It's the second major attack originating from China that's been acknowledged by the federal government since July.
The federal government's Commerce Department admitted Friday that heavy attacks on its computers by hackers working through Chinese servers have forced the bureau responsible for granting export licenses to lock down Internet access for more than a month.
Hundreds of computers must be replaced to cleanse the agency of malicious code, including rootkits and spyware.
An attack against computers of the Bureau of Industry and Security (BIS) -- the branch of Commerce responsible for overseeing U.S. exports which have both commercial and military applications -- forced BIS to turn off Internet access in early September.
An August e-mail from acting Undersecretary of Commerce Mark Foulon quoted by the Washington Post said that BIS "had identified several successful attempts to attack unattended BIS workstations during the overnight hours." Last month, reported the Post, Foulon wrote: "It has become clear that Internet access in itself is a vulnerability that we cannot mitigate. We have tried incremental steps and they have proven insufficient."
"BIS discovered evidence of a targeted attack to access user accounts,"
confirmed Richard Mills, a Commerce Department spokesman. "But there is no
evidence that any BIS data has been compromised."
"This [Commerce attack] is the third or fourth battle that we've lost to China," said Richard Stiennon, principal analyst with security consultancy IT-Harvest. "It's not a digital Pearl Harbor, not yet, but it's getting closer."
Although Stiennon said he doesn't have any inside information on the most recent attack, the evidence points to state-sponsored hacking. "The continuous nature of these attacks means there is a link to a state source," Stiennon said. "The Chinese are waging very effectual intellectual warfare."
An unnamed senior Commerce official also said the department has decided it could not trust the computers -- which were infected with rootkits -- and will replace them rather than try to clean them. In the meantime, BIS workers have been hampered by the inability to easily communicate with other federal and state agencies, or with the companies applying for export licenses.
"They're obviously questioning what's where in those systems," said Stiennon, who added that in some cases, even reformatting the disk drive and reinstalling software can't guarantee that all malicious code has been removed. "We don't know if the attackers have greater technology than we do," he argued. "Replacing systems is pretty draconian, but it really indicates that Commerce is very concerned."
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.