Chinese Hackers Tell it How it is
It looks like China has been spending a great deal of time, effort, and energy trying to figure out the security vulnerabilities of the computer systems of the United States government, particularly those at the Department of Defense.
ZHOUSHAN, China (CNN) — They operate from a bare apartment on a Chinese island. They are intelligent 20-somethings who seem harmless. But they are hard-core hackers who claim to have gained access to the world’s most sensitive sites, including the Pentagon.
In fact, they say they are sometimes paid secretly by the Chinese government — a claim the Beijing government denies.
“No Web site is one hundred percent safe. There are Web sites with high-level security, but there is always a weakness,” says Xiao Chen, the leader of this group.
This of course, is something that isn’t that shocking to anyone who has followed computer security, and the politics behind. Should we be surprised that the Chinese government would deny the fact that they pay hackers to test for vulnerabilities? Absolutely not. I wouldn’t be shocked if the United States has similar programs, with similar objectives.
What is concerning though, is the level of computers that many of these hackers have been able to get to. While it is a big deal when a foreign hacker gets into the computer of the FDA, etc, it’s a catastrophe when word is leaked that foreign computers have been able to penetrate some of the security layers at the DoD.
The apartment has cement floors and almost no furniture. What they do have are three of the latest computers. They are cautious when it comes to naming the Web sites they have hacked.
But eventually Xiao Chen claims two of his colleagues — not the ones with him in the room — have hacked into the Pentagon and downloaded information, although he wouldn’t specify what was gleaned. CNN has no way to confirm if his claim is true.
I think that CNN actually confirmed their claim a few days ago in this article, reporting:
Pentagon officials said a chunk of China’s spending went to cyberwarfare, because 2007 saw several “intrusions” believed to be from the Peoples Liberation Army. In the incidents, unclassified U.S. military computer systems were broken into and information was taken, according to Pentagon officials.
While these intrusions are probably entrances on some of the Pentagon’s lower-security ports, the fact that they have been able to get to even those layers is extremely impressive and should raise may red flags (though, since we’re talking about China, maybe a blue flag?) Remember, computers are connected through a series of networks, so if you can get to one of the less secure systems, I would imagine its not impossible to penetrate deeper into the system.
With word of these threats, one cant help but wonder what steps the Department of Defense is taking to ensure that these hackers cant penetrate these systems even further.
From a spending perspective, it looks like the White House has caught on to the need for more secure computer systems in government, as illustrated in the FY 2009 budget request from the White House:
New details on federal IT spending plans, made available by the Office of Management and Budget today, show that $103 out of every $1,000 requested for IT spending next fiscal year — or about $7.3 billion in total — will be devoted to improving IT security. That is 9.8 percent more than what was slated for fiscal 2008, and 73 percent more than the $4.2 billion budgeted for cybersecurity in fiscal 2004.
Is $7.3 billion enough for securing the United States’ most sensitive files? I doubt it.
Unfortunately, the advantage that hackers have is that they are part of an international network, which is comprised of what are, undoubtedly, some of the greatest technology minds around.
This means that in most situations, for every one step the US government takes, odds are there is a hacker following right behind, finding vulnerabilities.
It’s a complicated problem, and unfortuntately I don’t see there ever being a 100% secure solution for the DoD, taking into account the size of the organization.