Saturday, May 31, 2008

China Is Our Friend, Part 60,186: Utilities, Slurping, and National Defense

If you rely on electricity, you'll be interested in this story.

If you're Governor Jim Doyle's security guy, you'll be interested in this story.

And if you are fool enough to think that PRChina is "our friend," maybe this story won't matter to you...

Computer hackers in China, including those working on behalf of the Chinese government and military, have penetrated deeply into the information systems of U.S. companies and government agencies, stolen proprietary information from American executives in advance of their business meetings in China, and, in a few cases, gained access to electric power plants in the United States, possibly triggering two recent and widespread blackouts in Florida and the Northeast, according to U.S. government officials and computer-security experts.

One prominent expert told National Journal he believes that China’s People’s Liberation Army played a role in the power outages

You will remember this outage:

...the intrusion may have precipitated the largest blackout in North American history, which occurred in August of that year. A 9,300-square-mile area, touching Michigan, Ohio, New York, and parts of Canada, lost power; an estimated 50 million people were affected.

Officially, the blackout was attributed to a variety of factors, none of which involved foreign intervention. Investigators blamed “overgrown trees” that came into contact with strained high-voltage lines near facilities in Ohio owned by FirstEnergy Corp. More than 100 power plants were shut down during the cascading failure. A computer virus, then in wide circulation, disrupted the communications lines that utility companies use to manage the power grid, and this exacerbated the problem...

Just a coincidence, that virus, of course...

PRC tried it again, and succeeded:

...a blackout in February, which affected 3 million customers in South Florida, was precipitated by a cyber-hacker. That outage cut off electricity along Florida’s east coast, from Daytona Beach to Monroe County, and affected eight power-generating stations

...a Chinese PLA hacker attempting to map Florida Power & Light’s computer infrastructure apparently made a mistake. “The hacker was probably supposed to be mapping the system for his bosses and just got carried away and had a ‘what happens if I pull on this’ moment.” The hacker triggered a cascade effect, shutting down large portions of the Florida power grid, the security expert said. “I suspect, as the system went down, the PLA hacker said something like, ‘Oops, my bad,’ in Chinese.”

But it's hardly restricted to just shutting down infrastructure.

...officials are worried about the Chinese using long-established computer-hacking techniques to steal sensitive information from government agencies and U.S. corporations.

Brenner, the U.S. counterintelligence chief, said he knows of “a large American company” whose strategic information was obtained by its Chinese counterparts in advance of a business negotiation. As Brenner recounted the story, “The delegation gets to China and realizes, ‘These guys on the other side of the table know every bottom line on every significant negotiating point.’ They had to have got this by hacking into [the company’s] systems.”

That would not be surprising, knowing the Chinese' inclination to cheat. (See, e.g., the various "fake" brand-label items. Ask Briggs & Stratton, or Chrysler Corp. about that...)

Now we get to Jim Doyle.

During a trip to Beijing in December 2007, spyware programs designed to clandestinely remove information from personal computers and other electronic equipment were discovered on devices used by Commerce Secretary Carlos Gutierrez and possibly other members of a U.S. trade delegation, according to a computer-security expert with firsthand knowledge of the spyware used. Gutierrez was in China with the Joint Commission on Commerce and Trade, a high-level delegation that includes the U.S. trade representative and that meets with Chinese officials to discuss such matters as intellectual-property rights, market access, and consumer product safety. According to the computer-security expert, the spyware programs were designed to open communications channels to an outside system, and to download the contents of the infected devices at regular intervals. The source said that the computer codes were identical to those found in the laptop computers and other devices of several senior executives of U.S. corporations who also had their electronics “slurped” while on business in China

Heh. Jim Doyle, world-traveler, was just over in PRC on a trade mission. By now the PRC knows the personal peccadillos of all the Republicans in the Legislature. And they're probably laughing up their sleeves about the State of Wisconsin's budget "remedy."

And who traveled with Doyle? Have they had their laptops scoured since?

“China is indeed a counterintelligence threat, and specifically a cyber-counterintelligence threat,” said Brenner, who served for four years as inspector general of the National Security Agency, the intelligence organization that electronically steals other countries’ secrets. Brenner said that the American company’s experience “is an example of how hard the Chinese will work at this, and how much more seriously the American corporate sector has to take the information-security issue.” He called economic espionage a national security risk and said that it makes little difference to a foreign power whether it steals sensitive information from a government-operated computer or from one owned by a contractor. “If you travel abroad and are the director of research or the chief executive of a large company, you’re a target,” he said

And now we get to the "We may be lying about this...." part, wherein hacked USGovernment agencies deny that there was "any damage."

