The new Trojan war

Annual Report to Congress: The Military Power of the People's Republic of China 2005

In mythology, the Greeks found an innovative way to avoid Troy's defenses. By offering the gift of a huge horse — hollowed out and filled with soldiers — the Greeks were able to bypass Troy's defenses and attack from the inside.

Today the Pentagon faces a similar situation. Adversaries have been attacking Defense Department computer networks in attempts to bypass the United States' formidable defenses and attack from the inside out.

Defense and industry officials describe DOD networks as the Achilles' heel of the powerful U.S. military. Securing military networks is even more critical in an increasingly transformed military in which information is as much a weapon as tanks and assault rifles.

DOD networks have been breached. Department officials acknowledged hackers attacked military networks almost 300 times in 2003 — sometimes by cyber Trojan horses, which can operate within an organization's network. DOD officials say intrusions reduced the military's operational capabilities in 2004.

The pace of the attacks has accelerated as adversaries honed in on this perceived weakness. DOD tallied almost 75,000 incidents on department networks last year, the most ever.

Top U.S. military cyberwarriors recently said that adversaries probe DOD computers within minutes of the systems' coming online. The cyberwarriors described DOD's computer network defense strategy as a battle of attrition in which neither side has an advantage. Retired Army officers and industry officials say Chinese hackers are the primary culprits.

During the past five years, Chinese hackers have successfully probed and penetrated DOD networks. In one intrusion, they used a Trojan horse — a program containing malicious code in an e-mail or adware — to obtain data on a future Army command and control system.

DOD takes the intrusions seriously. One of the military's proposals to strengthen its networks is building fake networks, sometimes called "Honeynets," which divert attackers from critical systems.

Yet some industry officials say Chinese hackers have already obtained the technology to challenge the U.S. military and its evolving network-centric warfare strategy, which connects systems to send information to warfighters faster.

Many networks

DOD operates 3.5 million PCs and 100,000 local-area networks at 1,500 sites in 65 countries, and it runs thousands of applications on 35, major voice, video and data networks, including the Non-Classified IP Router Network, which is connected to the Internet and the Secret IP Router Network, which is not.

The networks provide combat information to civilians, warfighters and analysts in support or warfare roles, but the networks represent a key vulnerability.

DOD networks were hacked 294 times in 2003, said retired Air Force Lt. Gen. Harry Raduege during an industry luncheon briefing in December 2004. He is the former commander of the Joint Task Force for Global Network Operations (JTF-GNO), the organization that operates and defends DOD networks.

Department networks remained under attack in 2004, spurring Paul Wolfowitz, the former deputy secretary of Defense, to issue a memo telling the services to redouble cybersecurity efforts.

"Recent exploits have reduced operational capabilities on our networks," he wrote in an Aug. 15, 2004, memo.

"Our adversaries are able to inflict a substantial amount of harassment and a measurable amount of damage upon DOD communications networks at practically no cost to themselves," Army Col. Carl Hunt, JTF-GNO's director of technology and analysis, co-wrote in "Net Force Maneuver: A NetOps Construct."

Hunt did not name those harassing or hacking DOD networks. However, Army officers and industry officials pointed to Chinese hackers as the primary culprits.

"The Chinese were doing this on a regular basis," said Jack Keane, the former Army vice chief of staff who retired last year. He now works as a military consultant and advises URS. "That's a given. They're very aggressively getting capability."

Keane said he received briefings on China's hacking of DOD networks. "It's common knowledge in the Pentagon," he said.

He knew of no instances in which hackers penetrated DOD networks. However, a retired Army officer who worked in information assurance remembers a hacking three years ago at Aberdeen Proving Ground, Md., where the service tests weapon systems.

The retired Army officer, who now works in systems integration in industry and requested anonymity, said a Chinese hacker used a Trojan horse to penetrate a network there and downloaded information on the capabilities of a future Army command and control system for eight months before the service detected a security breach. The system was a prototype under development testing at Aberdeen.

The retired Army officer said the Aberdeen hacking is similar to intrusions during the past three years at other Army bases. The breaches caused the service to spend tens of millions of dollars to rebuild networks. In those incidents, hackers penetrated systems at Fort Campbell, Ky., home of the 101st Airborne Division; Fort Bragg, N.C., home of the 82nd Airborne Division; and Fort Hood, Texas, home of the 4th Infantry Division.

DOD has also said that the Chinese have targeted military networks. "Beijing has focused on building the infrastructure to develop advanced space-based command, control, communications, computers, intelligence, surveillance and reconnaissance and targeting capabilities," the Pentagon said in a report issued last month. "The People's Liberation Army has likely established information warfare units to develop viruses to attack enemy computer systems and networks, and tactics to protect friendly computer systems and networks."

Army documents on weaknesses in its computer network defenses and vulnerabilities in 10 systems include one that appears to show networks under attack by China.

Although DOD officials believe improved network management and vigilance would prevent 90 percent of hackings, 10 percent may still occur because they involve new intrusion methods.

"The threat is becoming more aggressive and sophisticated," said Army Brig. Gen. Dennis Via, deputy commander of JTF-GNO.

Hack attacks

Hackers likely harass and hack Defense Department networks using computer viruses, worms, adware and Trojan horses. They also prey on poorly configured systems and inadequately applied patches, said Eugene Spafford, a computer sciences professor at Purdue University and an expert in information assurance. He said spies could even recruit DOD workers to install rogue information technology programs on department networks, allowing them to collect information. Denial-of-service attacks alone wouldn't allow spies to collect information.

"This would be the least likely to set off alarms, because too many government systems are designed with the majority of defenses at the perimeter and little focused inwards," Spafford said.

— Frank Tiboni

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.