China prevented repeat cyber attack on US

By PAMELA HESS, UPI Pentagon Correspondent  |  Oct. 29, 2002 at 12:39 PM
share with facebook
share with twitter

NASHVILLE, Oct. 29 (UPI) -- The Defense Department was braced for a new onslaught of cyber attacks from Chinese hackers in May 2002 but they never materialized: the Chinese government asked private hackers not to repeat the 2001 defacement of U.S. government Web sites, a top Defense Department official said Tuesday.

"We expected another series of attacks from Chinese hackers, but actually the government of China asked them not to do that," said Air Force Maj. Gen. John Bradley, deputy commander of the Pentagon's Joint Task Force on Computer Network Operations, at an electronic warfare conference Tuesday.

"I wouldn't call it state-sponsored, but state-controlled, I guess," he said at the Annual Association of Old Crows conference being held in Nashville.

The original hacking war took place in April and May 2001. It coinciding with the second anniversary of the U.S. bombing of the Chinese Embassy in Belgrade, and marked the collision of a U.S. surveillance plane and a Chinese fighter. The Chinese pilot was killed in the collision. The U.S. plane and its crew were held on Hainan Island for 11 days.

The hackers attacked a handful of government sites last year, emblazoning the Web pages with a Chinese flag. No serious damage was reported but Web sites were disabled for a period of time. The concern was serious enough that the FBI's National Infrastructure Protection Center put out an official warning.

Denial of service attacks on Web sites and networks, primarily through viruses, is one of the most vexing problems faced by the Defense Department. It uses the publicly available Internet to manage its deployment, logistics, medical and personnel system.

"We couldn't wage war without using the Internet," Bradley said.

However, 85 percent of the successful infiltrations and attacks on these unclassified military computer networks are preventable with available patches and proper security procedures but system administrators do not use them. Every time a new computer is unpacked and plugged in to the Pentagon's network without patches installed -- an apparently frequent occurrence -- the entire network is exposed to that one computer's vulnerabilities.

"We are our own worst enemy," said Bradley. "The Defense Department is more vulnerable than anyone in the world."

Through September 2002 there have been 32,465 attempts on the network by hackers, about 110 a day. Bradley did not say how many were successful. But of those that were "99 percent would have been very easily prevented."

Roughly 200 new viruses are spawned each month, each of which requires a unique patch or firewall.

More than a third of the successful attempts by hackers exploit vulnerabilities already directed to be fixed by Bradley's organization. Actually doing the work falls to low-level system administrators.

This is nothing new. The infamous Solar Sunrise attack of 1998 which compromised information on thousands of Defense Department computers at a time when the Pentagon was preparing for a possible strike in Iraq exploited a vulnerability discovered and warned about by the Pentagon two months before the attack took place.

Another third of the successful attempts are attributed to poor security practices -- like using "password" as a password.

"These are just stupid mistakes that are easily avoided," Bradley said.

Nevertheless, computer network security has dramatically improved since the Solar Sunrise wake up call. There is now 24-hour-a-day monitoring of computer networks to detect illicit activity and automated intrusion detection devices in place.

"By and large I'd call it highly successful," Bradley said. "We've not been shut down very often or damaged too badly."

The Joint Task Force for Computer Network Operations is responsible not just for the daunting work of securing the vast network but also for the still evolving and highly classified area of computer network attack.

At its simplest, computer network attack would be government sanctioned hacking -- an attempt to deny an enemy use of is own computer networks in wartime, to change critical information, or to trick him into thinking they were working when they are not.

"The attacks could be extremely precise. We have a wide range of capabilities but there are very, very tight controls on this," Bradley said.

Only the president of the defense secretary can authorize a computer network attack, according to the policies now being crafted.

The potential for network attacks as a "precision weapon" is high but has not yet seen the light of day. There is not even a network attack cadre set up yet, according to Air Force Deputy Director for Information Warfare Col. Chris "Bulldog" Glaze.

Progress toward that end is moving quickly, however.

"I've got to tell you we spend more time on the computer network attack business than we do on computer network defense because so many people at very high levels are interested in developing the policy for it," Bradley said.

The Pentagon is moving cautiously, aware of the potential for collateral damage to the world's computer networks and economy.

"Any kind of attack we will have to know a great amount of detail about the systems being used," he said. "It's a very challenging new mission area for a us ... Many are very wary because its so new.

"We haven't see what the consequences are, what the collateral damage is. These are precision munitions of the non-kinetic kind," Bradley said.

Related UPI Stories
Trending Stories