China prevented repeat cyber attack on US

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.upi.com/view.cfm?StoryID=20021029-121924-5101r

By Pamela Hess
UPI Pentagon Correspondent
> From the International Desk
Published 10/29/2002 

NASHVILLE, Oct. 29 (UPI) -- The Defense Department was braced for a
new onslaught of cyber attacks from Chinese hackers in May 2002 but
they never materialized: the Chinese government asked private hackers
not to repeat the 2001 defacement of U.S. government Web sites, a top
Defense Department official said Tuesday.

"We expected another series of attacks from Chinese hackers, but
actually the government of China asked them not to do that," said Air
Force Maj. Gen. John Bradley, deputy commander of the Pentagon's Joint
Task Force on Computer Network Operations, at an electronic warfare
conference Tuesday.

"I wouldn't call it state-sponsored, but state-controlled, I guess,"  
he said at the Annual Association of Old Crows conference being held
in Nashville.

The original hacking war took place in April and May 2001. It
coinciding with the second anniversary of the U.S. bombing of the
Chinese Embassy in Belgrade, and marked the collision of a U.S.  
surveillance plane and a Chinese fighter. The Chinese pilot was killed
in the collision. The U.S. plane and its crew were held on Hainan
Island for 11 days.

The hackers attacked a handful of government sites last year,
emblazoning the Web pages with a Chinese flag. No serious damage was
reported but Web sites were disabled for a period of time. The concern
was serious enough that the FBI's National Infrastructure Protection
Center put out an official warning.

Denial of service attacks on Web sites and networks, primarily through
viruses, is one of the most vexing problems faced by the Defense
Department. It uses the publicly available Internet to manage its
deployment, logistics, medical and personnel system.

"We couldn't wage war without using the Internet," Bradley said.

However, 85 percent of the successful infiltrations and attacks on
these unclassified military computer networks are preventable with
available patches and proper security procedures but system
administrators do not use them. Every time a new computer is unpacked
and plugged in to the Pentagon's network without patches installed --
an apparently frequent occurrence -- the entire network is exposed to
that one computer's vulnerabilities.

"We are our own worst enemy," said Bradley. "The Defense Department is
more vulnerable than anyone in the world."

Through September 2002 there have been 32,465 attempts on the network
by hackers, about 110 a day. Bradley did not say how many were
successful. But of those that were "99 percent would have been very
easily prevented."

Roughly 200 new viruses are spawned each month, each of which requires
a unique patch or firewall.

More than a third of the successful attempts by hackers exploit
vulnerabilities already directed to be fixed by Bradley's
organization. Actually doing the work falls to low-level system
administrators.

This is nothing new. The infamous Solar Sunrise attack of 1998 which
compromised information on thousands of Defense Department computers
at a time when the Pentagon was preparing for a possible strike in
Iraq exploited a vulnerability discovered and warned about by the
Pentagon two months before the attack took place.

Another third of the successful attempts are attributed to poor
security practices -- like using "password" as a password.

"These are just stupid mistakes that are easily avoided," Bradley
said.

Nevertheless, computer network security has dramatically improved
since the Solar Sunrise wake up call. There is now 24-hour-a-day
monitoring of computer networks to detect illicit activity and
automated intrusion detection devices in place.

"By and large I'd call it highly successful," Bradley said. "We've not
been shut down very often or damaged too badly."

The Joint Task Force for Computer Network Operations is responsible
not just for the daunting work of securing the vast network but also
for the still evolving and highly classified area of computer network
attack.

At its simplest, computer network attack would be government
sanctioned hacking -- an attempt to deny an enemy use of is own
computer networks in wartime, to change critical information, or to
trick him into thinking they were working when they are not.

"The attacks could be extremely precise. We have a wide range of
capabilities but there are very, very tight controls on this," Bradley
said.

Only the president of the defense secretary can authorize a computer
network attack, according to the policies now being crafted.

The potential for network attacks as a "precision weapon" is high but
has not yet seen the light of day. There is not even a network attack
cadre set up yet, according to Air Force Deputy Director for
Information Warfare Col. Chris "Bulldog" Glaze.

Progress toward that end is moving quickly, however.

"I've got to tell you we spend more time on the computer network
attack business than we do on computer network defense because so many
people at very high levels are interested in developing the policy for
it," Bradley said.

The Pentagon is moving cautiously, aware of the potential for
collateral damage to the world's computer networks and economy.

"Any kind of attack we will have to know a great amount of detail
about the systems being used," he said. "It's a very challenging new
mission area for a us ... Many are very wary because its so new.

"We haven't see what the consequences are, what the collateral damage
is. These are precision munitions of the non-kinetic kind," Bradley
said.


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.