Foreign Hackers are Overwhelming U.S. Government Computers, says Analyst

By John Wagley

Foreign hackers have accessed between half and all of the U.S. government and military computers they “have an interest in,” according to one analyst. Many of the attacks are sanctioned by the Chinese government—something few top U.S. officials are willing to acknowledge, he said. 

John Tkacik, a senior research fellow at the Heritage Foundation, said his estimate was based on recent media and governmental reports along with personal interviews with U.S. officials. Chinese cyber attacks have grown so relentless and sophisticated they’ve become the “single biggest military and intelligence threat the U.S. faces.” He was speaking at a Heritage discussion titled, “Under Attack: Today’s Cyber Threat.” 

There have been a series of high-profile attacks against the U.S. since last summer. Recently, Newsweek reported that computers used by both the Obama and McCain campaigns were hacked. In the past few months, a variety of news sources have reported on successful breaches on targets including the White House, the World Bank, and the Department of Defense (DoD).  

There were 43,880 incidents of malicious activity from all sources against DoD and defense company computers in 2007, a 31 percent increase from the year before, according to a recent annual report from the U.S.-China Economic and Security Review Commission (USCC). 

Many top administration officials have been hesitant to publicly blame China, partly for fear of creating tension with Beijing, said Tkacik. "It’s 'politically incorrect' to [blame the Chinese],” he wrote in an e-mail to Security Management. “But the data pointing to official Chinese intelligence as the source for virtually all Chinese cyber attacks on U.S. government computers is…overwhelming.” 

The USCC report also points to links between hackers and the Chinese government. By some estimates, it states, there are 250 hacker groups in China that are “tolerated and may even be encouraged” by the Chinese government. It’s unlikely the hackers act without government knowledge, it continues, because of how closely the government monitors the Internet. The report added that China "devotes a tremendous amount of human resources to cyber activity for government purposes" and also trains “many individuals” in cyber operations in the country’s military academies.  

One non-U.S. government official, also part of the Heritage discussion, seemed clear in her belief that another nation, Russia, was involved in major cyber attacks in her region in recent years. Heli Tiirmaa-Klaar, a senior advisor in the Estonian Ministry of Defense, said attacks in Estonia in 2007 and Georgia in 2008 were both “culturally traceable” and involved “similar paradigms.”  

She indicated that official ties were particularly likely in the Georgia attacks, which struck news, police, government, and other Web sites mainly during the beginning of Russia’s Georgian incursion last August. It was the first time cyber attacks had been used “as a first strike” in a military conflict, she said. The attacks involved a “clear command and control structure” with “strong planning, intelligence, and execution.” Attackers sometimes altered their tactics rapidly based on the amount of damage they were causing, she said. The Russian government has denied involvement in the cyber attacks.


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.