pinnacle of military deployment approaches the formless: if it is formless, then even the deepest spy cannot discern it nor the wise make plans against it." -- Sun Tzu, The Art of War

counterattack?

[gravesb]

I wonder how much China would complain if the NSA launched an attack against any confirmed hosts? If there is evidence that computers are attacking use, either live or as bots, can China make a real complaint about us protecting our interests?

Re:mitigate the problems

[fishthegeek]

I strongly suspect that DoD WANTS to see the attacks. You are exactly right, if the DoD were really concerned about the loss of classified information they would simply block those IP ranges. Something more sophsiticated is probably at work.

1. Create a honeypot that doesn't look like a honeypot.
2. Fire off press releases complaining about how intelligent and crafty those 1337 Chinese Hackers are.
3. Watch and learn.

I can't think of a better way to assess the level of skill the Chinese possess. I seriously doubt that valuable classified information is within reach of internet connected machines. This article and probably most like it are misinformation designed to encourage the Chinese.

Re:Onlookers?

Why in the hell do you have your secret and SCI sides on the internet? That's DOD/DOE no-no number one!

To answer you, the guy is speaking out of his ass. He's probably an EDS sub-contractor on the NMCI handling help desk calls about email and web proxies and probably thinks SNORT ACID is something he can get busted for.

Mr. ChooseAnother probably doesn't realize that commenting on this, attributing to himself as an insider is a sure-fire way to get his nads hooked to some 'trodes and get his non-clearance revoked.

But, man, he does sound so C O O L don't you want to be just like him when you grow up?

Re:Far outstripping other attackers

[Vicissidude]

And of those online in China, only 36 million have broadband connections. Further, black markets and pirated software are not just limited to China. In fact, they're all over. So, with the prevalence of pirated software worldwide, why are the majority of the attacks coming from one place? Why are the attacks from that one place going to US military targets? And why are the attacks so sophisticated?

It is widely known that the Chinese want our secrets and technology, especially those surrounding the military. It is widely known that the Chinese actually do copy and steal US trade and military secrets and technology. And it is widely known that as friendly as the Chinese act toward the US, that the Chinese work behind the scenes to subvert US influence and control.

Given the number of sophisticated attacks coming from a single country against US military targets, especially coming from a country that has been militarily hostile to us in the recent past, then I'd say we probably are getting attacked.

Oh nonsense. Here are the biggest problems.

[btarval]

Honestly, if this were an attempt to bring us down for good, it would simply be far, far easier to just use the backend offices of the banks which have been offshored, and take out our economic system.

The amount of confusion and damage that this could do would be enormous. And it would have the added benefit (to the attacker) of leaving the hard assets (buildings, people) in place, unlike an actual war. These could be simply bought up later, rather cheaply.

There are different ways to root a country. Actual destruction is the most expensive and inefficent approach there is.

The real cause of these cyberspace attacks is that the U.S. government has actively encouraged them. First, the Feds have actually punished Government employees who have tried to stop these attacks. Read The Invasion of the Chinese Cyberspies (And the Man Who Tried to Stop Them) This is a variation on a common theme of the attitude of the U.S. government, unfortunately. Protecting the U.S. appears not to be a priority.

The second biggest problem is that the Federal Government has set up a hostile enviroment to discourage Security Research. Security researches are threatened with prosecution, jail time and civil lawsuits that can bankrupt them. The common occurance is when a Researcher reports a problem with a flaw in a product. There are no Safe Harbor procedures or provisions in any Federal law which allow this to happen so that society in general can benefit.

This has had a rather chilling effort on the IT industry as a whole. There is no safe way to study real cracking, so our students (and industry workers) really don't understand how the bad guys work. This also has the added downside that new technologies are developed without any real understanding (or even concern) of what the attack vectors are. MS Windows is the best known example. Javascript is the second best.

Had the U.S. implemented Safe Harbor provisions, we'd be in far better shape to deal with hostile attacks, throughout the entire industry.

While the offshoring of jobs has had an effect, without the above two points we'd still have this problem. Furthermore, if we had shored up and expanded our efforts in Security Research, we would be a lot more resistant to backoffice exploits.

It is also obvious that security can't be offshored. So if the Federal government had made security a priority, your original point would be moot.