<<< Date Index >>>     <<< Thread Index >>>

[IP] Commerce Dept's Computer System Under Attack from China





Begin forwarded message:

From: Ari Ollikainen <Ari@xxxxxxxxxx>
Date: October 7, 2006 11:25:32 AM EDT
To: David Farber <dave@xxxxxxxxxx>
Subject: Commerce Dept's Computer System Under Attack from China

        For IP... This is sooo wrong... see last paragraph.

http://www.washingtonpost.com/wp-dyn/content/article/2006/10/05/ AR2006100501781.html

Computer System Under Attack
Commerce Department Targeted; Hackers Traced to China

By Alan Sipress
Washington Post Staff Writer
Friday, October 6, 2006; A21

Hackers operating through Chinese Internet servers have launched a
debilitating attack on the computer system of a sensitive Commerce
Department bureau, forcing it to replace hundreds of workstations and
block employees from regular use of the Internet for more than a
month, Commerce officials said yesterday.

The attack targeted the computers of the Bureau of Industry and
Security, which is responsible for controlling U.S. exports of
commodities, software and technology having both commercial and
military uses. The bureau has stepped up its activity in regulating
trade with China in recent years as the United States increased its
exports of such dual-use items to the growing Chinese market.

This marked the second time in recent months that U.S. officials
confirmed that a major attack traced to China had succeeded in
penetrating government computers.

"Through established security procedures, BIS discovered a targeted
effort to gain access to BIS user accounts," said Commerce Department
spokesman Richard Mills. "We have no evidence that BIS data has been
lost or compromised."

The significance of the attacks was underscored in a series of
e-mails sent to BIS employees by acting Undersecretary of Commerce
Mark Foulon since July, informing them of "a number of serious
threats to the integrity of our systems and data." In an August
e-mail, Foulon reported that the bureau had "identified several
successful attempts to attack unattended BIS workstations during the
overnight hours." Then, early last month, he wrote: "It has become
clear that Internet access in itself is a vulnerability that we
cannot mitigate. We have tried incremental steps and they have proven
insufficient."

A source familiar with the security breach said the hackers had
penetrated the computers with a "rootkit" program, a stealthy form of
software that allows attackers to mask their presence and then gain
privileged access to the computer system. The attacks were traced to
Web sites registered on Chinese Internet service providers, Commerce
officials said. "We determined they were owned by the Chinese," a
senior Commerce official said. He did not say who in China was
responsible or whether officials had even been able to identify the
culprits. Although bureau employees were informed of the problem in
July, commerce officials declined to say when the attacks were
discovered and how long they had been going on. Only over time did
bureau officials realize the extent of the damage from the breach.

"The more we learned, the more we did," the senior official said.

Since Sept. 1, the bureau has blocked employees from accessing the
Internet from their own computers. Instead, several separate
computers unconnected to the BIS computer network have been set up so
employees can try to continue carrying out their duties.

Commerce officials have also decided they cannot salvage the
workstations that employees had been using and instead will build an
entirely new system for the bureau in the coming months with "clean
hardware and clean software," the senior official said. Foulon told
employees in late August that they hoped to replace all the bureau's
workstations within three months.

The official acknowledged that some of the emergency measures have
made it more difficult for the bureau to communicate with other
government agencies and the public, including companies that turn to
BIS for export licenses.

In July, the State Department confirmed that hackers in China had
broken into its computers in Washington and overseas. Last year, U.S.
officials reported that the Defense Department and other U.S.
agencies were under relentless attack from unidentified computers in
China.

China has long been a focus of high-level attention at BIS and was
the destination for the largest number of licenses approved by the
bureau in 2004, according to the bureau's most recent annual report.
In weighing applications for licenses, bureau officials seek to
protect U.S. national security interests without hamstringing
legitimate commercial trade.

Commerce officials recently reported that they had taken significant
steps to enhance computer security at the department, both by
deploying new software and improving the management of the system.

These steps came after the General Accounting Office (since renamed
the Government Accountability Office) issued a scathing report five
years ago, which concluded that "significant and pervasive computer
security weaknesses place Department of Commerce systems at risk."
The report found that outsiders could gain unauthorized access to the
computer system and access confidential data. "Intruders could
disrupt the operations of systems that are critical to the mission of
the department," the report found.

--

                                 - - -

        Paranoia is just knowing all the facts -- Willam S Burroughs, Jr.


-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/