China's cyber-militia behind U.S. blackouts?

China's cyber-militia behind U.S. blackouts?

Summary: Chinese hackers may have been behind power blackouts in Florida and the Northeast, according to a report in the National Journal.The report, penned by Shane Harris for the National Journal, lays out a lengthy case that China has deployed hackers working unofficially and officially for the government and military to probe U.

SHARE:

Chinese hackers may have been behind power blackouts in Florida and the Northeast, according to a report in the National Journal.

The report, penned by Shane Harris for the National Journal, lays out a lengthy case that China has deployed hackers working unofficially and officially for the government and military to probe U.S. infrastructure. That conclusion isn't terribly surprising, but Harris lays out a bunch of interesting points in this must-read that's likely to get some attention today (Techmeme). One eye-opener is that the Chinese government makes little distinction between hackers that work for the government and freelance for giggles. The end result is a loose-knit cyber army.

Among the key excerpts from the National Journal report:

One prominent expert told National Journal he believes that China's People's Liberation Army played a role in the power outages. Tim Bennett, the former president of the Cyber Security Industry Alliance, a leading trade group, said that U.S. intelligence officials have told him that the PLA in 2003 gained access to a network thhttp://blog.wired.com/defense/2008/05/did-chinas-hack.htmlat controlled electric power systems serving the northeastern United States. The intelligence officials said that forensic analysis had confirmed the source, Bennett said.

My problem with this argument is that it's based on one source recounting intelligence officials that are unnamed. Kevin Poulsen shoots down the argument at Wired's Threat Level blog while colleague Noah Shachtman touts it. As Poulsen notes this China-behind-the-2003-blackout reasoning sounds like a conspiracy theory. The first reaction to the blackout in New York revolved around terrorism--after all it was only two years after Sept. 11, 2001.

In any case, I was caught in that blackout. It wasn't fun almost getting trampled at the ferry trying to get to Hoboken. Send my regards to whoever was responsible. Here's the Energy Department's final report on the 2003 blackout.

Back to those excerpts:

Bennett, whose former trade association includes some of the nation's largest computer-security companies and who has testified before Congress on the vulnerability of information networks, also said that a blackout in February, which affected 3 million customers in South Florida, was precipitated by a cyber-hacker. That outage cut off electricity along Florida's east coast, from Daytona Beach to Monroe County, and affected eight power-generating stations...A second information-security expert independently corroborated Bennett's account of the Florida blackout. According to this individual, who cited sources with direct knowledge of the investigation, a Chinese PLA hacker attempting to map Florida Power & Light's computer infrastructure apparently made a mistake.

And.

Joel Brenner, the U.S. counterintelligence chief, said he knows of "a large American company" whose strategic information was obtained by its Chinese counterparts in advance of a business negotiation. As Brenner recounted the story, "The delegation gets to China and realizes, ‘These guys on the other side of the table know every bottom line on every significant negotiating point.' They had to have got this by hacking into [the company's] systems."

And.

During a trip to Beijing in December 2007, spyware programs designed to clandestinely remove information from personal computers and other electronic equipment were discovered on devices used by Commerce Secretary Carlos Gutierrez and possibly other members of a U.S. trade delegation, according to a computer-security expert with firsthand knowledge of the spyware used.

And the hits just keep coming. The takeaway is that the U.S. government is waking up to the threat--very slowly-and for all we know is planting these tidbits. In any case, the conclusion is the same. The U.s. needs to step up it up on the cyber defense front.

Topics: China, Government, Government US, Malware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

60 comments
Log in or register to join the discussion
  • Oh, those dastardly Chinese,

    who now that Saddam is gone are responsible for all evil in the world, particularly the cyber world ! Is it symptomatic that the link to Kevin Poulsen's article, which, as Larry writes, ?shoots down the argument?, instead goes to an article by Noah Shachtman, who makes himself a mouthpiece for this convenient conspiracy theory ? (Poulsen's article can be found here : http://tinyurl.com/5lfvsw.) 2 - 0, in other words for Shachtman, who thus enjoys two links ! No doubt it's the Chinese who lie behind this !...

