The new Trojan war

Defense Department finds its networks under attack from China

Annual Report to Congress: The Military Power of the People's Republic of China 2005

In mythology, the Greeks found an innovative way to avoid Troy's defenses. By offering the gift of a huge horse — hollowed out and filled with soldiers — the Greeks were able to bypass Troy's defenses and attack from the inside.

Today the Pentagon faces a similar situation. Adversaries have been attacking Defense Department computer networks in attempts to bypass the United States' formidable defenses and attack from the inside out.

Defense and industry officials describe DOD networks as the Achilles' heel of the powerful U.S. military. Securing military networks is even more critical in an increasingly transformed military in which information is as much a weapon as tanks and assault rifles.

DOD networks have been breached. Department officials acknowledged hackers attacked military networks almost 300 times in 2003 — sometimes by cyber Trojan horses, which can operate within an organization's network. DOD officials say intrusions reduced the military's operational capabilities in 2004.

The pace of the attacks has accelerated as adversaries honed in on this perceived weakness. DOD tallied almost 75,000 incidents on department networks last year, the most ever.

Top U.S. military cyberwarriors recently said that adversaries probe DOD computers within minutes of the systems' coming online. The cyberwarriors described DOD's computer network defense strategy as a battle of attrition in which neither side has an advantage. Retired Army officers and industry officials say Chinese hackers are the primary culprits.

During the past five years, Chinese hackers have successfully probed and penetrated DOD networks. In one intrusion, they used a Trojan horse — a program containing malicious code in an e-mail or adware — to obtain data on a future Army command and control system.

DOD takes the intrusions seriously. One of the military's proposals to strengthen its networks is building fake networks, sometimes called "Honeynets," which divert attackers from critical systems.

Yet some industry officials say Chinese hackers have already obtained the technology to challenge the U.S. military and its evolving network-centric warfare strategy, which connects systems to send information to warfighters faster.

Many networks

DOD operates 3.5 million PCs and 100,000 local-area networks at 1,500 sites in 65 countries, and it runs thousands of applications on 35, major voice, video and data networks, including the Non-Classified IP Router Network, which is connected to the Internet and the Secret IP Router Network, which is not.

The networks provide combat information to civilians, warfighters and analysts in support or warfare roles, but the networks represent a key vulnerability.

DOD networks were hacked 294 times in 2003, said retired Air Force Lt. Gen. Harry Raduege during an industry luncheon briefing in December 2004. He is the former commander of the Joint Task Force for Global Network Operations (JTF-GNO), the organization that operates and defends DOD networks.

Department networks remained under attack in 2004, spurring Paul Wolfowitz, the former deputy secretary of Defense, to issue a memo telling the services to redouble cybersecurity efforts.

"Recent exploits have reduced operational capabilities on our networks," he wrote in an Aug. 15, 2004, memo.

"Our adversaries are able to inflict a substantial amount of harassment and a measurable amount of damage upon DOD communications networks at practically no cost to themselves," Army Col. Carl Hunt, JTF-GNO's director of technology and analysis, co-wrote in "Net Force Maneuver: A NetOps Construct."

Hunt did not name those harassing or hacking DOD networks. However, Army officers and industry officials pointed to Chinese hackers as the primary culprits.

"The Chinese were doing this on a regular basis," said Jack Keane, the former Army vice chief of staff who retired last year. He now works as a military consultant and advises URS. "That's a given. They're very aggressively getting capability."

Keane said he received briefings on China's hacking of DOD networks. "It's common knowledge in the Pentagon," he said.

He knew of no instances in which hackers penetrated DOD networks. However, a retired Army officer who worked in information assurance remembers a hacking three years ago at Aberdeen Proving Ground, Md., where the service tests weapon systems.

The retired Army officer, who now works in systems integration in industry and requested anonymity, said a Chinese hacker used a Trojan horse to penetrate a network there and downloaded information on the capabilities of a future Army command and control system for eight months before the service detected a security breach. The system was a prototype under development testing at Aberdeen.

The retired Army officer said the Aberdeen hacking is similar to intrusions during the past three years at other Army bases. The breaches caused the service to spend tens of millions of dollars to rebuild networks. In those incidents, hackers penetrated systems at Fort Campbell, Ky., home of the 101st Airborne Division; Fort Bragg, N.C., home of the 82nd Airborne Division; and Fort Hood, Texas, home of the 4th Infantry Division.

DOD has also said that the Chinese have targeted military networks. "Beijing has focused on building the infrastructure to develop advanced space-based command, control, communications, computers, intelligence, surveillance and reconnaissance and targeting capabilities," the Pentagon said in a report issued last month. "The People's Liberation Army has likely established information warfare units to develop viruses to attack enemy computer systems and networks, and tactics to protect friendly computer systems and networks."

Army documents on weaknesses in its computer network defenses and vulnerabilities in 10 systems include one that appears to show networks under attack by China.

Although DOD officials believe improved network management and vigilance would prevent 90 percent of hackings, 10 percent may still occur because they involve new intrusion methods.

"The threat is becoming more aggressive and sophisticated," said Army Brig. Gen. Dennis Via, deputy commander of JTF-GNO.

Hack attacks

Hackers likely harass and hack Defense Department networks using computer viruses, worms, adware and Trojan horses. They also prey on poorly configured systems and inadequately applied patches, said Eugene Spafford, a computer sciences professor at Purdue University and an expert in information assurance. He said spies could even recruit DOD workers to install rogue information technology programs on department networks, allowing them to collect information. Denial-of-service attacks alone wouldn't allow spies to collect information.

"This would be the least likely to set off alarms, because too many government systems are designed with the majority of defenses at the perimeter and little focused inwards," Spafford said.

— Frank Tiboni


  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

  • gears and money (zaozaa19/

    Worries from a Democrat about the Biden administration and federal procurement

    Steve Kelman is concerned that the push for more spending with small disadvantaged businesses will detract from the goal of getting the best deal for agencies and taxpayers.

Stay Connected