Unable to resist a cool code name, TIME has plunged in to the Titan Rain story about Chinese hackers targeting US military networks. TIME gives us more new code names ("Spiderman" - OK, no points for originality there) but also has some details which suggest that this story may be a legitimately big deal.
Here is our original post, and a link to a round-up of commentary by a lot of IT bloggers. The skeptic's gist was this - it may simply be that some Chinese spammers constantly on the lookout for targets of opportunity are being mistaken as hackers targeting military networks. And why would the military make this mistake? Because they don't talk to each other, and consequently, take each attack personally, rather than chalking it up to a mass hack attempt.
The latest TIME story notes that possibility but presses full speed ahead:
Carpenter [Aka "Spiderman"] gave chase to the attackers. He hopped just as stealthily from computer to computer across the globe, chasing the spies as they hijacked a web of far-flung computers. Eventually he followed the trail to its apparent end, in the southern Chinese province of Guangdong. He found that the attacks emanated from just three Chinese routers that acted as the first connection point from a local network to the Internet.
...
In Washington, officials are tight-lipped about Titan Rain, insisting all details of the case are classified. But high-level officials at three agencies told TIME the penetration is considered serious. A federal law-enforcement official familiar with the investigation says the FBI is "aggressively" pursuing the possibility that the Chinese government is behind the attacks. Yet they all caution that they don't yet know whether the spying is official, a private-sector job or the work of many independent, unrelated hands. The law-enforcement source says China has not been cooperating with U.S. investigations of Titan Rain. China's State Council Information Office, speaking for the government, told TIME the charges about cyberspying and Titan Rain are "totally groundless, irresponsible and unworthy of refute."
Despite the official U.S. silence, several government analysts who protect the networks at military, nuclear-lab and defense- contractor facilities tell TIME that Titan Rain is thought to rank among the most pervasive cyberespionage threats that U.S. computer networks have ever faced. TIME has obtained documents showing that since 2003, the hackers, eager to access American know-how, have compromised secure networks ranging from the Redstone Arsenal military base to nasa to the World Bank. In one case, the hackers stole flight-planning software from the Army. So far, the files they have vacuumed up are not classified secrets, but many are sensitive and subject to strict export-control laws, which means they are strategically important enough to require U.S. government licenses for foreign use.
And here is an echo of Able Danger, as well as a partial explanation about sources. We have an aggrieved whistle-blower, a bungled Government program, unimaginative bureaucrats - the usual list:
Federal rules prohibit military-intelligence officers from working with U.S. civilians, however, and by October, the Army passed Carpenter and his late-night operation to the FBI. He says he was a confidential informant for the FBI for the next five months. Reports from his cybersurveillance eventually reached the highest levels of the bureau's counterintelligence division, which says his work was folded into an existing task force on the attacks. But his FBI connection didn't help when his employers at Sandia found out what he was doing. They fired him and stripped him of his Q clearance, the Department of Energy equivalent of top-secret clearance. Carpenter's after-hours sleuthing, they said, was an inappropriate use of confidential information he had gathered at his day job. Under U.S. law, it is illegal for Americans to hack into foreign computers.
Carpenter is speaking out about his case, he says, not just because he feels personally maligned—although he filed suit in New Mexico last week for defamation and wrongful termination. The FBI has acknowledged working with him: evidence collected by TIME shows that FBI agents repeatedly assured him he was providing important information to them. Less clear is whether he was sleuthing with the tacit consent of the government or operating as a rogue hacker. At the same time, the bureau was also investigating his actions before ultimately deciding not to prosecute him. The FBI would not tell TIME exactly what, if anything, it thought Carpenter had done wrong.
This is a useful clue for folks looking for other leads on this story:
The attacks were also stinging allies, including Britain, Canada, Australia and New Zealand, where an unprecedented string of public alerts issued in June 2005, two U.S. network-intrusion analysts tell TIME, also referred to Titan Rain-related activity. "These electronic attacks have been under way for a significant period of time, with a recent increase in sophistication," warned Britain's National Infrastructure Security Co-Ordination Center.
Fair enough - here is some commentary on Britain's National Infrastructure Security Co-Ordination Center ("NISCC"), and the NISCC announcement (a 9 page .pdf file).
Forbes had a story on Chinese hacking end cyberespionage; the Government Computer News had something too.
The Senate is looking into some aspect of the Carpenter situation or Titan Rain, as we see on page 4:
And in a letter obtained by TIME, the FBI's Szady responded to a Senate investigator's inquiry about Carpenter, saying, "The [FBI] is aggressively pursuing the investigative leads provided by Mr. Carpenter."
Finally, after more info on the legal tangle in which Mr. Carpenter is ensnared, we get this semi-happy ending:
Carpenter says he has honored the FBI's request to stop following the attackers. But he can't get Titan Rain out of his mind. Although he was recently hired as a network-security analyst for another federal contractor and his security clearance has been restored, "I'm not sleeping well," he says. "I know the Titan Rain group is out there working, now more than ever."
Well, TIME has Carpenter, the special source, so they are playing this story up and blasting past the caveats. Since TIME mentions Carpenter's lawsuit, the truly diligent might look for coverage of that for more details into this situation.
Is this story the Real Thing, or just a summer fling? We should know in a few weeks.
If somebody offered a six-pack of beer as a prize for breaching or bringing down Chinese government sites, I suspect that within 24 hours there would be no intact Chinese government sites. My point in mentioning this is not to suggest that such a thing be done but two-fold: first, (at least right now) despite China's considerably larger population there's probably a significant hacker gap in our advantage; and, second, the United States isn't the only country with something to lose due to security breaches.
Posted by: Dave Schuler | August 29, 2005 at 10:27 AM
Reading the skeptic's position, at least as likely as chinese spammers is that the attackers are ordinary but *non-chinese* free-enterprisers, using compromized chinese machines to build/assemble networks of other compromised machines.
Sure, the chinese government could be at work; the principle of least malice is only tenuously applicable to the chinese government.
Posted by: Bill Arnold | August 29, 2005 at 04:21 PM
So who is potentially most malicious, Chinese or American hackers?
It was envisioned years ago that computer warriors may fight the battles of the future. Well here we are. Be sure to check your seats to make sure you haven't left anything behind.
=============================================
Posted by: kim | August 29, 2005 at 05:03 PM
We have experienced direct action in these attacks and blocked them after extensive investigation. Unfortunately I can report that based on analysis of the attacks, these are not private organizations or mafia. IPs belonging to the Chinese Public Relations Ministry, as well as 3 ISPs on the same street in physical proximity (near enough to walk between) are the source, with slave machines in South Korea, Italy, and France (Speedera Networks). The attacks are human-directed, focusing agent time against targets that resist traditional automated attack methods or respond aggressively to questionable traffic. We have detected active attempts to provide traffic interception against SBC Networks users and predict this operation will yield significant data to the consumer nation on unencrypted Internet traffic. All our users are strongly urged to engage in the most aggressive encryption solutions both inside and on WAN access, as well as blocking target nations IP ranges for inbound and outbound traffic with full logging. Use of security devices and traps are strongly recommended but we do not anticipate police cooperation in international search and seizure of the responsible machines and parties.
Posted by: H.M. Stryx | November 08, 2005 at 11:18 AM
Buy Entropia Universe Gold is a good way.
Posted by: Buy Entropia Universe Gold | January 07, 2009 at 03:46 AM
When you have LOTRO Gold, you can get more!
Posted by: LOTRO Gold | January 14, 2009 at 03:33 AM