    Henri
    mhenriday
    • Actually that Dastardly Dignan

      I fixed the link going to Poulsen's story. My apologies. I wrote on the train, missed the cut and paste of the URL as I knew the wireless card was about to hit a dead spot. Happens every time around Secaucus, NJ. Anyway link fixed. Cheers.
      Larry Dignan
    • Only the U.S. is evil ...

      ... or so the spewage goes. What would your reaction be to a story that U.S. military had done the exact same thing? You would be out on the street protesting with "Code Pink" to remove the military recruitment office from Berkeley. I have no idea whether the Chinese are behind these hacks. However, your proposition that it's a figment of U.S. paranoia is more unfounded than the assertion that the Chinese may be involved, and just as insulting.

      China is one of the worst human-rights violators in world history. They are up there with Hitler, Stalin, Lenin, and the Khmer Rouge--all of them socialist/communist regimes. Any governing body that bases itself on atheistic principles in which there is non right or wrong and human beings have no innate value have always been the most corrupt regimes in history.

      Has your head been buried somewhere for the past 50 years? Or is your anti-Americanism running rampant? It seems it's a bit of both.
      lalogos
      • Modesty would suggest that supporters of a regime

        which has engaged in innumerable foreign wars 'round the world during the last six decades (without declaring a single one, in violation of that country's constitution - http://tinyurl.com/2padn), which is presently enganged in at least two (by proxy in several more), and which demonstrably engages in torture of its prisoners might be advised to be more circumspect in talking about human rights violations. As well known, glass houses are not immune to stones ! But the question I attempted to take up was the nature of the evidence for or against the proposition that Chinese hackers were responsible for this particular blackout. To my mind, Kevin Poulsen (thanks, Larry, for repairing the link !) effectively demolishes the theory :

        ?NERC's detailed 228-page final report found a complex confluence of events responsible, but not a single hacker. It traced the root cause of the outage to the utility company FirstEnergy's failure to trim back trees encroaching on high-voltage power lines in Ohio. When the power lines were ensnared by the trees, they tripped.?

        But Ialogos, you seem to avoid studiously (?) this issue, instead preferring to ascribe to me views on what you call ?US paranoia? and insinuating that my head has been buried ?somewhere? these last 50 years. Why do you choose a cheap [i]argumentum ad hominem[/i], instead of addressing the question at hand ? Nothing relevant to say ? In that case, would not silence have proven a better alternative ?...

        Henri
        mhenriday
        • Yep. FirstEnergy hugs.

          They take equally good care of their nuclear power plants.

          Edit: Wait! I just found out that Chinese "hackers" caused the lid of the reactor vessel to corrode. My mistake.
          seanferd
      • Not very socialist or communist when their people complain of poor quality

        http://www.cbsnews.com/stories/2008/05/29/world/main4134523.shtml?source=related_story

        "Chinese people have built up years of deep distrust of officials seen as corrupt and indifferent in a society where everyone scrambles for a piece of the blazing economy."
        HypnoToad
      • Wow.

        Don't look now, but your ignorance is showing.
        progressivepenguin
      • Hitler wasn't an atheist, stop that nonsense

        "I believe today that my conduct is in accordance with the will of the Almighty Creator."

        - Adolf Hitler, Mein Kampf, Vol. 1 Chapter 2
        bmerc
  • FUD?

    While Chinese owned companies (and being Communist, the government owns those companies) has been responsible for some things, no doubts there as the pet food and tooth paste can confirm, shouldn't a proper distinction be confirmed before empty blaming?

    How do we know the guilty hackers aren't Chinese? Or people in another country operating from China in an attempt to set them up (though why anybody would want to do that in a day and age when China is already more than happy to throw eggs on their own face is beyond me...)
    HypnoToad
    • for heaven sake..

