China’s Cyber-Militia

Computer hackers in China, including those working on behalf of the Chinese government and military, have penetrated deeply into the information systems of U.S. companies and government agencies, stolen proprietary information from American executives in advance of their business meetings in China, and, in a few cases, gained access to electric power plants in the United States, possibly triggering two recent and widespread blackouts in Florida and the Northeast, according to U.S. government officials and computer-security experts.

One prominent expert told National Journal he believes that China’s People’s Liberation Army played a role in the power outages. Tim Bennett, the former president of the Cyber Security Industry Alliance, a leading trade group, said that U.S. intelligence officials have told him that the PLA in 2003 gained access to a network that controlled electric power systems serving the northeastern United States. The intelligence officials said that forensic analysis had confirmed the source, Bennett said. “They said that, with confidence, it had been traced back to the PLA.” These officials believe that the intrusion may have precipitated the largest blackout in North American history, which occurred in August of that year. A 9,300-square-mile area, touching Michigan, Ohio, New York, and parts of Canada, lost power; an estimated 50 million people were affected.

Officially, the blackout was attributed to a variety of factors, none of which involved foreign intervention. Investigators blamed “overgrown trees” that came into contact with strained high-voltage lines near facilities in Ohio owned by FirstEnergy Corp. More than 100 power plants were shut down during the cascading failure. A computer virus, then in wide circulation, disrupted the communications lines that utility companies use to manage the power grid, and this exacerbated the problem. The blackout prompted President Bush to address the nation the day it happened. Power was mostly restored within 24 hours.

There has never been an official U.S. government assertion of Chinese involvement in the outage, but intelligence and other government officials contacted for this story did not explicitly rule out a Chinese role. One security analyst in the private sector with close ties to the intelligence community said that some senior intelligence officials believe that China played a role in the 2003 blackout that is still not fully understood.

Bennett, whose former trade association includes some of the nation’s largest computer-security companies and who has testified before Congress on the vulnerability of information networks, also said that a blackout in February, which affected 3 million customers in South Florida, was precipitated by a cyber-hacker. That outage cut off electricity along Florida’s east coast, from Daytona Beach to Monroe County, and affected eight power-generating stations. Bennett said that the chief executive officer of a security firm that belonged to Bennett’s trade group told him that federal officials had hired the CEO’s company to investigate the blackout for evidence of a network intrusion, and to “reverse engineer” the incident to see if China had played a role.

Bennett, who now works as a private consultant, said he decided to speak publicly about these incidents to point out that security for the nation’s critical electronic infrastructures remains intolerably weak and to emphasize that government and company officials haven’t sufficiently acknowledged these vulnerabilities.

Continue reading about the Florida black-out, Cyber-Espionage, the Growing Threat, Private Sector Foot-Dragging, Military Response, Presidential Attention and more at http://www.nationaljournal.com/njmagazine/cs_20080531_6948.php

I'm a web developer/host and build a lot of database-driven sites. We have recently seen massive levels of very spohisticated attacks from a form of "hackbot" that looks for vulnerable web sites, uses SQL Injection to over-write text fields (think product name and description in stores) with a snippet of JavaScript, and generally wrecks the database. The visitor who then arrives at such a page with these pages with the JavaScript embedded in them is then redirected to compormised servers where further scripts are executed - potentially downloading viruses to their computer.

http://www.pcworld.com/businesscenter/article/146048/mass_sql_injection_attack_targets_chinese_web_sites.html
http://blogs.zdnet.com/security/?p=1122

It's so intense, and so sophisticated (2 URL executions killed an entire store that I know of) that I have debated with colleagues as to the possibility of state sponsorship. Almost all of this recent stuff, and the majority of hack attempts I am seeing (and have seen for years) comes from IPs assigned to servers in China and the Far East. Some comes from Turkey, some from Ukraine, but clearly more from China than anywhere else.

This article makes me wonder even more if there is official sanction and support for these destructive efforts.

To the extent this is not just drumming up business, and it is true that network hacking is not imaginary, it represents incompetence. One ought not expose important national or corporate assets to the internet, and machines that do serve the internet ought not have direct access to important national or corporate assets. Money and jewels are kept in vaults, not left out on the streets for passers-by to examine.

Whenever there is a potential for a major utility to be sabotaged, we should have more state protections, even if it is a private company.

It also wouldnt' hurt to reconsider some of our friendliness with China, especially with regard to trade and social relations.

As a generality, we've always had good people, but management has really become abysmal in the last few decades. Most of them don't even really understand what it means to manage a productive business. They rely on trite sloganeering and simple-minded pecuniary metrics, and if they think they have followed the formulas, then they think they have managed the business.