Hacker Attacks Linked To Chinese Military

[Ryan Ruck]

Hacker Attacks In US Linked To Chinese Military

A systematic effort by hackers to penetrate US government and industry computer networks stems most likely from the Chinese military, the head of a leading security institute said. The attacks have been traced to the Chinese province of Guangdong, and the techniques used make it appear unlikely to come from any other source than the military, said Alan Paller, the director of the SANS Institute, an education and research organization focusing on cybersecurity.

"These attacks come from someone with intense discipline. No other organization could do this if they were not a military organization," Paller said in a conference call to announced a new cybersecurity education program.

In the attacks, Paller said, the perpetrators "were in and out with no keystroke errors and left no fingerprints, and created a backdoor in less than 30 minutes. How can this be done by anyone other than a military organization?"

Paller said that despite what appears to be a systematic effort to target government agencies and defense contractors, defenses have remained weak in many areas.

"We know about major penetrations of defense contractors," he said.

Security among private-sector Pentagon contractors may not be as robust, said Paller, because "they are less willing to make it hard for mobile people to get their work done."

Paller said the US government strategy appears to be to downplay the attacks, which has not helped the situation.

"We have a problem that our computer networks have been terribly and deeply penetrated throughout the United States ... and we've been keeping it secret," he said.

"The people who benefit from keeping it secret are the attackers."

Although Paller said the hackers probably have not obtained classified documents from the Pentagon, which uses a more secure network, it is possible they stole "extremely sensitive" information.

He said it has been documented that US military flight planning software from its Redstone Arsenal was stolen.

Pentagon officials confirmed earlier this year that US Defense Department websites are probed hundreds of times a day by hackers, but maintained that no classified site is known to have been penetrated by hackers.

The US military has code-named the recent hacker effort "Titan Rain" and has made some strides in counter-hacking to identify the attackers, Paller said. This was first reported by Time magazine.

Paller said a series of attacks on British computer networks reported earlier this year may have similar goals, but seems to use different techniques.

In the United States, he said there are some areas of improvement such as the case of the Air Force, which has been insisting on better security from its IT vendors. But he argued that "the fundamental error is that America's security strategy relies on writing reports rather than hardening systems."

[Ryan Ruck]

StrategyPage Server Stormed

December 17, 2005: StrategyPage doesn’t just report on Cyber War, sometimes we get caught in the middle of it. We got an electronic nastygram from China recently when, as we were installing a new server, at a hosting site (to improve response time, and lessen the workload on the volunteer staffers who maintain the server). There was a gap of a few days between the time the new server went online, and the hardware firewall (which is a bear to configure) got installed. Into that opening, some Chinese hackers got onto the server and tried to take it over. Actually, it was unclear what they were trying to do, but they did it at 2 AM, when one of our techies was trying to get onto the server to do some database maintenance, the hack attempt was noticed. There ensued a duel between our two guys and the Chinese. The Chinese lost, and we found out they were Chinese when we examined the tools and documents they left behind once they were locked out. Based on that, and the fight they put up, it appears it may have been a training exercise. When China trains its Internet warriors, it sends them out on training missions, to get into a vulnerable server and do the sort of things (like planting a rootkit) that one would do in preparation for a Cyber War. Of course, they could have just been part of a criminal gang, collecting zombie machines to use for extortion and other illegal Internet activities. But they way they were not all business when they were caught, and seemed a little green, indicated someone on some kind of training mission. Their tools and entry methods were more typical of a well equipped hacking enterprise. Actually, it could also have been a very elaborate bot (an automated hacking program). It did leave some code behind, and some modifications to some of our news databases. Whatever it was, it was apparently not completely set up before we cut off the hacker access and deleted stuff that was left on our server. We reformatted and reloaded from backups and were back in business in a few hours.

