China is suspected of hacking into Navy site
Naval War College systems off-line following network intrusion
- By Josh Rogin
- Dec 04, 2006
Computer and e-mail systems are off-line at the Naval War College following a network intrusion Nov. 15. According to news reports, hackers in China attacked the Web site of the college, which trains senior Navy officers and develops cyberspace strategies.
Navy officials declined to comment on the source of the attack. “The nature and extent of the intrusion are operational issues, and I can’t discuss them further,” said Lt. Cmdr. Doug Gabos, spokesman for the Navy Cyber Defense Operations Command, which ordered the shutdown. The college’s site remains off-line pending an investigation.
DOD has removed the college’s systems from the Global Information Grid so investigators can recover from the intrusion and upgrade firewalls, he said, adding that the Naval War College is not part of the Navy Marine Corps Intranet.
One professor reportedly told his class that Chinese hackers took down the entire college network. There is no official confirmation that the attacks on the college’s networks came from China.
On Nov. 17, two days after the attack, DOD raised its departmentwide information warfare awareness level from Information Condition (Infocon) 5 to Infocon 4. But DOD officials denied that this was linked to the Naval War College incident.
“We do these things periodically,” said Tim Madden, spokesman for the Joint Task Force for Global Network Operations, which ordered the alert. Several factors contributed to the change, he said, including unspecified national security activities.
Cyber investigators can recognize network attackers through electronic signatures that they leave behind, said Alan Paller, director of research at the SANS Institute. In this case, DOD might be able to match the attackers to previous Chinese intrusions, such as the Titan Rain series of attacks from Guangdong Province, which started in 2003 and may still be occurring.
The college will probably have to replace all the computers affected by the attack, Paller said. “That’s the only confidence-building measure you can take,” he said. The Commerce Department’s Bureau of Industry and Security, which determines export restrictions for China, replaced hundreds of computers after recent network attacks.
Raising the Infocon alert level means tightening the perimeter by closing down ports, Paller said, but skilled hackers know how to avoid the perimeter when penetrating networks.
Chinese attacks on DOD systems are far more widespread than is publicly known, he said, but almost all attacks remain classified. “The problem is thousands of times bigger than what you hear,” he said.
China may pose only a potential military threat, but the cyberwar is on, said Larry Wortzel, chairman of the U.S.-China Economic and Security Commission. Cyberattacks against U.S. targets from China are frequent and sometimes damaging.
It’s difficult to pinpoint which Chinese organization is responsible for an attack, and Chinese servers may be used to launch attacks from other countries, Wortzel said. But the Chinese government employs 39,000 full-time Internet police. “If the government wanted to find hackers, they could do it, and they haven’t,” he said.
In many cases, the attacks seem targeted at U.S. systems that have a particular bearing on China. Commerce officials have confirmed that the attacks on Commerce came from Chinese servers. And although the Navy is not yet confirming that the attack on the war college came from China, the college recently opened a China study center to look at the strategic implications of China’s military build-up, Wortzel said.
The Defense Department has determined that the Chinese government is responsible for some of the recent attacks on DOD networks, Wortzel said. The People’s Liberation Army operates its own engineering and electronic warfare schools, and each military region has electronic warfare regiments, he said.
According to a commission report, the PLA has gone from defending its own computer networks to attacking those of its adversaries, limiting their ability to obtain and process information.
The Naval War College educates more than 500 senior officers and 150 visiting military officers from various allied and partner countries every year.
The college also includes the Naval Strategic Studies Group, whose Web sites are also off-line. In an Oct. 16 memo, Chief of Naval Operations Adm. Michael Mullen told the group to develop new concepts and strategies to wage war in cyberspace.
The college is a prime target because of the nature of the subject matter taught there, Paller said. “This is the place where they teach tactics, and tactics are the most closely held secret that our country has.” The attack was an isolated incident and has not affected other parts of DOD, Gabos said.