November 23, 2005 11:48 AM PST

Security experts lift lid on Chinese hack attacks

Security experts have revealed details about a group of Chinese hackers who are suspected of launching intelligence-gathering attacks against the U.S. government.

The hackers, believed to be based in the Chinese province of Guangdong, are thought to have stolen U.S. military secrets, including aviation specifications and flight-planning software.

The U.S. government has coined the term "Titan Rain" to describe the hackers.

"From the Redstone Arsenal, home to the Army Aviation and Missile Command, the attackers grabbed specs for the aviation mission-planning system for Army helicopters, as well as Falconview 3.2, the flight-planning software used by the Army and Air Force," Alan Paller, the director of the SANS Institute, said on Tuesday.

The team is thought to consist of 20 hackers. Paller said that the Chinese government is the most likely recipient of the information they intercepted.

"Of course, it's the government. Governments will pay anything for control of other governments' computers. All governments will pay anything. It's so much better than tapping a phone," Paller said at an event at the British Department of Trade and Industry.

Titan Rain first came to public attention this summer, when the Washington Post reported that Web sites in China were being used to target computer networks in the Defense Department and other U.S. agencies.

Time magazine later reported that Titan Rain had been counter-hacked by a U.S. security expert called Shawn Carpenter.

The ongoing attacks were particularly effective on the night of Nov. 1, 2004, said Paller, who outlined his version of how the hackers first scanned, then broke into, U.S. government computers:

• At 10:23 p.m. PST, the Titan Rain hackers exploited vulnerabilities at the U.S. Army Information Systems Engineering Command at Fort Huachuca, Ariz.

• At 1:19 a.m., they exploited the same hole in computers at the Defense Information Systems Agency in Arlington, Va.

• At 3:25 a.m., they hit the Naval Ocean Systems Center, a Defense Department installation in San Diego, Calif.

• At 4:46 a.m., they struck the U.S. Army Space and Strategic Defense installation in Huntsville, Ala.

The United Kingdom is also under intelligence-gathering cyberattack from the Far East, according to National Infrastructure Security Co-ordination Centre. The government body cannot name the countries concerned as this may "ruin diplomatic efforts to halt the attacks," NISCC director Roger Cummings said Tuesday.

Tom Espiner of ZDNet UK reported from London.

9 comments

Join the conversation!
Add your comment
why
is the US waiting...

take down the chinese network... let them know whos boss...

or will the US just wait until china has stolen enough to invade?
Posted by volterwd (466 comments )
Reply Link Flag
Why don't we feed them false information
Why should we counter-hack? Why don't we just feed them with false information? It's such a no-brainer! What could be better than feeding them with information that looks real but are faked. Ok, if that is too difficult to do right, why don't we feed them information that are outright impossible, which will turn the hacker group into a lunch break jokes? Or, are we doing that already -- all those reports are just fogs to cover that up?
Posted by Pixelslave (101 comments )
Reply Link Flag
But We Get Panda Bears
Lets see. China has ICBMs targeted at the United States. China maneuvers to get nationals jobs at U.S. nuclear weapons labs, like Wen Ho Ho Ho. China puts former U.S. officials on the payroll as lobbyists. China conducts joint wargames with Russia. What does the United States get in return? While all the free Panda Bears we will ever need for the next 100 years. I hear China is giving the Washington Zoo a new set of Panda Bears named Sucker-Sucker and Dummy-Dummy.
Posted by Stating (869 comments )
Reply Link Flag
You are so Right
Keith J. Everything you said is right, although I'm sure We (U.S.) are doing the same thing to the Chinese. But I hope this country don't underestimate the Chinese, because that can be a "FATAL" Mistake.
Posted by (32 comments )
Link Flag
So am I
I get 200 - 300 password attempts on my IP address a day, mostly from eastern addresses, but not all. Several come from academic institutions. I guess their short on resouces and want to use mine (I'm concidering it just to see what they would do). The most irritating thing is logging these things. I happen to know of all ligitimate access to my systems so identifing and blocking is easy. The US government probably can't really be sure if information was leaked and what information it was (note were just now learning about this). They (the chinese) probably get frustrated and DOS them too.

Feeding them false information -- I would scrutinize anything coming from the US government and anyone who wouldn't.
Posted by (10 comments )
Reply Link Flag
Not me!
I get zero attempts! Try running a ssh tunnel requiring private/
public keys. Keep in mind that my machine's IP is public and my
logs are empty. Without the public/private key I would be getting a
ton of login attempts.

Free iPod conga line email ( ronald . bannon @ gmail . com ) for
more information.
Posted by rbannon (96 comments )
Link Flag
Its not coming
from the universities... hackers like to route through universities because of weak defences and alot of resources
Posted by volterwd (466 comments )
Link Flag
So What!
This is just more fascist propaganda designed to support the military industrial complex. Why would the Chinese wish to harm us, we are their best customer? If they really wanted to hurt us they could just stop selling us their low priced products and our economy would collapse overnight!

Military combat is nothing more then a outdated method of supporting the war contractors. The real battlefield is the economic one and in that arena America was sold out long ago.

The truth is that the Chinese (and some other Asian nations) own us. They bought up all the paper that financed our military welfare state as far back as the 70's. The real irony is that the saber rattling helmet heads are the ones that did more to harm our national security then any anti-war protester could have ever done!


"Freedom cannot survive in a society that views war as a hyper-patriotic means of asserting its moral superiority."

Unknown  circa 1938
Posted by Mister C (423 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.