All this during the last week of November, and, after three unsuccessful attacks, someone got in and modified out main page. They did this by installing an encrypted JavaScript Trojan that would try to infect client machines (this sometimes triggered a virus alarm with some anti-virus programs). The JavaScript was poorly written, and the Trojan was unable to carry out this infection. The Trojan concept was clever enough, tt was included in an < iframe > tag which basically allows a web page to be included on another webpage – in this case, ours. The other webpage was hosted on a server called freewebs.com, but the hacker webpage was gone, removed by the hosting service, by the time we went looking for it (about 12 hours after our page was hacked).

Those hackers have not been back. We piled up additional defense and tripwires, to hold us until the hardware firewall went online last week. None of these attacks got close to any customer data, which is kept on a separate server (at another location, there are actually three physically very separate servers running StrategyPage.)

As a practical matter, no server on the planet, that is connected to the Internet, is invulnerable to an attack. But if you put up stout enough defenses, you reduce the number of hackers skillful enough to get through, and increase the chances of the attacker getting caught. That’s how financial institutions, which are the most attacked targets, maintain their defenses. The most skilled hackers want to avoid arrest, so they tend to avoid taking on these heavily defended servers. There are plenty of less well defended targets, and that’s who the hackers are now going after. Well, except for one fellow, who we’ve tracked back to Montevallo University in Montevallo, Alabama. So, either we have a student from there doing this or (more likely) they have a school PC that was taken over by a hack, and turned into a zombie. He’s hammering, futilely, at port 1305 on our main server. The hardware firewall just notes this for us, and life goes on.

[Phil Fiord]

New information is out on China's IT attack strategy in the formation of their modern .mil structure. There is a link in paragraph 2 for a defense department pdf report on The Military Power of the Peoples Republic of China.

Story link:
http://www.pcworld.com/article/id,13...1/article.html

China Crafts Cyberweapons

The Defense Department reports China is building cyberwarfare units and developing viruses.

Sumner Lemon, IDG News Service

Monday, May 28, 2007 10:00 AM PDT
The People's Liberation Army (PLA) continues to build cyberwarfare units and develop viruses to attack enemy computer systems as part of its information-warfare strategy, the U.S. Department of Defense (DOD) warned in a report released on Friday.


"The PLA has established information warfare units to develop viruses to attack enemy computer systems and networks," the annual DOD report on China's military warned. At the same, Chinese armed forces are developing ways to protect its own systems from an enemy attack, it said, echoing similar warnings made in previous years.


These capabilities are part of China's ongoing military modernization efforts, which have seen the country add dozens of high-tech fighters and ballistic missiles to its arsenal. China isn't alone in building the capability to attack an enemy's computer systems. The U.S. and other countries have developed similar abilities.


The PLA's virus-writing efforts have been underway for years, reflecting the importance that China apparently attaches to information warfare. As early as 2000, the DOD warned, "China has the capability to penetrate poorly protected U.S. computer systems and potentially could use CNA [computer network attacks] to attack specific U.S. civilian and military infrastructures."
In recent years, the PLA has begun training more seriously for computer attacks, including them as part of larger military exercises in 2005.


The main focus of China's military modernization efforts are Taiwan, an island nation that China views as a renegade province. The two separated in 1949 after a civil war between the Communist and Nationalist armies, with the Nationalist forces retreating to Taiwan. China has long threatened to attack Taiwan if the island formally declares independence, and the expansion of China's military capabilities are largely geared towards a possible attack against Taiwan.


"A limited military campaign could include computer network attacks against Taiwan’s political, military, and economic infrastructure to undermine the Taiwan population’s confidence in its leadership," the report said.
But the U.S., which would likely intervene in a Chinese attack on Taiwan, is also a potential target, it said.

[Brian Baldwin]

And why isn't America responding in kind? We have very good hackers in the states...

[Phil Fiord]

white hat vs black hat times I guess, huh?

[Brian Baldwin]

Seems only prudent to step up hacker attacks from our end. Of course lack of articles on that subject doesn't mean we're not either I suppose.

[Jag]

By Demetri Sevastopulo in Washington and Richard McGregor in Beijing
Published: September 3 2007 19:00 | Last updated: September 3 2007 20:53

The Chinese military hacked into a Pentagon computer network in June in the most successful cyber attack on the US defence department, say American ­officials.

