Chinese Government Denies Hacking Charges
December 15, 2005



Snipped to comply with Copyright Law - Click on Link for Humorous Quotes
---------------------------------------------------------------


Edited to Add: Clearly the Imperialist United States and its Lackeys are besmirching the stellar reputation of the Peoples Republic of China for upholding International Copyright and Patent Laws.

Oh.. well then.... must have been someone else.

from:www.securitypronews.com/news/securitynews/spn-45-20051214ChinaAccusedofHackingUSSystems.html

China Accused Of Hacking U.S. Systems


John Stith | Staff Writer
2005-12-14





The world's most populous nation denied charges of hacking U.S. military computers after a cybersecurity expert suggested Chinese military in southern China were going after U.S. networks.

This current debate is just the latest in an ongoing problem for the U.S. military. Alan Paller, director of the SANS Institute said the attacks have been traced to the Guangdong province and he said the techniques in play suggest precision that only comes from the military.

Paller made allegations on Monday during a conference call discussing other work by the SANS Institute. "These attacks come from someone with intense discipline. No other organization could do this if they were not a military organization."

The problem of these hackings has become tremendous. A number of military computers were hacked a little over a year ago. A group called "Titan Rain" was considered responsible for cracking four military installation systems and managed to make off with several tidbits including the aviation mission-planning software for Army helicopters. Not good and it doesn't stop there either.

A number of defense contractors have also been hacked. Paller said "We know about major penetrations of defense contractors." He went on to say "they are less willing to make it hard for mobile people to get their work done."

The Chinese government has denied these allegations. Foreign ministry spokesman Qin Gang said in his regular briefing that, "The Chinese police will deal with hacking and other activities disturbing social order in accordance with law."

Even if it's not the Chinese military hacking these computers, it points out a major flaw in U.S. cybersecurity efforts. Keep in mind this isn't someone's credit card, this is top-secret military knowledge. This isn't a case of internal spies or anything else. This is a major security problem and right now the U.S. is losing this particular fight. While howitzers and stealth bombers are quite effective at what they do, but if a potential enemy knows how they work and the tactics for them, then they can nullify them.

Others have had similar luck getting into military computers too. Earlier in the year, a gentleman from the UK who had gotten into the Dept. of Defense computer networks rooting around for information on UFOs was being charged by the DOD for cyber crime. He found all kinds of things in their on anti-gravity devices and other things. The more significant thing he noticed happened to be all the people in the computer network who weren't supposed to be. These people were from all over the world. He said they lacked real password protection.

This point was reiterated in a new story this week on NPR as they do a series on cybersecurity. One security specialist they interviewed said passwords were simple to figure out. This problem is widespread too. When one combines the defense contractors being hacked as well as the defense department being hacked, it doesn't leave our defenses all that intact.

There are ways to improve it. Certainly hackers may make it in but we shouldn't open the door for them. Tie in multiple passwords and biometrics to these systems. At least give these hackers something to work for. If we don't then all the jets and guns won't matter.

In response to an American security organization's accusation that China's military has recently launched worldwide online attacks, China's Foreign Ministry spokesman Qin Gang has said his country is not behind recent Internet hacking and cracking stunts. "Work units and individuals are not permitted to use the Internet to be engaged in illegal activities or commit crimes, " Qin said.

And I'm the tooth fairy!

Kharn

Guangdong highlighted in Red


A closer View




Gee...I am so confused! I thought Guangdong province was part of the PRC.

I like this Article...it has a Skull and Cross bones
---------------------------------------------------
from:www.todayonline.com/articles/89885.asp

China says hacking illegal, after alleged attacks on US computers


Time is GMT + 8 hours
Posted: 13-Dec-2005 19:22 hrs




Skull-and-crossbones over a compuer keyboard. China reacted to speculation that its military was trying to penetrate US computer networks, saying hacking was against Chinese law.

China reacted to speculation that its military was trying to penetrate US computer networks, saying hacking was against Chinese law.
.
"We have clear stipulations against hacking. No one can use the Internet to engage in illegal activities," foreign ministry spokesman Qin Gang told a regular briefing on Tuesday.
.
"The Chinese police will deal with hacking and other activities disturbing social order in accordance with law."
.
Qin was responding to a reported claim by the head of a leading US security institute that the Chinese military was most likely behind a systematic effort to penetrate US government and industry computer networks.
.
The attacks have been traced to the southern Chinese province of  Guangdong, Alan Paller, the director of the SANS Institute, an education and research organization focusing on cybersecurity, told reporters on Monday.
.
Paller said the techniques used made it appear unlikely to come from any other source than the Chinese military.
.
"I'm not sure about the American accusations," said Qin. "If they have proof, they should tell us. "
.
Pentagon officials confirmed earlier this year that US Defense Department websites are probed hundreds of times a day by hackers, but maintained that no classified site is known to have been penetrated by hackers. — AFP

"I'm not sure about the American accusations," said Qin. "If they have proof, they should tell us. "

That sure looks like code for "tell us where you caught us so we can continue where you did not and shoot the guy that messed up"

I work in a NOSC and  the Chicom's have hacked at our NIPRNET system!   That is about all I can say on the matter.

from:www.afa.org/magazine/Dec2005/1205info.asp

The Air Force is locked in a global struggle to attack, defend, collect, and manipulate data.

Information Battleground

By Adam J. Hebert, Senior Editor


Across a range of unusual battle-spaces—global computer networks, human psychology, and electronic systems—the Air Force has become fully engaged in information warfare (IW), now deemed a critical element in the worldwide conflict with terrorists.

USAF is concentrating on three IW thrusts: network—that is, computer—operations, “influence” operations, and electronic warfare operations. In these new combat arenas, adversaries, and consequences of their actions, are constantly shifting.

Encounters rarely are unambiguous.

Take, for example, an unidentified intruder’s success in hacking into the Air Force Personnel Center’s Assignment Management System database, used by airmen for assignment planning. The hacker, acting last June, used a legitimate user’s log-in and access codes and downloaded the names, birth dates, and Social Security numbers of 33,000 airmen, mostly officers.

In so doing, the miscreant, whoever he was, acquired vast amounts of data tailor-made for identity theft—or worse.

Maj. Gen. Anthony F. Przybyslawski, commander of AFPC at Lackland AFB, Tex., said officials became aware of a problem as the information was being downloaded. Security officers shut down the system, but the damage was done. Przybyslawski said the center’s security standards simply weren’t high enough.

This security breach did not pose a traditional military threat—apparently. However, it immediately focused attention on the difficulty the Air Force has in the ever-changing global information war. What if hackers, terrorists, or hostile nations could acquire something more sensitive? What if the stolen information was not personnel data but schedules for the movement of nuclear warheads or classified stealth aircraft designs?

Building true information security is “indeed a monumental task,” said Gen. William T. Hobbins, who led the Air Force’s warfighting integration efforts before being confirmed to become the new commander of US Air Forces in Europe. “We have threats from multiple sources, ... everything from hostile attacks to inadvertent compromise.”

In the past, spies also have used legitimate access illegitimately to obtain sensitive military information.

In one notorious case, retired Air Force MSgt. Brian P. Regan, working for the National Reconnaissance Office, penetrated a classified database and downloaded images and coordinates of Iraqi and Chinese missile sites. He then tried, unsuccessfully, to sell the information to Baghdad and Beijing.


Information warfare encompasses computer operations, electronic warfare, and so-called “influence operations.” Sometimes information—such as intelligence obtained by the RC-135 Rivet Joint crew above—is put to immediate use on the battlefield. (USAF photo by MSgt. Lance Cheung)

Growing Threat

It is no secret that the US military has become highly dependent on its information systems. USAF defines these systems as including not only computer networks but also command, control, and communications equipment. Potential enemies believe that attacks on these systems constitute an effective way to strike at US military strength.

More than 20 nations, including China and North Korea, possess dedicated computer attack programs. In a 2005 Pentagon report to Congress on Chinese military power, officials wrote that the People’s Liberation Army (PLA) sees computer warfare as “critical to seize the initiative,” early in a conflict. The goal: achieve “electromagnetic dominance.”