      Cyber wars started some years ago, USA was literally ripped of their own ball with their DMCA (literally killing any good hacker and putting instead a "tamed good hacker").

      Some weeks ago, China suffered a counter-attack, a proof that the fact of this cyber war, currently a cold one but there are not warranty that the war will become a full scale war.

      In this case, there are some (digital) proof of a China's sponsored attack, not completelly chinese hacker but from other countries (specially russian). It's not easy to follow or track the order but the money transfer.


      Anyways, for good or bad,Olympic Games will be pretty exciting this year.
      magallanes
  • RE: China's cyber-militia behind U.S. blackouts?

    All such news stories fail to explain the network that was hacked.

    I certainly hope it was not the Internet that allowed the hackers in. To allow control of a power grid accessible from the Internet should be a crime in and of itself.

    So, Mr. Dignan, please tell us what network and how did the hackers get into it? By landline?
    plainstreet
  • It is not like the U.S.

    or any other country in the world employ hackers to break into each other countries' computer systems, correct?
    GuidingLight
  • What is the average age...

    of IT personnel working in mission critical areas? For some reason, the world thinks IT personnel nned to be young and right out of college. This isn't the case in any other profession. Experience is the number one qualifier for good help.

    So I ask again. What is the average age of the personnel responsible for security at places like power companies or anywhere else?
    bjbrock
    • Re: What is the average age

      I agree partially, Experience indeed counts. But again, an old person may not be experienced. As in my case, I've been into IT since 1990 and am 32 at the moment. So 16-17 years total experience, but i am not at old as one would expect a 17 year experienced guy in any other profession. Right?

      IT indeed is a bit different. You cannot rule out the possibility of a physically weak person (no matter what his age is) causing large damages.

      My two cents for the discussion..:)
      adaimages
  • RE: China's cyber-militia behind U.S. blackouts?

    I think the American Public need to wake up and ask their Govt. what is behind all the talk. A few sessions on the hill, with a bipartisan committee should be a good start. Is it possible that china is actually prodding back? Maybe not, but then again was the iron curtain just grey painted Paper Mache? lol, this is funny ???.. keep up the hearsay, it???s great for Fridays.
    adrianjgomes
    • "Ask their Gov't" ??!!

      "A few sessions on the hill, with a bipartisan committee should be a good start."...would do about as much good as pi**ing in the wind. Ass they have shown many many times before, all those windbags are good for is spending our tax money on "bridges to nowhere", personal junkets and constant arguments. they cannot even investigate their own members, let alone a foreign country! Maybe we should hire the Mossad to look into it, and FIX the problem.
      marquis
      • "Ask their Gov't" ??!

        Totally agree, get Mossad to look into it, we'll get more answers there than anywhere else!!
        rizlathecat
  • RE: China's cyber-militia behind U.S. blackouts?

    Why are we continuing to trade with these people? We are sending billions of dollars over there, making them richer and allowing them to have the resources with which to inflict havoc. When will we wake up?
    kevmark58
    • Why we are continuing to trade with these people

      Because most Americans don't want to pay $$$$ for American made products when they can get (almost) identical products for $$, made in China.

      Blame both the consumers who want to save a buck and the distributers who want higher profits.
      NGENeer
      • Shot term windfall profits for American corporations...