The Pentagon acknowledged shutting down part of a computer system serving the office of Robert Gates, defence secretary, but declined to say who it believed was behind the attack.


Current and former officials have told the Financial Times an internal investigation has revealed that the incursion came from the People’s Liberation Army.

One senior US official said the Pentagon had pinpointed the exact origins of the attack. Another person familiar with the event said there was a “very high level of confidence...trending towards total certainty” that the PLA was responsible. The defence ministry in Beijing declined to comment on Monday.

Angela Merkel, Germany’s chancellor, raised reports of Chinese infiltration of German government computers with Wen Jiabao, China’s premier, in a visit to Beijing, after which the Chinese foreign ministry said the government opposed and forbade “any criminal acts undermining computer systems, including hacking”.

“We have explicit laws and regulations in this regard,” said Jiang Yu, from the ministry. “Hacking is a global issue and China is frequently a victim.”

George W. Bush, US president, is due to meet Hu Jintao, China’s president, on Thursday in Australia prior to the Apec summit.

The PLA regularly probes US military networks – and the Pentagon is widely assumed to scan Chinese networks – but US officials said the penetration in June raised concerns to a new level because of fears that China had shown it could disrupt systems at critical times.

“The PLA has demonstrated the ability to conduct attacks that disable our system...and the ability in a conflict situation to re-enter and disrupt on a very large scale,” said a former official, who said the PLA had penetrated the networks of US defence companies and think-tanks.

Hackers from numerous locations in China spent several months probing the Pentagon system before overcoming its defences, according to people familiar with the matter.

The Pentagon took down the network for more than a week while the attacks continued, and is to conduct a comprehensive diagnosis. “These are multiple wake-up calls stirring us to levels of more aggressive vigilance,” said Richard Lawless, the Pentagon’s top Asia official at the time of the attacks.

The Pentagon is still investigating how much data was downloaded, but one person with knowledge of the attack said most of the information was probably “unclassified”. He said the event had forced officials to reconsider the kind of information they send over unsecured e-mail systems.

John Hamre, a Clinton-era deputy defence secretary involved with cyber security, said that while he had no knowledge of the June attack, criminal groups sometimes masked cyber attacks to make it appear they came from government computers in a particular country.

The National Security Council said the White House had created a team of experts to consider whether the administration needed to restrict the use of BlackBerries because of concerns about cyber espionage.

http://www.ft.com/cms/s/0/9dba9ba2-5...0779fd2ac.html

Jag

[Ryan Ruck]

I was just reading this article elsewhere...

This Chinese hacking problem has progressively gotten more and more severe, starting with small annoyances several years ago and progressing to where we are now. It's only going to get worse!

[American Patriot]

They've been doing it for a couple of years, getting more and more aggressive, but I have extreme doubts they got to "classified" stuff. They'd have to be able to get in, authenticate, have the right rencryption codes, equipment, etc.

I have my doubts about how "good" the attack actually was.

[Ryan Ruck]

They've been doing it for a couple of years, getting more and more aggressive, but I have extreme doubts they got to "classified" stuff. They'd have to be able to get in, authenticate, have the right rencryption codes, equipment, etc.

I have my doubts about how "good" the attack actually was.

Rick, don't forget, they got to pick over that EP-3 pretty good before we got it back in crates.

[American Patriot]

Well... true. But, one would THINK that all current electronics would have been changed, and what the hell, codes are changed... frequently (aren't they?)

[Ryan Ruck]

I'd imagine the codes are. But, I'm not so sure about the equipment... Remember, this was only 6 years ago and we all know how far behind the curve the mil/gov is in deploying equipment (i.e. F-22 has late 80s-early 90s electronics).

Not to mention, codes can be obtained from people with few scruples and enough $$$...

[American Patriot]

Chinese hackers attack British gov't computer networks
breitbart.com ^ | 09/05/07 | Unknown

Chinese hackers, some believed to be from the People's Liberation Army, have been attacking the computer networks of British government departments, the Guardian reported Wednesday.

The disclosures came after reports that the Chinese military had hacked into a Pentagon military computer network in June. The Financial Times said Tuesday that American officials called it the most successful cyber attack on the Pentagon.

The attackers have hit the network at the British Foreign Office as well as those in other key departments, Whitehall officials were cited by the Guardian as saying.

The Ministry of Defense declined Tuesday to say whether it had been hit. An incident last year that shut down part of the House of Commons computer system, initially believed to be by an individual, was discovered to be the work of an organized Chinese hacking group, officials reportedly said.

Security and defense officials are coy about what they know of specific attacks. However, they say several Whitehall departments have fallen victim to China's cyberwarriors. One expert described it as a "constant ongoing problem," the report said.

Defense department officials confirmed that there had been a "detected penetration" of elements of the email system used by the network serving the office of Robert Gates, the U.S. defense secretary. U.S. officials were reported to have said that an investigation had discovered that the People's Liberation Army was responsible.

The United States reportedly gave the codename "Titan Rain" to the growing number of Chinese attacks, notably directed at the Pentagon but also hitting other U.S. government departments, over the past few years.

The latest attack caused some minor administrative disruptions, but there had been no adverse impact on operations, an official was quoted as saying.

Analysts have argued over the seriousness of the attacks, and China has officially denied responsibility.

(Excerpt) Read more at breitbart.com ...

[Ryan Ruck]

I went ahead and merged the thread on this latest incursion with this one Rick just added to.

[Ryan Ruck]

China's Cyber Army Is Preparing To March On America, Says Pentagon

Chinese military hackers have prepared a detailed plan to disable America's aircraft battle carrier fleet with a devastating cyber attack, according to a Pentagon report obtained by The Times.

The blueprint for such an assault, drawn up by two hackers working for the People's Liberation Army (PLA), is part of an aggressive push by Beijing to achieve "electronic dominance" over each of its global rivals by 2050, particularly the US, Britain, Russia and South Korea.

China's ambitions extend to crippling an enemy's financial, military and communications capabilities early in a conflict, according to military documents and generals' speeches that are being analysed by US intelligence officials. Describing what is in effect a new arms race, a Pentagon assessment states that China's military regards offensive computer operations as "critical to seize the initiative" in the first stage of a war.

The plan to cripple the US aircraft carrier battle groups was authored by two PLA air force officials, Sun Yiming and Yang Liping. It also emerged this week that the Chinese military hacked into the US Defence Secretary's computer system in June; have regularly penetrated computers in at least 10 Whitehall departments, including military files, and infiltrated German government systems this year.

Cyber attacks by China have become so frequent and aggressive that President Bush, without referring directly to Beijing, said this week that "a lot of our systems are vulnerable to attack". He indicated that he would raise the subject with Hu Jintao, the Chinese President, when they met in Sydney at the Apec summit. Mr Hu denied that China was responsible for the attack on Robert Gates, the US Defence Secretary.

Larry M. Wortzel, the author of the US Army War College report, said: "The thing that should give us pause is that in many Chinese military manuals they identify the US as the country they are most likely to go to war with. They are moving very rapidly to master this new form of warfare." The two PLA hackers produced a "virtual guidebook for electronic warfare and jamming" after studying dozens of US and Nato manuals on military tactics, according to the document.

The Pentagon logged more than 79,000 attempted intrusions in 2005. About 1,300 were successful, including the penetration of computers linked to the Army's 101st and 82nd Airborne Divisions and the 4th Infantry Division. In August and September of that year Chinese hackers penetrated US State Department computers in several parts of the world. Hundreds of computers had to be replaced or taken offline for months. Chinese hackers also disrupted the US Naval War College's network in November, forcing the college to shut down its computer systems for several weeks. The Pentagon uses more than 5 million computers on 100,000 networks in 65 countries.

Jim Melnick, a recently retired Pentagon computer network analyst, told The Times that the Chinese military holds hacking competitions to identify and recruit talented members for its cyber army.

He described a competition held two years ago in Sichuan province, southwest China. The winner now uses a cyber nom de guerre, Wicked Rose. He went on to set up a hacking business that penetrated computers at a defence contractor for US aerospace. Mr Melnick said that the PLA probably outsourced its hacking efforts to such individuals. "These guys are very good," he said. "We don't know for sure that Wicked Rose and people like him work for the PLA. But it seems logical. And it also allows the Chinese leadership to have plausible deniability."

In February a massive cyber attack on Estonia by Russian hackers demonstrated how potentially catastrophic a preemptive strike could be on a developed nation. Pro-Russian hackers attacked numerous sites to protest against the controversial removal in Estonia of a Russian memorial to victims of the Second World War. The attacks brought down government websites, a major bank and telephone networks.

Linton Wells, the chief computer networks official at the Pentagon, said that the Estonia attacks "may well turn out to be a watershed in terms of widespread awareness of the vulnerability of modern society".

After the attacks, computer security experts from Nato, the EU, US and Israel arrived in the capital, Tallinn, to study its effects.

Sami Saydjari, who has been working on cyber defence systems for the Pentagon since the 1980s, told Congress in testimony on April 25 that a mass cyber attack could leave 70 per cent of the US without electrical power for six months.

He told The Times that all major nations – including China – were scrambling to defend against, and working out ways to cause, "maximum strategic damage" by taking out banking systems, power grids and communications networks. He said that there were at least a thousand attempted attacks every hour on American computers. "China is aggressive in this," he said.

[Ryan Ruck]

China Accused Of Cyberattacks On New Zealand

The New Zealand secret service has suggested the Chinese government was behind attacks on the country's networks.

New Zealand Prime Minister Helen Clark yesterday assured reporters that no classified information had been compromised but confirmed that she believes that foreign-government spies were behind the cyberattack.

While Clark said officials know which government was behind the attack, she would not name the country suspected.

"We have very smart people to provide protection every time an attack is tried. Obviously, we learn from that," she told reporters.

Warren Tucker, New Zealand's Security Intelligence Service director, hinted to local newspaper The Dominion Post that the Chinese government was responsible for the attacks, referring to previous allegations about the country's spying activities by Canada's secret service.

The allegations come only a week after the Chinese foreign ministry denied that the Chinese government had endorsed attacks on the computer networks of Germany, the United States and the United Kingdom.

"Any accusation of Chinese military force attacking computer systems of foreign governments is groundless, irresponsible and out of ulterior motives," Chinese foreign-ministry representative Jiang Yu said in a recent press conference. "As far as I know, up till now, the Chinese police have not received any request for investigation assistance from the relevant countries."

[Ryan Ruck]

France Reports Cyberattacks From China

French government officials say they are now the fourth victim of cyberattacks originating from China, saying the attacks are similar to those reported by other countries. In the past three weeks, government officials in Germany, the United States and the United Kingdom have claimed that cyberattacks on government systems have originated from China. Chinese officials have denied they are behind the attacks. French officials were careful not to implicate the Chinese government as the source of the attacks.

[Ryan Ruck]

China Has Penetrated Key U.S. Databases: SANS Director

An aggressive, non-stop campaign by China to penetrate key government and industry databases in the United States already has succeeded and the United States urgently needs to monitor all internet traffic to critical government and private-sector networks "to find the enemy within," SANS Institute Director of Research Alan Paller told SCMagazineUS.com.

"They are already in and we have to find them," Paller said.

Paller said that empirical evidence analyzed by researchers leaves little doubt that the Chinese government has mounted a non-stop, well-financed attack to breach key national security and industry databases, adding that it is likely that this effort is making use of personnel provided by China's People's Liberation Army.

The "smoking guns" pointing to a government-directed effort are keystroke logs of the attacks, which have been devoid of errors usually found in amateur hack attacks, the use of spear phishing to gain entry into computer networks, and the massively repetitive nature of the assault, the SANS research director said.

"This is not amateur hacking. They are going back to the same places 100 times a day, every day. This kind of an effort requires a massive amount of money and resources," Paller told SCMagazineUS.com.

