The Washington Times reported that the US Naval War College discovered a breach in its computer network on November 15, 2006 (source). According to the report, a Naval War College professor, Air Force Major General Richard Goetze (ret.), told his class that Chinese hackers were responsible for the attack. It is unclear how Maj. Gen. Goetze came to this conclusion, and a spokesman for the Navy Cyber Defense Operations Command, Commander Doug Gabos, declined to comment on the attack, stating, ?The nature and extent of the intrusion are operational issues and I can?t discuss them further.?

While the Navy refuses to discuss details of the intrusion, it is taking the attack very seriously. The War College was taken off the Department of Defense?s (DOD) Global Information Grid. This action was taken to allow investigators to examine the source and extent of the intrusion and presumably to prevent further attacks on DOD networks (source). The extended down time indicates that the Navy is being cautious in examining every facet of its network before reconnecting to the DOD Global Information Grid in an effort to ensure that the War College is free from infection.

Previous Attacks Attributed to China

The attack on the Naval War College is one in a long line of attacks purported to originate in China . This past summer, the Department of Commerce reported a breach of its internal network . Additionally, the State Department also reported a breach of its network earlier this summer . Prior to these high profile attacks, there was a series of attacks against various DOD networks . The US government has not been the only target of this type of attack. In January 2006, the British Parliament was targeted with a phishing attack that was traced back to China .

Method of Attack

While it is unclear how the attack on the Naval War College was carried out, previous attacks against both government and private sector defense contractors have been startlingly similar. In many instances, attacks were carried out through the use of zero-day exploits?exploits that are released prior to or on the same day as a vendor patch is released. Many of the recent Microsoft Office zero-day exploits appear to have been created in China and were used in targeted attacks against private companies (source). In some cases, these exploits silently install trojan horses onto the targeted computers and surreptitiously siphon off sensitive data. Many of these trojans ship data to servers hosted in China (source). In some cases, such as the attack on the Commerce Department, rootkits are used to hide the attacker?s presence on the compromised network (source).

The Problems Widening Scope?

While these attacks are disconcerting, some experts believe many other attacks on sensitive networks have gone unreported. According to Alan Paller, director of research at the SANS Institute, Chinese cyber espionage on DOD systems is a systemic and unreported problem. Said Paller, ?the problem is thousands of times bigger than what you hear.? Paller also stated, ?the depth of the penetration is more than anybody is even admitting. People are trying to hide this because they?re embarrassed.?

These attacks can no longer be viewed as isolated incidents. Taken together, the compromise of networks within Defense, State, and Commerce leads to a compromise of the US government?s ability to formulate defense, diplomatic, and economic policy in secret. Continued compromises of the government?s ability to maintain the integrity and confidentiality of its network will lead to further breaches and the loss of sensitive data. More worrisome than the continued threat of espionage is the ability to disrupt the US military?s ability to exercise command and control over its armed forces. According to US-China Economic and Security Review Commission, China?s military is developing the capability to attack the military computer systems of its rivals. These attacks ?would be intended to disable defense systems that facilitate command and control and intelligence communication and the delivery of precision weapons, primary instruments for the conduct of modern U.S. warfare.?

There is no reason to believe that China (or other countries) will stop these attacks. This vector of attack has proven to be a low-risk and high-reward action because the perpetrators of the attack are rarely identified or punished. As a result, the US government needs to admit that it has a serious problem and finally give computer security the attention it deserves.