China is suspected of hacking into Navy site

Naval War College systems off-line following network intrusion

Computer and e-mail systems are off-line at the Naval War College following a network intrusion Nov. 15. According to news reports, hackers in China attacked the Web site of the college, which trains senior Navy officers and develops cyberspace strategies.

Navy officials declined to comment on the source of the attack. “The nature and extent of the intrusion are operational issues, and I can’t discuss them further,” said Lt. Cmdr. Doug Gabos, spokesman for the Navy Cyber Defense Operations Command, which ordered the shutdown. The college’s site remains off-line pending an investigation.

DOD has removed the college’s systems from the Global Information Grid so investigators can recover from the intrusion and upgrade firewalls, he said, adding that the Naval War College is not part of the Navy Marine Corps Intranet.

One professor reportedly told his class that Chinese hackers took down the entire college network. There is no official confirmation that the attacks on the college’s networks came from China.

On Nov. 17, two days after the attack, DOD raised its departmentwide information warfare awareness level from Information Condition (Infocon) 5 to Infocon 4. But DOD officials denied that this was linked to the Naval War College incident.
“We do these things periodically,” said Tim Madden, spokesman for the Joint Task Force for Global Network Operations, which ordered the alert. Several factors contributed to the change, he said, including unspecified national security activities.

Cyber investigators can recognize network attackers through electronic signatures that they leave behind, said Alan Paller, director of research at the SANS Institute. In this case, DOD might be able to match the attackers to previous Chinese intrusions, such as the Titan Rain series of attacks from Guangdong Province, which started in 2003 and may still be occurring.

The college will probably have to replace all the computers affected by the attack, Paller said. “That’s the only confidence-building measure you can take,” he said. The Commerce Department’s Bureau of Industry and Security, which determines export restrictions for China, replaced hundreds of computers after recent network attacks.

Raising the Infocon alert level means tightening the perimeter by closing down ports, Paller said, but skilled hackers know how to avoid the perimeter when penetrating networks.

Chinese attacks on DOD systems are far more widespread than is publicly known, he said, but almost all attacks remain classified. “The problem is thousands of times bigger than what you hear,” he said.

China may pose only a potential military threat, but the cyberwar is on, said Larry Wortzel, chairman of the U.S.-China Economic and Security Commission. Cyberattacks against U.S. targets from China are frequent and sometimes damaging.

It’s difficult to pinpoint which Chinese organization is responsible for an attack, and Chinese servers may be used to launch attacks from other countries, Wortzel said. But the Chinese government employs 39,000 full-time Internet police. “If the government wanted to find hackers, they could do it, and they haven’t,” he said.

In many cases, the attacks seem targeted at U.S. systems that have a particular bearing on China. Commerce officials have confirmed that the attacks on Commerce  came from Chinese servers. And although the Navy is not yet confirming that the attack on the war college came from China, the college recently opened a China study center to look at the strategic implications of China’s military build-up, Wortzel said.

The Defense Department has determined that the Chinese government is responsible for some of the recent attacks on DOD networks, Wortzel said. The People’s Liberation Army operates its own engineering and electronic warfare schools, and each military region has electronic warfare regiments, he said.

According to a commission report, the PLA has gone from defending its own computer networks to attacking those of its adversaries, limiting their ability to obtain and process information.

The Naval War College educates more than 500 senior officers and 150 visiting military officers from various allied and partner countries every year.

The college also includes the Naval Strategic Studies Group, whose Web sites are also off-line. In an Oct. 16 memo, Chief of Naval Operations Adm. Michael Mullen told the group to develop new concepts and strategies to wage war in cyberspace.

The college is a prime target because of the nature of the subject matter taught there, Paller said. “This is the place where they teach tactics, and tactics are the most closely held secret that our country has.” The attack was an isolated incident and has not affected other parts of DOD, Gabos said.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • FCW @ 30 GPS

    FCW @ 30

    Since 1986, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

  • Shutterstock image.

    Merged IT modernization bill punts on funding

    A House panel approved a new IT modernization bill that appears poised to pass, but key funding questions are left for appropriators.

  • General Frost

    Army wants cyber capability everywhere

    The Army's cyber director said cyber, electronic warfare and information operations must be integrated into warfighters' doctrine and training.

  • Rising Star 2013

    Meet the 2016 Rising Stars

    FCW honors 30 early-career leaders in federal IT.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group