Security experts lift lid on Chinese hack attacks

Security experts lift lid on Chinese hack attacks

Summary: Hackers working for the Chinese government were responsible for the theft of US military secrets, claim security experts

TOPICS: Security

Security experts have revealed tantalising details about a group of Chinese hackers who are suspected of launching intelligence gathering attacks against the US government.

The hackers, who are believed to be based in the Chinese province of Guangdong, are thought to have stolen US military secrets, including aviation specifications and flight-planning software.

The US government has coined the term 'Titan Rain' to describe the hackers.

"From the Redstone Arsenal, home to the Army Aviation and Missile Command, the attackers grabbed specs for the aviation mission-planning system for Army helicopters, as well as Falconview 3.2, the flight-planning software used by the Army and Air Force," said Alan Paller, director of the SANS Institute, on Tuesday.

The team is thought to consist of 20 hackers. Paller claimed that the Chinese government was the most likely recipient of the information they intercepted.

"Of course it's the government. Governments will pay anything for control of other governments' computers. All governments will pay anything. It's so much better than tapping a phone," Paller told an event at the Department of Trade and Industry on Tuesday.

Titan Rain first came to public attention this summer, when the Washington Post  reported that Web sites in China were being used to target computer networks in the Defense Department and other US agencies.

Time  later reported that Titan Rain had been counter-hacked by a US security expert called Shawn Carpenter.

The attacks, which are ongoing, were particularly effective on the night of 1 November, 2004, said Paller, who outlined how the hackers first scanned then broke into US government computers.

At 2223 Pacific Standard Time, the Titan Rain hackers exploited vulnerabilities at the US Army Information Systems Engineering Command at Fort Huachuca, Arizona.

At 0119 they exploited the same hole in computers at the Defense Information Systems Agency in Arlington, Virginia.

At 0325 they hit the Naval Ocean Systems Center, a Defense Department installation in San Diego, California.

At 0446, they struck the United States Army Space and Strategic Defense installation in Huntsville, Alabama.

The UK is also under intelligence-gathering cyber-attack from the Far East, according to National Infrastructure Security Co-ordination Centre (NISCC). The government body cannot name the countries concerned as this may "ruin diplomatic efforts to halt the attacks", NISCC director Roger Cummings said on Tuesday.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Should China bear ALL the blame or should the OS maker share the blame for the lack of security. Oh, I
    forgot, once you say okay to the EULA the OS maker is no longer responsible. Sweeeeet.
  • If a PC is connected to the internet all the information on it is avalable to anyone with the skill to access it. I you want total security dont connect it to the net.