Chinese Hackers Hit Commerce Department - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

02:03 PM

Chinese Hackers Hit Commerce Department

It's the second major attack originating from China that's been acknowledged by the federal government since July.

The federal government's Commerce Department admitted Friday that heavy attacks on its computers by hackers working through Chinese servers have forced the bureau responsible for granting export licenses to lock down Internet access for more than a month.

Hundreds of computers must be replaced to cleanse the agency of malicious code, including rootkits and spyware.

An attack against computers of the Bureau of Industry and Security (BIS) -- the branch of Commerce responsible for overseeing U.S. exports which have both commercial and military applications -- forced BIS to turn off Internet access in early September.

An August e-mail from acting Undersecretary of Commerce Mark Foulon quoted by the Washington Post said that BIS "had identified several successful attempts to attack unattended BIS workstations during the overnight hours." Last month, reported the Post, Foulon wrote: "It has become clear that Internet access in itself is a vulnerability that we cannot mitigate. We have tried incremental steps and they have proven insufficient."

"BIS discovered evidence of a targeted attack to access user accounts," confirmed Richard Mills, a Commerce Department spokesman. "But there is no evidence that any BIS data has been compromised."

This is the second major attack originating in China that's been acknowledged by the federal government since July. Then, the State Department said that Chinese attackers had broken into its systems overseas and in Washington. And last year, Britain's National Infrastructure Security Co-ordination Center (NISCC) claimed that Chinese hackers had attacked more than 300 government agencies and private companies in the U.K.

"This [Commerce attack] is the third or fourth battle that we've lost to China," said Richard Stiennon, principal analyst with security consultancy IT-Harvest. "It's not a digital Pearl Harbor, not yet, but it's getting closer."

Although Stiennon said he doesn't have any inside information on the most recent attack, the evidence points to state-sponsored hacking. "The continuous nature of these attacks means there is a link to a state source," Stiennon said. "The Chinese are waging very effectual intellectual warfare."

An unnamed senior Commerce official also said the department has decided it could not trust the computers -- which were infected with rootkits -- and will replace them rather than try to clean them. In the meantime, BIS workers have been hampered by the inability to easily communicate with other federal and state agencies, or with the companies applying for export licenses.

"They're obviously questioning what's where in those systems," said Stiennon, who added that in some cases, even reformatting the disk drive and reinstalling software can't guarantee that all malicious code has been removed. "We don't know if the attackers have greater technology than we do," he argued. "Replacing systems is pretty draconian, but it really indicates that Commerce is very concerned."

One possible infection technique that could survive a reformat would be to store malicious code in the PC's BIOS flash memory. In January, a security researcher at the Black Hat conference demonstrated how the BIOS could be used by attackers.

In May, Congress criticized State Department plans to use Chinese-made PCs in high-security settings because it feared the machines' BIOS could be pre-infected with spyware.

"These reports read like accounts from a battlefield," said Stiennon. And the Chinese, he argued, are winning. "They've made this department less efficient for at least a month."

The official also confirmed that BIS has limited Internet access to stand-alone workstations that are not connected to the bureau's internal network.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
Is Cloud Migration a Path to Carbon Footprint Reduction?
Joao-Pierre S. Ruth, Senior Writer,  10/5/2020
IT Spending, Priorities, Projects: What's Ahead in 2021
Jessica Davis, Senior Editor, Enterprise Apps,  10/2/2020
Register for InformationWeek Newsletters
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll