CQ POLITICS NEWS – HOMELAND SECURITY
March 20, 2009 – 1:53 p.m.
Hackers Based in China Break Into Florida Senator’s Office Computers
By Josh Rogin, CQ Staff
China-based hackers breached the office computers of Democratic Sen. Bill Nelson of Florida, the senator’s office confirmed March 20.
In three separate attacks, two in March and one in February, cyberhackers targeted the work stations of Nelson’s foreign policy aide, his deputy legislative director, and “a former Nelson NASA adviser,” Nelson’s office said in a statement.
The hackers did not steal any classified information, which is not stored on office computers, the statement said.
A Nelson aide said the attacks were traced to China through Internet Protocol (IP) information, which could have been masked. The Office of Senate Security and the Senate Sergeant at Arms Information Technology Security Branch responded to the attacks, the aide said, by wiping clean malicious code from the affected systems.
Nelson first disclosed the attacks March 19 at an Armed Services Committee hearing that featured testimony by senior military officials with domain over cyberwarfare.
“I have had my office computers invaded three times in the last month, and one of them we think is very serious,” Nelson said at the hearing.
At another hearing the same day, this time held by the Commerce, Science and Transportation Committee, Nelson said his computer seemed to be “talking to a computer in some international arena.”
China has been blamed by lawmakers for several cyber-attacks in recent years, including intrusions into the offices of Rep. Frank R. Wolf , R-Va., in 2006.
Nelson’s office also referenced a major cyber-intrusion in August that infected the communications networks being used by the presidential campaigns of then-Sen. Barack Obama , D-Ill. (2005-08), and Sen. John McCain , R-Ariz. A senior campaign official said there was significant evidence that Chinese hackers were responsible for the intrusions.
Hackers working from China have been suspects in several high-profile cyber intrusions, including a November 2006 attack that shut down computer systems at the Naval War College in Rhode Island for several weeks.
That same year, Chinese hackers infected the systems at the Commerce Department’s Bureau of Industry and Security, which controls technology export rules, forcing the computers to be replaced altogether.
Origins Tough to Trace
Experts say it is extremely difficult to determine whether such attacks originate from government entities or independent agents. But some officials have admitted that they suspect the Chinese government is behind the attacks, due to the level of sophistication and the nature of the information targeted.
The U.S. cyberdefense community is a mix of agencies working on different parts of the problem, with most resources housed at the Defense Department.
But under questioning from Ben Nelson , D-Neb., at last week’s Armed Services hearing, the head of U.S. Strategic Command said it was the responsibility of the Homeland Security Department to protect and respond to attacks on non-military government networks, such as congressional offices.
Gen. Kevin P. Chilton declined to say whether he was confident that the department has achieved “some level of excellence” in its ability to protect those government sites.
“Senator, this mission set was just given to the Department of Homeland Security last year, and then funding is just beginning to flow into this area, and so they are still standing up,” Chilton said.
Chilton also said it is open for debate whether different cyber-attacks should be regarded as an act of war, but added that “if some activity in cyberspace caused the death or destruction of American citizens or American resources,” it would be considered as such.
Daniel Fowler contributed to this story.
Comments
You wrote: "A Nelson aide said the attacks were traced to China through Internet Protocol (IP) information, which could have been masked." If it could have been masked, how did you come to the conclusion that it was Chinese hackers? Anyone half familiar with internet security will tell you that most attacks traced back to Chinese IPs is quite possible just a comprimised Chinese computer. You're familiar with all the pirated Windows copies in China right? Well, that's why there are so many comprimised PCs in China, because they don't get regular security updates. Please do your research before running sensational headlines.
Yes, but anyone familiar with China and China's Golden Shield knows that China is able to control most aspects of the internet with the exception of when someone utilizes servers in China for cyber intrusions into other nations. At best China tacitly approves of outward bound cyber intrustions and at worst cyber intrusions are directed by China's government. Otherwise, these intrusions like the other parts of the internet in China would be controlled.
POST A COMMENT
Oops! The following errors must be addressed: