Cyber Attacks On US Military Jump Sharply In 2009

← Back to Stories (view on slashdot.org)

Cyber Attacks On US Military Jump Sharply In 2009

Posted by Soulskill on Friday November 20, 2009 @07:02PM from the proportional-with-gold-farming dept.

angry tapir writes "Cyber attacks on the US Department of Defense — many of them coming from China — have jumped sharply in 2009, a US congressional committee has reported. Citing data provided by the US Strategic Command, the US-China Economic and Security Review Commission said that there were 43,785 malicious cyber incidents targeting Defense systems in the first half of the year. That's a big jump. In all of 2008, there were 54,640 such incidents. If cyber attacks maintain this pace, the yearly increase will be around 60 percent. The full report (PDF) is available online."

21 of 76 comments (clear)

chicken feed by Anonymous Coward · 2009-11-20 19:15 · Score: 2, Informative

"The cost of such attacks is significant," the report notes. Citing data from the Joint Task Force-Global Network Operations, the report says that the military spent $100 million to fend off these attacks between September 2008 and March 2009
That's a lot of money... That's almost 8 full hours of what is being spent on Iraq.
1. Re:chicken feed by 1s44c · 2009-11-20 22:50 · Score: 2, Insightful
  
  "The cost of such attacks is significant," the report notes. Citing data from the Joint Task Force-Global Network Operations, the report says that the military spent $100 million to fend off these attacks between September 2008 and March 2009
  That's a lot of money... That's almost 8 full hours of what is being spent on Iraq.
  Yes but they don't get any oil out of this.
  The phrase 'fend off' network attacks is moronic. You don't 'fend off' cyber attacks you set things up right the first time around. They should be setting things up right before they get attacked not as some afterthought.
  Of course if they run windows on any networked machine they will always have some risk.
They still don't like us? by hwyhobo · 2009-11-20 19:25 · Score: 4, Insightful

And here I was, thinking that the Presidential Apology Tour would make it all better.
On a serious note, by moving our high tech industry offshore we have helped to make it happen. Now, with a broken economy, we appear weak, and we invite ridicule and attack. Clever bandaids added to firewalls will make little difference long term. We need to regain strength and respect. This is not just a technical problem. Our recent administrations (Republicrats and Demopublican alike) through suicidal short-sighted policies aimed only to benefit a few fat cats have made us an easy target. Such is the fate of a fallen giant. Everyone wants to kick him. After all, what are we going to do about it?

--
End anonymous moderation and posting on /.
1. Re:They still don't like us? by 1s44c · 2009-11-20 22:55 · Score: 3, Insightful
  
  hardening systems thru more secure software (abandon Windows -- whether you like it or not, it's the best target due to being used by everyone).
  Not quite. Windows is the best target due to its low coding standards, the huge number of security holes it suffers from, and it's unmanageably.
  The fact it is used heavily doesn't make it any more or less secure.
define "attack" by zkrige · 2009-11-20 19:29 · Score: 5, Interesting

I have linux boxes all over the place and there are literally thousands of ssh/sft/etc attempts on each box each day. None of them are successful though. Can I claim that my boxes have more attacks than the US Military?
1. Re:define "attack" by flyingfsck · 2009-11-20 20:13 · Score: 2, Interesting
  
  Exactly. I get tens of thousands of SSH password attempts per day. Is each one an attack?
  
  --
  Excuse me, but please get off my Pennisetum Clandestinum, eh!
2. Re:define "attack" by sopssa · 2009-11-20 20:24 · Score: 2, Insightful
  
  Big numbers are more convincing and sounds better.
3. Re:define "attack" by 1s44c · 2009-11-20 22:57 · Score: 4, Insightful
  
  I have linux boxes all over the place and there are literally thousands of ssh/sft/etc attempts on each box each day. None of them are successful though.
  Can I claim that my boxes have more attacks than the US Military?
  If the US government would give you a 100 dollars to investigate each attack you might be tempted to.
A New Approach: Bait and Strike by reporter · 2009-11-20 19:29 · Score: 2, Interesting

