[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] Computer System Under Attack: Commerce Department Targeted; Hackers Traced to China
Computer System Under Attack
Commerce Department Targeted; Hackers Traced to China
By Alan Sipress
Washington Post Staff Writer
Friday, October 6, 2006; A21
Hackers operating through Chinese Internet servers have launched a
debilitating attack on the computer system of a sensitive Commerce
Department bureau, forcing it to replace hundreds of workstations and
block employees from regular use of the Internet for more than a month,
Commerce officials said yesterday.
The attack targeted the computers of the Bureau of Industry and Security,
which is responsible for controlling U.S. exports of commodities, software
and technology having both commercial and military uses. The bureau has
stepped up its activity in regulating trade with China in recent years as
the United States increased its exports of such dual-use items to the
growing Chinese market.
This marked the second time in recent months that U.S. officials confirmed
that a major attack traced to China had succeeded in penetrating
"Through established security procedures, BIS discovered a targeted effort
to gain access to BIS user accounts," said Commerce Department spokesman
Richard Mills. "We have no evidence that BIS data has been lost or
The significance of the attacks was underscored in a series of e-mails
sent to BIS employees by acting Undersecretary of Commerce Mark Foulon
since July, informing them of "a number of serious threats to the
integrity of our systems and data." In an August e-mail, Foulon reported
that the bureau had "identified several successful attempts to attack
unattended BIS workstations during the overnight hours." Then, early last
month, he wrote: "It has become clear that Internet access in itself is a
vulnerability that we cannot mitigate. We have tried incremental steps and
they have proven insufficient."
A source familiar with the security breach said the hackers had penetrated
the computers with a "rootkit" program, a stealthy form of software that
allows attackers to mask their presence and then gain privileged access to
the computer system. The attacks were traced to Web sites registered on
Chinese Internet service providers, Commerce officials said. "We
determined they were owned by the Chinese," a senior Commerce official
said. He did not say who in China was responsible or whether officials had
even been able to identify the culprits. Although bureau employees were
informed of the problem in July, commerce officials declined to say when
the attacks were discovered and how long they had been going on. Only over
time did bureau officials realize the extent of the damage from the breach.
"The more we learned, the more we did," the senior official said.
Since Sept. 1, the bureau has blocked employees from accessing the
Internet from their own computers. Instead, several separate computers
unconnected to the BIS computer network have been set up so employees can
try to continue carrying out their duties.
Commerce officials have also decided they cannot salvage the workstations
that employees had been using and instead will build an entirely new
system for the bureau in the coming months with "clean hardware and clean
software," the senior official said. Foulon told employees in late August
that they hoped to replace all the bureau's workstations within three months.
The official acknowledged that some of the emergency measures have made it
more difficult for the bureau to communicate with other government
agencies and the public, including companies that turn to BIS for export
In July, the State Department confirmed that hackers in China had broken
into its computers in Washington and overseas. Last year, U.S. officials
reported that the Defense Department and other U.S. agencies were under
relentless attack from unidentified computers in China.
China has long been a focus of high-level attention at BIS and was the
destination for the largest number of licenses approved by the bureau in
2004, according to the bureau's most recent annual report. In weighing
applications for licenses, bureau officials seek to protect U.S. national
security interests without hamstringing legitimate commercial trade.
Commerce officials recently reported that they had taken significant steps
to enhance computer security at the department, both by deploying new
software and improving the management of the system.
These steps came after the General Accounting Office (since renamed the
Government Accountability Office) issued a scathing report five years ago,
which concluded that "significant and pervasive computer security
weaknesses place Department of Commerce systems at risk." The report found
that outsiders could gain unauthorized access to the computer system and
access confidential data. "Intruders could disrupt the operations of
systems that are critical to the mission of the department," the report found.
To unsubscribe, e-mail: infowar -
- infopeace -
For additional commands, e-mail: infowar -
- infopeace -