The PLA, warned the new Pentagon report, “likely” has established information warfare units able to “develop viruses to attack enemy computer systems and networks” as well as “tactics to protect friendly computer systems and networks.”

A Chinese information warfare concept of operations “outlines the integrated use of electronic warfare, [computer attacks], and limited kinetic strikes against key C4 nodes to disrupt the enemy’s battlefield network information systems,” the Pentagon report observed.

US Strategic Command, DOD’s lead organization for network warfare, contends that Pentagon-focused “intrusion attempts” have been growing quickly. In the first half of 2004, DOD suffered through more than 150 hostile intrusion attempts per day. In the first half of 2005, by contrast, there were more than 500 intrusion attempts per day.

The Air Force has seen similar growth in network attacks, but it has generally fended off the threats so far. Both foreign and domestic hackers are responsible.

The more the military comes to rely on network-based operations, the more it must defend those networks, said USAF Lt. Gen. C. Robert Keh­ler, STRATCOM deputy commander. Hobbins agreed. “The number and sophistication of attacks have increased,” he said, but while “the number of suspected attempts to penetrate our systems has increased, ... the number of actual intrusions has decreased.”


Data mining is paying dividends for troops operating in Iraq and Afghanistan. The Remote Operations Video Enhanced Receiver (ROVER), pictured, gives ground forces access to airborne video. (L3 Communications photo)

Vulnerability Seen

The Pentagon has been at this for a while. In the late 1990s, DOD exercises, plus a number of strange attacks on DOD computer systems, raised the military’s awareness of its vulnerability.

In 1997, Pentagon officials launched an internal exercise, code-named “Eligible Receiver.” A Red Team of hackers organized by the National Security Agency was instructed to try to infiltrate Pentagon computer networks, using only publicly available computer equipment and hacking software. Although many details about Eligible Receiver are still classified, it is known that the Red Team was able to infiltrate and take control of some of US Pacific Command’s computers as well as emergency systems in major US cities. Eligible Receiver revealed the surprising vulnerability of supposedly secure military networks.

Not long after Eligible Receiver, the US accidentally uncovered Moonlight Maze, a two-year-long pattern of probing of computer systems in the Pentagon, NASA, Energy Department, and university and research labs. Although the attacks, which were believed to have begun in March 1998, were traced to a mainframe computer in Russia, the perpetrators never have been publicly identified and may be unknown to the US. Russia denied any involvement.

Military information could be better protected by moving everything from the public Internet to the SIPR Net, a secret military network, but “the benefits wouldn’t outweigh the costs,” said Hobbins.

The Defense Department also must be careful not to go too far and make security so intense that it slows down military action. “We go too far when [infosec] restricts our ability to act and attack,” said one official. “Our security system should resemble something more like a Kevlar body vest than full body armor.”

The trend today is definitely toward protection. “I can tell you that information assurance has clearly increased in budgeting priority,” Hobbins said. “We live in a resource-constrained environment, but we do have the means to counter the threats we face.”

While the Air Force is continuously studying technologies and vulnerabilities, its IW effort is not completely devoted to fending off attacks. Defensive and offensive information warfare operations are “intrinsically linked and complementary,” said Hobbins. He added, “Our efforts focus upon capabilities that will enable us to defend DOD assets and exploit, deny, degrade, disrupt, or destroy adversaries’ information [resources].”

STRATCOM would, if so ordered, conduct DOD’s information warfare operations. “You can see the potential” for offensive information warfare, said Kehler, by looking at what already has happened to the United States.


Intelligence aircraft, such as this Rivet Joint, can listen in on enemy transmissions. The information gained can then be relayed directly to the tactical forces. (USAF photo)

Unique Challenge

Strategic Command today is embracing a “unique challenge,” said Rear Adm. Thomas E. Zelibor, STRATCOM director of global operations. The command is using information warfare as a way to “get the desired effects without blowing something up.”

While officials offer few specifics about what they are trying to accomplish in offensive information warfare, Zelibor said the goal is to “delay or disrupt the decision-making process of your adversaries.”

This could mean subtly channeling an enemy toward doing “what we want them to do,” said Zelibor.