That is, 'There's no damage we're going to TELL YOU about, stupid!!"

In 2007, an unidentified hacker broke into the e-mail system for Defense Secretary Robert Gates’s office, and the Pentagon shut down about 1,500 computers in response. But officials said that the intrusion caused no harm. In 2006, a State Department employee opened an e-mail containing a Trojan horse, a program designed to install itself on a host machine to give a hacker covert access. As a result, officials cut off Internet access to the department’s East Asia and Pacific region, but the department suffered no long-term problems

"Nothing to see here. Move along."

This IS serious.

So why are so many officials increasingly sounding the alarm about network attacks, Chinese hacking and espionage, and the advent of cyberwar?

Part of the answer lies in officials’ most recent appraisals of the cyber-threat. They cite evidence that attacks are increasing in volume and appear engineered more to cause real harm than sporadic inconvenience. Without naming China, Robert Jamison, the top cyber-security official at DHS, told reporters at a March briefing, “We’re concerned that the intrusions are more frequent, and they’re more targeted, and they’re more sophisticated.”

What about a three-to-five day power blackout in SE Wisconsin? Think you and/or your business could take that without missing a beat?

Because most of the infrastructure in the United States is privately owned, the government finds it exceptionally difficult to compel utility operators to better monitor their systems. The FBI and DHS have established formal groups where business operators can disclose their known vulnerabilities privately. (Companies fear that public exposure will decrease shareholder confidence or incite more hackings.) But membership in these organizations isn’t compulsory. Furthermore, many of the systems that utility operators use were designed by others. Intelligence officials now worry that software developed overseas poses another layer of risk because malicious codes or backdoors can be embedded in the software at its creation. U.S. officials have singled out software manufacturers in emerging markets such as, not surprisingly, China.

But hey! That software was CHEAPER!! We got our SCADA system's security at the best possible price--what could possibly go wrong??

Were it just a matter of keeping your beer cold, or your Legislator's drinking habits private!

“Numerous computer networks around the world, including those owned by the U.S. government, were subject to intrusions that appear to have originated within” the People’s Republic of China. Although not claiming that the attacks were conducted by the Chinese government, or officially endorsed, the declaration built upon the previous year’s warning that the People’s Liberation Army is “building capabilities for information warfare” for possible use in “pre-emptive attacks.”

Defense and intelligence officials have been surprised by China’s cyber-advances, according to the U.S-China Economic and Security Review Commission. In November, the commission reported that “Chinese military strategists have embraced … cyberattacks” as a weapon in their military arsenal.

“We are currently in a cyberwar, and war is going on today,” Andrew Palowitch, who’s now a consultant to U.S. Strategic Command, told an audience at Georgetown University in November. STRATCOM, headquartered at Offutt Air Force Base in Nebraska, oversees the Defense Department’s Joint Task Force-Global Network Operations, which defends military systems against cyber-attack. Palowitch cited statistics, provided by Cartwright, that 37,000 reported breaches of government and private systems occured in fiscal 2007. The Defense Department experienced almost 80,000 computer attacks, he said. Some of these assaults “reduced” the military’s “operational capabilities,” Palowitch noted.

For all his other problems, at least The President is paying attention to this.

...the White House [has crafted] an executive order laying out a broad and ambitious plan to shore up government-network defenses. Known internally as “the cyber-initiative,” it was formally issued in January. The details remain classified, but it has been reported that the order authorizes the National Security Agency to monitor federal computer networks. It also requires that the government dramatically scale back the number of points at which federal networks connect to the public Internet. The Office of Management and Budget has directed agencies to limit the total number of Internet “points of presence” to 50 by June.

Some doubt that it is only PRC who is playing with our national defense systems--and it's probably not ONLY the PRC. On the other hand,

China’s military history has been defined by asymmetric warfare, said Harry Harding, an expert on Chinese domestic politics and U.S.-China relations, who teaches at George Washington University’s Elliott School of International Affairs. Cyber-warfare is just one of the more recent tactics. If the U.S. government tries to protect its systems, the Chinese will simply attack the private sector; he cited the financial services industry as an obvious target. “I have no doubt that China is doing this,” Harding said.

The good news: computer hackers cannot disable a good old-fashioned Mauser 98 action.

Buy more ammo.


steveegg said...

The bad news - S(l)ick Willie gave the ChiComs the technology required to get a thermonuclear warhead to the bunker to melt that Mauser 98, and the DhimmiRATs want to scrap every means of intercepting said incoming missile.

Dad29 said...

Yah, I remember that, too.

Slick Willie, Motorola, (Boeing???) and the East coast electronix firm whose Chairman was indicted and convicted for it.

Bill pardoned him, of course.