The traditional approach toward dealing with Chinese hackers is to fortify all the computers in a company or institute. Fortification takes time and money.
A better approach may be to rig some computers so that they are easy to hack. We install some deliberately malicious software on those fake computers. Then, we disperse those fake computers among the real computers.
Here is the ideal scenario. A typical Chinese hacker will probe all the computers at the Department of Defense. The probe will easily succeed in penetrating one of the rigged computers. He downloads plenty of software. He will then try to run them. One of the ill-gotten applications then replicates itself and spreads throughout the Chinese Ministry of War.
The rogue application disables the safety mechanism in a Chinese nuclear warhead. On the anniversary of the Chinese invasion of Tibet, the warhead explodes. It melts (literally) the entire military base and kills thousands of Chinese citizens in the nearby town.
On the day of that fire ball, the Chinese hackers will cease their activities for several months.
Not surprised by Anonymous Coward · 2009-11-20 19:29 · Score: 3, Insightful

China is in a cold war with the west. These attacks are also going after European and Oceania countries. The question is, when will the west realize that the same means that was used to stop USSR is being quietly used against the West.
One obvious question ... by Daniel+Dvorkin · 2009-11-20 19:31 · Score: 2, Interesting

Are there actually that many more attacks, or are they just detecting more of them? I wouldn't be at all surprised if in years past, a lot of military computers have been pwned without anyone knowing it happened ... especially given the DoD's ongoing love affair with Windows.

--
The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
Re:A New Approach: Bait and Strike by Daniel+Dvorkin · 2009-11-20 19:37 · Score: 2, Insightful

You're assuming that the software controlling nuclear warheads is exposed to the network. The US certainly isn't stupid enough to do that, and I doubt China is either.

--
The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
Garbage by kestasjk · 2009-11-20 19:38 · Score: 3, Informative

The PRC is also recruiting from its growing population of technically skilled people, including those from the private sector, to increase its cyber capabilities. It is recruiting skilled cyber operators from information technology firms and computer science programs into the ranks of numerous Information Warfare Militia units.
"cyber operators".. "Information Warfare Militia".. What?
Try actually reading the linked PDF and see if you can take it seriously. All this stuff about increased "cyber attack incidences" and I can find absolutely nothing explicitly linking any incident with the Chinese government or anything even making explicit what a "cyber attack incident" is. (Also "cyber warfare" is a pretty small part of the report itself; the report isn't about "cyber-warfare", but US-China relations.)

cyber-space (the electro-magnetic spectrum)
I think that quote just about sums it up. I am stunned that people here on slashdot are taking this seriously, this is the sort of thing I'd expect to see on Fox News.

--
// MD_Update(&m,buf,j);
1. Re:Garbage by Hurricane78 · 2009-11-20 20:02 · Score: 2, Interesting
  
  The PRC is also recruiting from its growing population of technically skilled people, including those from the private sector, to increase its network capabilities. It is recruiting skilled network operators from information technology firms and computer science programs into the ranks of numerous Information Warfare Militia units.
  “network operators”.. “Information Warfare Militia”.. What?
  Try actually reading the linked PDF and see if you can take it seriously. All this stuff about increased “network attack incidences” and I can find absolutely nothing explicitly linking any incident with the Chinese government or anything even making explicit what a “network attack incident” is. (Also “network warfare” is a pretty small part of the report itself; the report isn’t about “network-warfare”, but US-China relations.)
  What’s wrong with that?
  Oooohhh... I seee... Well, there’s a “app“ for that! :D
  
  --
  Any sufficiently advanced intelligence is indistinguishable from stupidity.
2. Re:Garbage by DNS-and-BIND · 2009-11-20 20:31 · Score: 3, Informative
  
  Excuse me sir, are you a member of the 50 cent gang? This isn't anything to do with the rapper, but rather refers to pro-China internet commenters. For the three of you out there who have never heard of this, allow me to introduce:
  
  50 Cent Party is the name for paid[1] astroturfing bloggers operating since 2005 from People's Republic of China, whose role is posting comments favorable towards the government policies to skew the public opinion on various Internet message boards. They are named by the 50 Chinese cents, or 5 mao, they are paid per such post
  If you're not convinced and think this must be some sort of Fox News conspiracy (ooo, a different point of view, ignore it!) I provide a link to that paragon of correctness the BBC to explain it in simple terms that you can understand.
  