If the goal is to collect intelligence, DOD might want to observe an enemy network that it has compromised and not automatically shut the network down.

Similarly, there is a critical need to be able to track lone individuals in the war on terror and not necessarily kill or capture them right away.

Army Gen. Bryan D. Brown, head of US Special Operations Command, testified before Congress this year that his “No. 1 technological shortfall” is the inability to “persistently and remotely locate, track, and target a human.” Seeing who terrorists interact with, listening in on their phone calls, and later swooping in to seize paperwork and laptops can yield a treasure trove of coveted “actionable” information.

Kehler said the most dramatic near-term improvements in intelligence probably will come through fusion, not new sensors. The “big leverage today” will come by “bringing it all together,” he said. Data mining, a relatively new intelligence tool, is a big part of the fusion effort.

SOCOM has a standing intelligence collaboration center that “has been used extensively in supporting unique special operations requirements” in Iraq and Afghanistan, said Brown. The collaboration center uses “the equivalent of a Google search engine,” explained Air Force Maj. Gen. Donald C. Wurster, deputy director of SOCOM’s Center for Special Operations.

“Whenever we have people go out around the world, they’re bringing information back and plowing it into an infrastructure that enables us to mine it later,” he said.

Wurster told Congress this summer that as troops “were rolling guys up in Iraq,” SOCOM would run the information on fugitives through SOJICC, the Special Operations Joint Interagency Collaboration Center.

The center “printed out a notebook that would fit in a soldier’s thigh pocket,” Wurster continued. The information would tell the troops everything known about a captured terrorist or insurgent: “Here’s who his family is, here’s where he’s from, here’s who he’s hooked up with.”

Wurster described SOJICC as “the most significant piece of horizontal integration we have ... as a consumer of other people’s expertise.”

The Air Force plays a major role in gathering the tactical information needed for immediate use on the battlefield.


The Air Force has placed a premium on linguists who can interpret voice information that may be in Arabic, Urdu, Farsi, or some other non-Western language. Here, SrA. James Cromer processes raw intelligence from an RC-135. (USAF photo by SrA. Carly Burke)

Immediate Impact

USAF’s fleet of RC-135 Rivet Joint aircraft, for example, gathers signals intelligence and flies missions of up to 24 hours—seemingly making it ideal for the war on terror. Rivet Joint crews can listen in on enemy radio and cell phone conversations, providing immediate impact on the ground in Afghanistan and Iraq.

Information gathered from the air is “key to how soldiers and marines do their jobs,” said Col. Dennis R. Wier, commander of the 55th Operations Group at Offutt AFB, Neb.

The RC-135 is so valuable, Wier said in an interview, that US Central Command and US Pacific Command have the Nebraska-based aircraft assigned to them around the clock, and Rivet Joints fly over Afghanistan every day.

Lt. Col. Ron Machoian said the crews know they are making a difference. “We hear it,” said Machoian, commander of the 38th Reconnaissance Squadron at Offutt. “I can listen to us informing an engagement on the ground, while I’m airborne.”

Intelligence personnel are in short supply, however. Maj. Jeff Lauth, acting director of operations for the 97th Intelligence Squadron at Offutt, said staffing for many positions is “critically low.” The airmen have skills that are in high demand outside the Air Force.

Enlisted airborne crypto-linguists are a particular concern. Wier said this summer that the 55th Wing was only 35 percent manned in linguists, partially because it takes up to three years to train new ones. To help fill the need, the Air Intelligence Agency recently created the Offutt Language Learning Center to help train linguists.

Language needs are much broader than during the Cold War. In addition to the “traditional” Russian speakers, DOD needs fluency in Arabic, Pashtu, Farsi, Dari, Urdu, Korean, and Mandarin Chinese.
RC-135s don’t have weapons, noted the language center’s 1st Lt. Brandon Middleton, so “language is the weapon it takes to the fight.”

Linguists cannot work without equipment, and obtaining the intelligence needed is an ongoing challenge. Wier noted that the RC-135s have their onboard equipment completely upgraded every year or two to ensure the US can continue to “get” enemy information.

