A Senate Armed Services Committee investigation has found evidence that hackers associated with the Chinese government compromised the computer systems of U.S. Transportation Command contractors at least 20 times in a single year. The attacks pose a serious risk to the system that moves military troops and equipment.
The Committee released the report on Wednesday. (PDF copy here.) It presented the results of a year-long investigation of U.S. Transportation Command, or “TRANSCOM,” found a serious gap in awareness and reporting requirements. TRANSCOM was only aware of two of the 20 intrusions, while U.S. Transportation Command remained mostly unaware of the computer compromises of contractors during and after the attacks.
“These peacetime intrusions into the networks of key defense contractors are more evidence of China’s aggressive actions in cyberspace,” said Sen. Carl Levin, D-Mich., the committee’s chairman in a published statement. “Our findings are a warning that we must do much more to protect strategically significant systems from attack and to share information about intrusions when they do occur.”
The committee investigation focused a known weakness in government and military networks: contractors. Specifically, the attacks focused on civil shipping and aviation firms that participate in programs like the Civil Reserve Air Fleet, or CRAF.
These private transportation companies might do little military related work during peacetime, but are critical in helping the military to scale quickly in times of war or crisis, helping to move troops and equipment around the world.
The contractors also are a weak link in the military’s cyber security chain. During a 12-month period beginning June 1, 2012, there were about 50 intrusions or other cyber events into the computer networks of TRANSCOM contractors. At least 20 of those were successful intrusions attributed to an “advanced persistent threat,” or APT, the Committee found. All of the intrusions were attributed to China.
The include an attack that spanned two years – from 2008 to 2010 – and that captured emails, documents, passwords and computer code
A Chinese military intrusion into a TRANSCOM contractor between 2008 and 2010 that compromised emails, documents, user passwords and computer code. Other intrusions obtained flight details and passwords used to access encrypted email. A 2012 attack gained access to “multiple systems” onboard a commercial ship contracted by TRANSCOM, the Committee found.
The Committee warned that information sharing about cyber attacks was woeful. An audit of a subset of TRANSCOM contractors uncovered 11 cyber intrusions believed to be linked to China. The Committee said the FBI or DoD had already identified another 9 linked to TRANSCOM contractors. Of those 20, however, information on just two was relayed back to TRANSCOM.
|Read more Security Ledger coverage of China hacking here.|
“DoD agencies lack a clear understanding as to what information about cyber intrusions can and should be shared with TRANSCOM and other agencies within the Department,” the report found.
The U.S. Government has stepped up its scrutiny of Chinese government spying – which security experts have long warned about. In May, Attorney General Eric Holder announced the first-ever criminal charges against a foreign country for cyberspying, indicting five Chinese citizens for charges that include computer hacking and economic espionage directed at six American companies in the nuclear power, metals and solar products industries.
Third party contractors are a common target for hackers, giving them privileged access to target networks via back channels. A recent survey taken at the Black Hat Briefings in Las Vegas by the security firm Tripwire found that contractors were the most common target in hacks. Forty percent of respondents claimed they would likely target contractors in a hack, with 30 percent aiming to hack IT administrators.