  China is using an increasing number of paid "internet commentators" in a sophisticated attempt to control public opinion. These commentators are used by government departments to scour the internet for bad news - and then negate it.
  Please note that these are not actually pro-China commenters, but merely anti-anti-China commenters. Indeed I don't see anything pro-China in your post. You've even Americanized it by attempting to tie it to Fox News, something that Americans will understand on a cultural level, rather than something baffling like attempting to tie it to those perfidious seperatists in Tibet or Xinjiang.
  Information warfare militia in China do exist. It's like this: young men like to hack. They also like to belong to something larger than themselves, and China is pretty darn big. The USA is China's Main Enemy and is a natural target for any attack. They go looking for the biggest target they can find, and sometimes they get something worthwhile. Someone's dad is a major in the PLA, and they hand the documents off to him, and later a quiet "attaboy" comes down the channel with a request to send anything else they might find during their travels. They're basically like any irregular force - mainly useful in keeping the enemy busy with dealing with low-level annoyances, or occupying territory. There were American citizens who tried to hack the Iraqi defense system during the 1991 war (hi Par!) even though that was the last thing on Schwartzkopf's mind. They mostly failed due to the lack of computers in Iraq or anything worthwhile to hack.
  If you're not in the 50-cent gang, I apologize for calling you out. Although, it sure sucks when you're on the same side of the argument with totalitarian thugs. At least they're getting paid, they're doing it as a job. What are you getting out of it?
  
  --
  Shutting down free speech with violence isn't fighting fascism. It IS fascism!
3. Re:Garbage by JohnBailey · 2009-11-20 21:47 · Score: 2, Insightful
  
  Troll? Who the F modded me as troll? From the FAQ:
  At a guess, someone who couldn't find the self righteous twat moderation. So troll it is.
  
  --
  It is difficult to get a man to understand something when his job depends on not understanding it.
4. Re:Garbage by pspahn · 2009-11-20 21:52 · Score: 2, Interesting
  
  Keep in mind that attitudes like this create the same complacency that makes us vulnerable.
  
  Don't dismiss something at face value because you "feel" there is a political motive behind it. It might hurt, but try to remain objective.
  
  --
  Someone flopped a steamer in the gene pool.
5. Re:Garbage by DNS-and-BIND · 2009-11-20 23:40 · Score: 2, Informative
  
  The 50-cent gang really exists. Chinese militia hackers really exist. Misusing a system and name-calling won't change that.
  
  --
  Shutting down free speech with violence isn't fighting fascism. It IS fascism!
6. Re:Garbage by justinlee37 · 2009-11-21 00:07 · Score: 4, Insightful
  
  Who knows, maybe you are the one spreading propaganda. Someone could have faked the evidence of this "50 cent gang" in order to make China look bad. Basically both sides have the motivation to do this sort of thing and it can be hard to figure out who is who sometimes.
Nope. You are not targeted by WindBourne · 2009-11-20 20:23 · Score: 3, Interesting

You are simply the result of the many worms working its way through the net. All Western DOD's are under attack and are actively targeted.

--
I prefer the "u" in honour as it seems to be missing these days.
What does this tell me? Nothing! by Jaro · 2009-11-20 23:58 · Score: 3, Insightful

Does this really tell me anything? Not really? What kind of "cyber attacks" are that? SSH break-in attempts? Bots looking for known holes? Script kiddies? Mail relay attempts? Or targeted attempts specifically designed to get access to their system? If I go for the script kiddie/SSH category I get around 25.000 attempts a year on one server alone, according to ossec.
This could also just mean that the number of attacks has risen generally and not specifically against the DoD.
So many unanswered questions ...