It “blows you away, ... the type of things you can do” with the latest airborne intelligence equipment, said Maj. Gen. John C. Koziol, who was then commander of the 55th Wing and now heads the Air Intelligence Agency.

Constant upgrades and deployments make training difficult, he added. It is hard for Rivet Joint aircrews to keep current with the technology, Koziol said, because each RC-135 variant has its “own little quirks.”

This is a necessary evil. Lt. Col. John Rauch, commander of the 338th Combat Training Squadron, noted that upgrades come directly from operational lessons. Combat aircrews continually develop new tactics and ideas for better equipment.


Protecting Data

The Air Force Information Warfare Center’s IW Battlelab is tasked with quickly developing solutions to many of these operational needs. One recently fielded example is “Lockjaw,” a device to quickly destroy computer hard drives so that US information does not fall into enemy hands.

Col. David D. Watt, AFIWC commander, said the unit is working to build within USAF an awareness of the importance of defending and exploiting information. The center has an aggressor squadron conducting vulnerability assessments, Watt said, trying to get in base gates, access computers, and see what it can “piece together” from various sources. Officials are often surprised to learn what is found even in open sources.

A study on information operations in Iraq by the Air Force Command and Control and Intelligence, Surveillance, and Reconnaissance Center at Langley AFB, Va., described one security risk that came from an unlikely place—the Pentagon.

A B-1B bomber mission targeting Saddam Hussein received much publicity in the early days of Operation Iraqi Freedom. Details of the mission and crew members’ full names, commanding officer, and home base were widely reported.

This was “an egregious OPSEC [operations security] violation [that] potentially put the family members ... at risk,” stated the study.

AFIWC commander Watt said influence ops in particular are still on “the ground floor” doctrinally, and the center is trying to get the rest of the Air Force to understand what information warfare brings to the fight.

Even something as simple as “the truth” can be applied in different ways, noted Maj. Tadd Sholtis in the fall 2005 Air & Space Power Journal. If it is a military objective to deter an enemy from taking action, both an information operation and a public affairs tactic can be engaged.

The “IO influence tactic” would be to broadcast radio and television messages describing the futility of challenging the superior US military. The “PA tactic,” meanwhile, would “demonstrate military resolve by promoting media coverage of the deployment of combat-capable forces to the region,” Sholtis wrote.

STRATCOM’s Zelibor said it is difficult to create metrics—battle damage assessment, if you will—judging the effectiveness of DOD’s information efforts.

Even so, he noted, strategists can tune in to foreign news sources to “look for the effects.”


--------------------------------------------------------------------------------

Copyright Air Force Association. All rights reserved.

The Chinese government sponsors "hacktavists" to find egress into military and civilian SCADA systems with the purpose of entering classified domains or to identify nodes for denial of service to our infrastructure.

the Chinese are going to screw us so bad in the next 10-20yrs

So why not just disconnect their asses from the internet?  We control it.

Either that or launch a few cruise missles at their ass.

from:www.chinapost.com.tw/international/detail.asp?ID=73597&GRP=D

U.S. hacker attacks may be linked to China military


2005/12/14
By Rob Lever WASHINGTON, AFP



A systematic effort by hackers to penetrate U.S. government and indu.s.try computer networks stems most likely from the Chinese military, the head of a leading security institute said Monday.
The attacks have been traced to the Chinese province of Guangdong, and the techniques u.s.ed make it appear unlikely to come from any other source than the military, said Alan Paller, the director of the SANS Institute, an educationand research organization focu.s.ing on cybersecurity.

"These attacks come from someone with intense discipline. No other organization could do this if they were not a military organization," Paller said in a conference call to announced a new cybersecurity education program.

In the attacks, Paller said, the perpetrators "were in and out with no keystroke errors and left no fingerprints, and created a backdoor in less than 30 minutes. How can this be done by anyone other than a military organization?"

Paller said that despite what appears to be a systematic effort to target government agencies and defense contractors, defenses have remained weak in many areas.

"We know about major penetrations of defense contractors," he said.