Paller said that monitoring all internet traffic – including email – to government and private-sector networks is necessary in order to pinpoint breaches and, ultimately, to prevent cyberspies from extracting critical data. The traffic must be carefully analyzed to detect "micro-patterns" that reveal breaches, he said.

"We have to find the needle in the haystack," he said.

SANS earlier this week placed espionage from China and other nations near the top of its annual list of cybersecurity menaces, reporting that targeted spear phishing is the weapon of choice used in the assault on U.S. databases and those of its allies.

"They are using spear phishing because it is so effective, and it is the least difficult technique [of gaining entry]" Paller said. "They can target anyone within an organization who has a computer. Once they get in, they can go everywhere."

In November, President Bush requested $154 million in funding for what is expected to be a seven-year, multibillion-dollar program to track cyberthreats on government and private networks. The proposed countermeasures include the reduction of access points between government computers and the internet from a current level of 2,000 to 50, and the assignment of up to 2,000 DHS and NSA security experts to full-time monitoring of critical infrastructure networks to prevent unauthorized instrusion.

Key members of Congressional oversight committees have complained that they have not been fully briefed on the proposal and they have raised concerns about the potential infringement on privacy.

According to the SANS research director, the monitoring envisioned by the government's cybersecurity plan can be implemented without trampling on privacy rights as long as procedures are in place to ensure that it is the traffic itself, rather than the contents of email messages, that is being monitored.

"Monitoring email traffic is not the same thing as reading everyone's email," Paller said.

The scope of the cybersecurity problem was underlined in a profile of U.S. Director of National Intelligence (DNI) Mike McConnell published this week in the New Yorker magazine.

The New Yorker article reported that the Defense Department currently is detecting about three million unauthorized probes on its computer networks every day, while the State Department fends off two million probes daily.

These probes often turn into full-scale attacks, the magazine reported, such as the assault last year on the Pentagon that required 1,500 computers to be taken offline. American allies also have been targeted: In May, the German government blamed the Chinese military after it discovered a spyware program had been planted inside government computers in several key ministries. Chinese officials called the accusation "preposterous."

McConnell has made information security a top priority for the myriad intelligence agencies he oversees, including the NSA, CIA and the Pentagon's intelligence arm.

The DNI said that Chinese computer attacks have intensified in recent months, while hacking activity emanating from Russia has remained at Cold War levels. Ed Giorgio, a security consultant who worked at the NSA under McConnell, told the New Yorker that China now has 40,000 hackers collecting intelligence off U.S. information systems and those of U.S. allies.

As intense as the assault on U.S. intelligence networks appears to be, cyberespionage directed by foreign governments against U.S. companies is an even bigger problem, McConnell said. "The real question is what to do about industry. Ninety-five percent of this is a private-sector problem," he told the New Yorker.

The SANS Institute's annual listing of top 10 cyber menaces reported that China and other nations last year had engineered "massive penetration" of U.S. federal agencies and defense contractors, stealing terabytes of data. The institue said that these attacks are expected to intensify this year.

"In 2008, despite intense scrutiny, these nation-state attacks will expand," SANS warned. "More targets and increased sophistication will mean many successes for attackers. Economic espionage will be increasingly common as nation-states use cybertheft of data to gain economic advantage in multinational deals."

SANS said the "attack of choice" by foreign cyberwarriors is a form of targeted spear phishing using attachments and well-researched social engineering methods to make the victim believe that an attachment comes from a trusted source. SANS also said overseas hackers are making use of newly discovered Microsoft Office vulnerabilities and hiding their techniques to circumvent virus checking.

McAfee's Avert Labs, in its McAfee Virtual Criminology Report, has predicted that the rise in international cyber spying will pose the number one security threat in 2008.

[Ryan Ruck]

China isn’t mentioned but, let’s sit and think about it…

Hackers Cut Cities' Power

Cyber-security experts have long warned of the vulnerability of critical infrastructure like power, transportation and water systems to malicious hackers. Friday, those warnings quietly became a reality: Tom Donahue, a CIA official, revealed at the SANS security trade conference in New Orleans that hackers have penetrated power systems in several regions outside the U.S., and "in at least one case, caused a power outage affecting multiple cities."

