More information on Titan Rain (“Hack attacks”)



Earlier this year there was an article or two about a rumored “hack attack” that was ongoing against US Government (and contractor) computer systems. The stories claimed that the attacks seemed to be coming from China. Today I’m seeing a couple of articles on the topic. First up is an AFP story on the problem it sounds as though little attention has been paid to hardening systems. There is speculation that the Chinese military is involved in the breakins. One incident was very neatly and methodically done, planting a backdoor in 30 minutes.


It’s possible that military flight planning software was copied. What seems to be the worst is that any incidents that happen are being kept secret. (I don’t have a problem with it being secret from the general public, but you would think the organization would see the problems and take BIG steps internally to deal with them.) The only improvements in security seem to be in the Air Force information systems.

As to the origin of Titan Rain….

The attacks have been traced to the Chinese province of Guangdong, and the techniques used make it appear unlikely to come from any other source than the military, said Alan Paller, the director of the SANS Institute, an education and research organization focusing on cybersecurity.

Meanwhile… CIO today has an article on a lack of IT security training in the US making the US more vulnerable.

The SANS Institute warned that U.S. government, military contractor, and bank computer systems are facing a barrage of attacks from overseas hackers, and that network-security management lacks the training to mount an adequate defense.

“American government and corporate computer systems are being riddled with online attacks,” said Allan Paller, director of research at Bethesda, Maryland-based SANS. “But there is a culture of secrecy, and government departments, defense contractors, and banks are not talking about the attacks.”

Further… he gives a scary real story…

“In one government department, I saw a member of staff downloading an upgrade to Internet Explorer on his PC,” said Johannes Ullrich, chief technology officer at the SANS Institute’s Internet Storm Center. “I was monitoring his network connection using intrusion-detection software. I noticed that his computer had been redirected to a Web site in Eastern Europe and was downloading code from that site.”

I’m not terribly surprised really. I’ve worked on computers in a good number of small to medium sized organizations and most of them have received no training whatsoever. I’ve often wondered if larger organizations with an actual IT staff are able to have any training. (DO this, DON’T EVER do that… ) Sadly, I suspect that the answer is NO. In many cases there’s a desire to offer “new services” (I’ll bring in a wireless access point and we can give everyone wireless internet access) that security is never really on the list of considerations. I remember one place in particular seemed somewhat put out that I insisted on an encryption key and MAC address filtering for their Wireless LAN.

Of course the real threats of such “weak network security” is not usually in the realm of people getting hurt (unless someone’s foolish enough to intertie VITAL services to internet connected machines.) The real damage is economic, lost information, identity theft, military secrets (or at least sensitive information). However it’s not unimaginable to paint a scenario where the loss of information puts lives in jeopordy. We really need to teach people about networked computer security.

   Send article as PDF   

Similar Posts