Not all wars involve guns


PDA






MudPuppy
October 9, 2006, 12:10 PM
By Gregg Keizer
TechWeb

The federal government's Commerce Department admitted Friday that heavy attacks on its computers by hackers working through Chinese servers have forced the bureau responsible for granting export licenses to lock down Internet access for more than a month.

Hundreds of computers must be replaced to cleanse the agency of malicious code, including rootkits and spyware.

An attack against computers of the Bureau of Industry and Security (BIS) -- the branch of Commerce responsible for overseeing U.S. exports which have both commercial and military applications -- forced BIS to turn off Internet access in early September.

An August e-mail from acting Undersecretary of Commerce Mark Foulon quoted by the Washington Post said that BIS "had identified several successful attempts to attack unattended BIS workstations during the overnight hours." Last month, reported the Post, Foulon wrote: "It has become clear that Internet access in itself is a vulnerability that we cannot mitigate. We have tried incremental steps and they have proven insufficient."

"BIS discovered evidence of a targeted attack to access user accounts," confirmed Richard Mills, a Commerce Department spokesman. "But there is no evidence that any BIS data has been compromised."

This is the second major attack originating in China that's been acknowledged by the federal government since July. Then, the State Department said that Chinese attackers had broken into its systems overseas and in Washington. And last year, Britain's National Infrastructure Security Co-ordination Center (NISCC) claimed that Chinese hackers had attacked more than 300 government agencies and private companies in the U.K.

"This [Commerce attack] is the third or fourth battle that we've lost to China," said Richard Stiennon, principal analyst with security consultancy IT-Harvest. "It's not a digital Pearl Harbor, not yet, but it's getting closer."

Although Stiennon said he doesn't have any inside information on the most recent attack, the evidence points to state-sponsored hacking. "The continuous nature of these attacks means there is a link to a state source," Stiennon said. "The Chinese are waging very effectual intellectual warfare."

An unnamed senior Commerce official also said the department has decided it could not trust the computers -- which were infected with rootkits -- and will replace them rather than try to clean them. In the meantime, BIS workers have been hampered by the inability to easily communicate with other federal and state agencies, or with the companies applying for export licenses.

"They're obviously questioning what's where in those systems," said Stiennon, who added that in some cases, even reformatting the disk drive and reinstalling software can't guarantee that all malicious code has been removed. "We don't know if the attackers have greater technology than we do," he argued. "Replacing systems is pretty draconian, but it really indicates that Commerce is very concerned."

One possible infection technique that could survive a reformat would be to store malicious code in the PC's BIOS flash memory. In January, a security researcher at the Black Hat conference demonstrated how the BIOS could be used by attackers.

In May, Congress criticized State Department plans to use Chinese-made PCs in high-security settings because it feared the machines' BIOS could be pre-infected with spyware.

"These reports read like accounts from a battlefield," said Stiennon. And the Chinese, he argued, are winning. "They've made this department less efficient for at least a month."

The official also confirmed that BIS has limited Internet access to stand-alone workstations that are not connected to the bureau's internal network.

If you enjoyed reading about "Not all wars involve guns" here in TheHighRoad.org archive, you'll LOVE our community. Come join TheHighRoad.org today for the full version!
tenbase
October 9, 2006, 12:33 PM
So...simply block all Chinese netblocks at .gov border routers with the exception of a very few static "diplomatic IPs" which have hardcoded routing tables and go to isolated subnets on our end......Or is this too politically incorrect? Block 'em outright until they learn to play nice.

Sure they can still get in via open proxies or infected hosts elsewhere, but why even have the front door available to them?

This battle doesn't require tanks or GPS-guided bombs...just need these:

http://img47.imageshack.us/img47/5295/04626ak2.jpg

At the same time, we can save zillions by not buying any more MS Windows licenses....I'm pretty sure most of the .gov work being done on full-blown Windows workstations can be done just as easily with dumb terminals/thin clients or stripped-down *nix workstations.

I know...too easy...pipe dream...and I'm sure the DoD plays the same games.

ilbob
October 9, 2006, 12:40 PM
Hundreds of computers must be replaced to cleanse the agency of malicious code, including rootkits and spyware.

They can't just reformat the infected hard drives?

ozwyn
October 9, 2006, 01:26 PM
Were i the Chinese just add a couple of extra flash ram chips to the motherboard to store your spyware/hacking softweare so every time they wipe the hard drive it reloads. add a couple of meg worth and you could have versions for a number of different OS's.

add extra lines of bios code and the built-in ethernet card might send data while ignoring the software firewalls by bypassing the OS layer completely. Load *nix or whatever and STILL be compromised.

and those are the OBVIOUS dirty tricks at the disposal of a PC maker.

AJAX22
October 9, 2006, 01:41 PM
and those are the OBVIOUS dirty tricks at the disposal of a PC maker.

The problem with that is that it would provide tangible physical evidance of a larger conspiracy to tamper with US trade.

They will only push it as far as they can with relative anonynimity.

Make no mistake however, a coordinated attack is not going to be organized by a loose affiliation of random hackers. Any group of monnied, educated people working togeather in the peoples republic is going to be known and sanctioned.

not trying to wear a tinfoil ballcap here, but as a nation we need to think about economics as an extension of warfare.

If you enjoyed reading about "Not all wars involve guns" here in TheHighRoad.org archive, you'll LOVE our community. Come join TheHighRoad.org today for the full version!