China Denies US Accusations of Cyber-Espionage
Hackers associated with the Chinese government broke into the Pentagon's computer systems earlier this summer, according to a report in the Financial Times.
The London-based paper, which cited anonymous sources in the current and previous administrations in its article, said officials believe the People's Liberation Army were behind the incursions, which could have lasted as long as several months.
Data were also reportedly stolen during the breaches, although the Times was vague about what data and which systems were hacked. Most of the stolen information was thought to be unclassified. China has denied the allegations.
Not the First Time
The incident, if true, is sobering because it illustrates China not only has the capacity to disrupt the U.S. Defense Department's computer networks, but also the tenacity.
This is not the first time China has been thought to be involved in computer espionage. Two weeks ago, another publication -- Germany's respected weekly, Der Spiegel -- reported that China was thought to have hacked into the computer systems of Germany's Chancellery as well as at three ministries, infecting the networks with spy programs. The alleged attack occurred just before Chancellor Angela Merkel visited Beijing.
"None of this is a surprise," Jodi Westby, distinguished fellow at Carnegie Mellon's CyLab and CEO of security consultant Global Cyber Risk, told TechNewsWorld. "China recently released a white paper about its national defense policy for 2006 stating that its goal is to win the information wars by mid-century."
The country, she said, is the most aggressive country with its computer resources.
"It conducts a huge number of cyber-reconnaissance missions -- how much of it is sponsored by the government, no one really knows."
Botnets et al
Ironically, given the sensitive information and high-level security surrounding it -- China most likely is able to steal its information through simple means.
"There is no magic involved in cyber-espionage -- all anyone has to do is exploit some flaw or vulnerability in the OS or in an application running on top of it," said Shawn Carpenter.
Carpenter was responsible for identifying a Chinese cyber-espionage ring code-named "Titan Rain" several years ago during his tenure at Sandia National Laboratories. He is now a principal and forensic analyst at NetWitness.
The vector could have been a phishing attack aimed at Pentagon employees, Carpenter told TechNewsWorld. "The larger a network is, the harder it is to protect it," he said.
Also, China could well have been given access to the source code to Microsoft Windows when the company entered the market in 2003 as part of its agreement to operate in China, Carpenter noted.
"Access to the source code, of course, makes hacking that much easier," he said.