        don't get me wrong, I am all for corporate
        institutions, but like all other stakeholders in
        society, they must be forced to work within some
        framework of rules that insures they contribute
        to the overall wealth and health of the nation. If
        our corporate institutions cannot manage that
        goal, it would be time for us democratic citizens
        to reevaluate our commitment to these
        institutions, as our democratically chosen
        method for optimizing the global profits accruing
        to the ultimate shareholders in this great
        Enterprise we call democracy. And what exactly is
        that global profits accruing to the ultimate
        shareholders in this great Enterprise called
        democracy, why, it is the national standard of
        living, you know that metric that gauges our
        collective success at the old, pursuit of happiness
        thingy. Its about time we all started running this
        grand Enterprise we call democracy more like a
        corporate business, by focusing on maximizing
        profits for the owners/shareholders of this grand
        Enterprise called democracy. Those owners/shareholders would be us, the citizen,
        and the return on investment/profit we should
        expect from our grand democratic Enterprise is,
        a decent standard of living. When a business or
        corporation employs individuals to impediment
        their profit seeking efforts, the employee must constrain his behavior so as to contribute to the
        Enterprise's overall profit outcomes. If the
        employee fails to comply with these expectations
        she/he will fine her/himself reprimand and if the
        behavior persists ultimately dismissed. Similarly
        when the citizen/shareholders in this, ultimate
        free Enterprise, called democracy, choose to
        employ corporate institutions to facilitate their
        profit seeking, standard of living, those corporate
        institutions employed must constrain their
        behavior so as to contribute to the Enterprise's
        overall profit outcomes. That profit outcome, in
        the greatest of all free Enterprises, a democracy
        run by the people/citizens/shareholders for the
        people/citizens/shareholders, is their collective
        standard of living. If corporate institutions
        employed by the citizen/shareholders fail to
        comply with these expectations those institutions
        should like wise be reprimand and if the behavior persists ultimately dismissed.
        Now that said, I believe their is no better
        alternative to corporate institutions, as they are
        the only way to divide and conquer the only other
        alternative, centralize government ownership
        with all it's attending nepotism, corruption and inefficient waste. (caveat, their are IMHO a few
        natural monopolies that may be best mediated
        via collective government control, education
        systems, healthcare systems, armies, police,
        water systems and sewer systems) We now seem
        to have reached the other extreme. Uncontrolled, unresponsive corporate institutions that seem to
        feel on need to respond to the needs of the people/citizens/shareholders of this grand free Enterprise called democracy that have democratically chosen to employ these corporate
        institution to facilitate their profit seeking,
        standard of living. Many corporation, like out of control employees, now feel a sense of entitlement to pursue their own shot term
        agendas with no regard for the larger interest of
        their employer. It must be said that the blame
        here does not lay with the corporations! They are
        the institutions employed by the
        people/citizens/shareholders of this grand free
        Enterprise endeavor, we called democracy. Like
        employees everywhere, they cannot be blamed
        for chaos in their ranks, that responsibility rests
        firmly with the people/citizens/shareholders and
        the political managers they choose to hire/elect.
        The very structure of a corporation mandates
        that the management maximize all opportunities
        within the envelope of the law on behave of its
        shareholders. It is up to the people/citizens/shareholders of the democratic
        Enterprise and the political managers they elect
        to muster the effort, wisdom and political-will
        required to define a set of effective corporate constraints that balance the people/citizens/shareholder's pursuit of a
        profitable standard of living, with effective
        corporate constraints that retain enough flexibility to allow the creative power of corporate self-interest to flourish without biting the hand
        of the very citizens who have chosen to place
        their faith in free enterprise institutions.
        Corporate manager need a clear set of working
        rule that apply across the board. Rules that
        cannot be bought and sold to the highest
        corporate bidder. A clear and effective set of corporate constrain rule cannot be formulated or
        enforce until the citizens take back their sovereign control over the legislative rule of law
        mechanisms. This means every last cent of
        corporate money must be drained out of the
        political process, any thing less is not a real
        democracy and doomed to failure!

        The Chinese are creating an array of quasi corporate institutions under government control
        while in America an array of corporations are
        creating a quasi government under corporate
        control.

        [b]In the end you have very similar centralized oligarchies(a small group of people having
        control). Its is long past time for American
        citizens to stand up and fight for the ideals of
        their founding fathers. The free ride is over. It is
        time to question authority and thing for
        yourself![/b]
        raycote