Breach, Threat Management, Data Security, Incident Response, Malware, Phishing, TDR, Vulnerability Management

U.S. in middle of cyber war with China, Russia?

Updated Thursday, Jan. 17, 2008, at 2:30 p.m. EST.

The Cold War may be over, but the global battle over information security is heating up, as U.S. intelligence experts struggle to fend off relentless cyber attacks emanating from China and Russia on critical databases.


The New Yorker magazine published this week an interview with U.S. Director of National Intelligence (DNI) Mike McConnell in which it reported that the Defense Department currently is detecting about three million unauthorized probes on its computer networks every day. The State Department fends off two million probes daily, intelligence experts said in the article.


These probes often turn into full-scale attacks, the magazine reported, such as the assault last year on the Pentagon that resulted in 1,500 computers being taken offline. American allies also have been targeted: In May, the German government blamed the Chinese military after it discovered a spyware program had been planted inside government computers in several key ministries. Chinese officials called the accusation “preposterous.”


McConnell has made information security a top priority for the myriad intelligence agencies he oversees, including the NSA, CIA and the Pentagon's intelligence arm. The U.S. spy chief has proposed a new Cyber Security Policy, still in draft form, which recommends that access points between government computers and the internet be reduced from a current total of 2,000 to 50.


In November, President Bush requested $154 million in funding for what is expected to be a seven-year, multibillion-dollar program to track cyber threats on both government and private networks. According to a report in the Baltimore Sun, the Department of Homeland Security and the National Security Agency are planning to assign up to 2,000 people from both agencies to monitor critical infrastructure networks to prevent unauthorized intrusion.

However, key members of Congressional oversight committees on national security have complained that they have not been adequately briefed by the administration on the cybersecurity initiative, and they have expressed concern that the program may not have adequate privacy protections.

The DNI said in the New Yorker article that Chinese computer attacks have intensified in recent months, while hacking activity emanating from Russia has remained at Cold War levels. Ed Giorgio, a security consultant who worked at the NSA under McConnell, told the New Yorker that China now has 40,000 hackers collecting intelligence off U.S. information systems and those of U.S. allies.

However, former White House cybersecurity adviser Howard Schmidt, president and CEO of R&H Security Consulting, cautioned that the sheer volume of the hacking probes coming out of China is not conclusive proof that these attacks are being directed by the Chinese government.

"There is no consensus [among security experts] that a nation-state is behind this," Schmidt told "We don't know the motivation of the hackers and we don't know whose finger is on the keyboard. We shouldn't underestimate the ability of individuals to wreak havoc online."

Schmidt applauded McConnell's effort to limit access points between government networks and the internet, the first phase of which has been implemented by the federal Office of Management and Budget in an initiative called the Trusted Internet Connection project.

The former White House adviser also said concerns expressed in Congress regarding the impact of the administration's proposed cybersecurity effort on privacy should be fully debated before implementation. "There has to be transparency," he said.   

As intense as the assault on U.S. intelligence networks appears to be, cyberespionage directed by foreign governments against American companies is an even bigger problem, McConnell said. “The real question is what to do about industry. Ninety-five percent of this is a private-sector problem,” he told the New Yorker.


SANS Institute, in its annual listing of top 10 cyber menaces, this week put cyberespionage directed by foreign governments near the top of the list. SANS reported that China and other nations last year had engineered “massive penetration” of U.S. federal agencies and defense contractors, stealing terabytes of data, and that these attacks are expected to intensify this year.


“In 2008, despite intense scrutiny, these nation-state attacks will expand,” SANS warned. “More targets and increased sophistication will mean many successes for attackers. Economic espionage will be increasingly common as nation-states use cyber theft of data to gain economic advantage in multinational deals.”


SANS said the “attack of choice” by foreign cyber warriors is a form of targeted spear phishing using attachments and well-researched social engineering methods to make the victim believe that an attachment comes from a trusted source. SANS also said overseas hackers are making use of newly discovered Microsoft Office vulnerabilities and hiding their techniques to circumvent virus checking.








Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.