"We do not know who executed these attacks or why, but all involved intrusions through the Internet," Donahue said in a statement. "We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge."

Other details were murky: Donahue didn't say when or where the cyber attacks had occurred, or how many people had been affected. He also glossed over what element of the systems had been exploited.

In recent months, security researchers have emphasized long-standing security vulnerabilities in the Supervisory Control and Data Acquisition (SCADA) systems that control U.S. critical infrastructure systems ranging from power plants to dams to public transit (See " America's Hackable Backbone").

At the DefCon hacker conference in August, researcher Ganesh Devarajan of the security firm Tipping Point gave a presentation showing techniques that hackers can use to find points in SCADA systems that are vulnerable to hijacking and sabotage. The next month, the Associated Press obtained a U.S. Department of Homeland Security video, known as the "Aurora Generator Test," demonstrating how a cyber-intrusion could be used to physically destroy a large power generator.

In the past two years, hackers have in fact successfully penetrated and extorted multiple utility companies that use SCADA systems, says Alan Paller, director of the SANS Institute, an organization that hosts a crisis center for hacked companies. "Hundreds of millions of dollars have been extorted, and possibly more. It's difficult to know, because they pay to keep it a secret," Paller says. "This kind of extortion is the biggest untold story of the cybercrime industry."

Paller told Forbes.com in June that he expected those incidents to increase, and warned that a botched extortion attempt could lead to accidental damage. "There's been very active and sophisticated chatter in the hacker community, trading exploits on how to break through capabilities on these systems," he said. "That kind of chatter usually precedes bad things happening."

Cyber-extortion and its collateral damage aren't new, says Bruce Schneier, chief technology officer for security firm BT Counterpane. He says that offshore-hosted Web sites, most often offering pornography and gambling, are frequent victims of hacker extortion. Targeting power companies, however, is a new wrinkle, he says.

But Schneier suggests that security researchers shouldn't assume that SCADA was the weak link in the power system attacks revealed Friday. If, as the CIA suggests, the penetration involved "inside knowledge" of the system, it may have been performed by an employee with administrative access. "How much of this is a computer vulnerability, how much is a human vulnerability?" he asks. "I wouldn't jump to any conclusions."

Regardless of the tactics used to hack the foreign power systems, he warns that the U.S. has no special immunity. "There's nothing magical about a system being in the U.S.," he says. "The same vulnerabilities are everywhere."

The SANS Institute's Paller, who says Donahue had carefully considered the decision to reveal the power grid attacks, believes the CIA made its revelation with American security in mind. "My sense is that they wouldn't have disclosed this if they thought the problem had been fixed," he says.

[Ryan Ruck]

Chinese Hackers Target (Australian) Government

CHINESE computer hackers have launched targeted attacks on classified Australian government computer networks.

The cyber attacks has prompted an internal review of IT security, Fairfax newspapers report. The federal government will spend $70 million to improve IT security this year, a figure that could be increased after the recent spate of hackings.

The attacks are thought to be part of an international espionage operation to glean intelligence from the western world.

Australian intelligence figures are believed to be concerned at a growing level of industrial espionage.

The attacks late last year are believed to have been directed at local companies, but it is thought they were unsuccessful.

Chinese authorities are believed to be seeking information on subjects such as military secrets and the prices Australian companies will seek for resources such as coal and iron ore.

"I wouldn't characterise the attempts as necessarily malicious, just routine espionage aimed at getting an advantage," a Canberra-based intelligence source told Fairfax.

"It's important to recognise that this is not a direct threat aimed at destabilising our government, nor is this a wilful effort to hinder or discredit government activity.

"But, do we have secrets that other governments would like to know? Yes. Are they trying? Yes. Espionage over the internet is a major battleground of the future."

A Department of Defence spokesman would not confirm or deny the recent cyber attacks on key government agencies, while a Chinese government spokesman denied cyber espionage had been authorised for any Australian agencies.