Someone - or many someones - using computers based in China is launching a large-scale attack on nonclassifed US government computers - including the Defense, State, Energy and Homeland Security departments. But government officials told the Washington Post, it's not clear whether that's the Chinese government, other governments, or just unrelated hacking.
"The scope of this thing is surprisingly big," said one official about the incidents, which investigators call Titan Rain. "It's not just the Defense Department but a wide variety of networks that have been hit. This is an ongoing, organized attempt to siphon off information from our unclassified systems."
"Like everybody connected to the Internet, we're seeing a huge spike" in outside scanning of Pentagon systems, said Lt. Col. Mike VanPutte, vice director of operations at the task force. "That's really for two reasons. One is, the tools are much simpler today. Anyone can download an attack tool and target any block on the Internet. The second is, the intrusion detection systems in place today," which are more sophisticated and can identify more attacks.
Pentagon figures show that more attempts to scan Defense Department systems come from China, which has 119 million Internet users, than from any other country. VanPutte said this does not mean that China is where all the probes start, only that it is "the last hop" before they reach their targets.
He noted that China is a convenient "steppingstone" for hackers because of the large number of computers there that can be compromised. Also, tracing hackers who use Chinese networks is complicated by the lack of cyber investigation agreements between China and the United States, another task force official said.
Still, a DOD report notes that the Chinese government is heavily invested in cyberwarfare. "The PLA has likely established information warfare units to develop viruses to attack enemy computer systems and networks, and tactics to protect friendly computer systems and networks," the report said. "The PLA has increased the role of CNO [computer network operations] in its military exercises. Although initial training efforts focused on increasing the PLA's proficiency in defensive measures, recent exercises have incorporated offensive operations, primarily as first strikes against enemy networks."