Security among private sector Pentagon contractors may not be as robu.s.t, said Paller, becau.s.e "they are less willing to make it hard for mobile people to get their work done."

Paller said the U.S. government strategy appears to be to downplay the attacks, which has not helped the situation.

"We have a problem that our computer networks have been terribly and deeply penetrated throughout the United States ... and we've been keeping it secret," he said.

"The people who benefit from keeping it secret are the attackers."

Although Paller said the hackers probably have not obtained classified documents from the Pentagon, which u.s.es a more secure network, it is possible they stole "extremely sensitive" information.

He said it has been documented that U.S. military flight planning software from its Redstone Arsenal was stolen.

Pentagon officials confirmed earlier this year that U.S. Defense Department Web sites are probed hundreds of times a day by hackers, but maintained that no classified site is known to have been penetrated by hackers.

---------------------------------------
Note China Post is a Taiwan News Source
www.chinapost.com.tw/

StrategyPage Gets Hit

From:www.strategypage.com/htmw/htiw/articles/20051217.aspx


StrategyPage Server Stormed

December 17, 2005: StrategyPage doesn’t just report on Cyber War, sometimes we get caught in the middle of it. We got an electronic nastygram from China recently when, as we were installing a new server, at a hosting site (to improve response time, and lessen the workload on the volunteer staffers who maintain the server).  There was a gap of a few days between the time the new server went online, and the hardware firewall (which is a bear to configure) got installed.

Into that opening, some Chinese hackers got onto the server and tried to take it over. Actually, it was unclear what they were trying to do, but they did it at 2 AM, when one of our techies was trying to get onto the server to do some database maintenance, the hack attempt was noticed. There ensued a duel between our two guys and the Chinese. The Chinese lost, and we found out they were Chinese when we examined the tools and documents they left behind once they were locked out.

Based on that, and the fight they put up, it appears it may have been a training exercise. When China trains its Internet warriors, it sends them out on training missions, to get into a vulnerable server and do the sort of things (like planting a rootkit) that one would do in preparation for a Cyber War. Of course, they could have just been part of a criminal gang, collecting zombie machines to use for extortion and other illegal Internet activities. But they way they were not all business when they were caught, and seemed a little green, indicated someone on some kind of training mission. Their tools and entry methods were more typical of a well equipped hacking enterprise. Actually, it could also have been  a very elaborate bot (an automated hacking program). It did leave some code behind, and some modifications to some of our news databases. Whatever it was, it was apparently not completely set up before we cut off the hacker access and deleted stuff that was left on our server. We reformatted and reloaded from backups and were back in business in a few hours.



All this during the last week of November, and, after three unsuccessful attacks, someone got in and modified out main page. They did this by installing an encrypted Javascript Trojan that would try to infect client machines (this sometimes triggered a virus alarm with some anti-virus programs). The Javascript was poorly written, and the Trojan was unable to carry out this infection. The Trojan concept was clever enough, tt was included in an <iframe> tag which basically allows a web page to be included on another webpage – in this case, ours. The other webpage was hosted on a server called freewebs.com, but the hacker hacker webpage was gone, removed by the hosting service, by the time we went looking for it (about 12 hours after our page was hacked).



Those hackers have not been back. We piled up additional defense and tripwires, to hold us until the hardware firewall went online last week. None of these attacks got close to any customer data, which is kept on a separate server (at another location, there are actually three physically very separate servers running StrategyPage.)



As a practical matter, no server on the planet, that is connected to the Internet, is invulnerable to an attack. But if you put up stout enough defenses, you reduce the number of hackers skillful enough to get through, and increase the chances of the attacker getting caught.

That’s how financial institutions, which are the most attacked targets, maintain their defenses. The most skilled hackers want to avoid arrest, so they tend to avoid taking on these heavily defended servers. There are plenty of less well defended targets, and that’s who the hackers are now going after. Well, except for one fellow, who we’ve tracked back to Montevallo University in Montevallo, Alabama. So, either we have a student from there doing this or (more likely) they have a school PC that was taken over by a hack, and turned into a zombie. He’s hammering, futilely, at port 1305 on our main server. The hardware firewall just notes this for us, and life goes on.