Chinese Hackers Hit Commerce Department - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News
News
10/6/2006
02:03 PM
50%
50%

Chinese Hackers Hit Commerce Department

It's the second major attack originating from China that's been acknowledged by the federal government since July.

The federal government's Commerce Department admitted Friday that heavy attacks on its computers by hackers working through Chinese servers have forced the bureau responsible for granting export licenses to lock down Internet access for more than a month.

Hundreds of computers must be replaced to cleanse the agency of malicious code, including rootkits and spyware.

An attack against computers of the Bureau of Industry and Security (BIS) -- the branch of Commerce responsible for overseeing U.S. exports which have both commercial and military applications -- forced BIS to turn off Internet access in early September.

An August e-mail from acting Undersecretary of Commerce Mark Foulon quoted by the Washington Post said that BIS "had identified several successful attempts to attack unattended BIS workstations during the overnight hours." Last month, reported the Post, Foulon wrote: "It has become clear that Internet access in itself is a vulnerability that we cannot mitigate. We have tried incremental steps and they have proven insufficient."

"BIS discovered evidence of a targeted attack to access user accounts," confirmed Richard Mills, a Commerce Department spokesman. "But there is no evidence that any BIS data has been compromised."

This is the second major attack originating in China that's been acknowledged by the federal government since July. Then, the State Department said that Chinese attackers had broken into its systems overseas and in Washington. And last year, Britain's National Infrastructure Security Co-ordination Center (NISCC) claimed that Chinese hackers had attacked more than 300 government agencies and private companies in the U.K.

"This [Commerce attack] is the third or fourth battle that we've lost to China," said Richard Stiennon, principal analyst with security consultancy IT-Harvest. "It's not a digital Pearl Harbor, not yet, but it's getting closer."

Although Stiennon said he doesn't have any inside information on the most recent attack, the evidence points to state-sponsored hacking. "The continuous nature of these attacks means there is a link to a state source," Stiennon said. "The Chinese are waging very effectual intellectual warfare."

An unnamed senior Commerce official also said the department has decided it could not trust the computers -- which were infected with rootkits -- and will replace them rather than try to clean them. In the meantime, BIS workers have been hampered by the inability to easily communicate with other federal and state agencies, or with the companies applying for export licenses.

"They're obviously questioning what's where in those systems," said Stiennon, who added that in some cases, even reformatting the disk drive and reinstalling software can't guarantee that all malicious code has been removed. "We don't know if the attackers have greater technology than we do," he argued. "Replacing systems is pretty draconian, but it really indicates that Commerce is very concerned."

One possible infection technique that could survive a reformat would be to store malicious code in the PC's BIOS flash memory. In January, a security researcher at the Black Hat conference demonstrated how the BIOS could be used by attackers.

In May, Congress criticized State Department plans to use Chinese-made PCs in high-security settings because it feared the machines' BIOS could be pre-infected with spyware.

"These reports read like accounts from a battlefield," said Stiennon. And the Chinese, he argued, are winning. "They've made this department less efficient for at least a month."

The official also confirmed that BIS has limited Internet access to stand-alone workstations that are not connected to the bureau's internal network.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Commentary
Why It's Nice to Know What Can Go Wrong with AI
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  11/11/2019
Slideshows
Top-Paying U.S. Cities for Data Scientists and Data Analysts
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/5/2019
Slideshows
10 Strategic Technology Trends for 2020
Jessica Davis, Senior Editor, Enterprise Apps,  11/1/2019
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll