U.S. Is Losing Global Cyberwar, Commission Says

(page 2 of 2)

The three main installments in the BusinessWeek series were based on previously undisclosed documents and interviews with more than 100 current and former government employees, defense industry executives, and people with ties to U.S. military, space, and intelligence agencies. They are: E-spionage (BusinessWeek, 4/10/08), Dangerous Fakes (BusinessWeek, 10/2/08), and The Taking of NASA's Secrets (BusinessWeek, 11/20/08).

As the world's corporations, governments, military forces, and computer users have gravitated to the Web, so have competitors, adversaries, criminals, and spies, including government-backed electronic operatives establishing footholds for potential attacks, according to groups such as the congressionally created U.S.-China Economic & Security Review Commission, which warned on Nov. 21 of the threat from China (BusinessWeek.com, 11/21/08).

"The damage from cyber attack is real," states the cybersecurity group's report, referring to intrusions last year at the departments of Defense, State, Homeland Security, and Commerce, and at NASA and the National Defense University.

Hacking for 'friendly fire'

The report continues: "The Secretary of Defense's unclassified e-mail was hacked and DOD officials told us that the department's computers are probed hundreds of thousands of times each day; a senior official at State told us the department has lost 'terabytes' of information; Homeland Security suffered 'break-ins' in several of its divisions, including the Transportation Security Agency; Commerce was forced to take the Bureau of Industry and Security offline for several months; NASA had to impose e-mail restrictions before shuttle launches and allegedly has seen designs for new launchers compromised. Recently, the White House itself had to deal with unidentifiable intrusions in its networks."

The report mentions some of the most severe threats, such as those being faced by U.S. war fighters in Iraq and Afghanistan, only hypothetically. It notes, for instance, that "the U.S. has a 'blue-force tracking' that tells commanders where friendly forces are located," and then goes on to posit a scenario under which an opponent could turn some of the blue signals to red, a color used to flag adversaries' forces. The implication is that an intruder might, for instance, provoke a so-called friendly-fire incident in which U.S. fighters mistakenly target U.S. personnel.

At least six members of the commission approached by BusinessWeek declined to share specifics of the most recent intrusions into the computers of companies, the Pentagon, the U.S. Central Command, and important centers of military operations such as Bagram Air Base in Afghanistan. Defense and intelligence officials also declined to describe the operational impacts of that massive penetration of corporate and military networks, but they did confirm that it culminated Nov. 22 in the raising of U.S. Strategic Command's threat level—known as INFOCON—which entailed banning plug-in devices such as thumb drives throughout the U.S. military and in some allied forces. Emergency briefings were also given to Obama and President Bush.

U.S. military fights agent.btz

As first reported Nov. 28 by Los Angeles Times in "Cyber-Attack on Defense Department Computers Raises Concerns,", the intrusion and compromise of the U.S. military networks began with a piece of malicious software—or malware—known as agent.btz, which has also afflicted corporate networks in recent months, U.S. military officials and private cybersecurity specialists confirmed. Such intrusions have grown increasingly sophisticated and difficult to trace to their origins. The latest generation of malware, developed by gangs and governments with large sums of money at their disposal, can easily cloak its activities and capabilities.

Complicating the cleanup is not only the nature of the malicious software, but the sheer scale of the task: The U.S. military has around 7 million vulnerable electronic devices. U.S. military officials tell BusinessWeek that assuring themselves that they have cleansed their computers of the intruders that gained a foothold via agent.btz has grown increasingly uncertain and expensive. Forensics examinations and the reprogramming of each computer—which continues in the Pentagon, in Central Command headquarters in Tampa, and in military installations in Afghanistan—costs around $5,000 to $7,000 per machine, sources said.

Kellermann and other computer security consultants declined to discuss the threat to the U.S. military, though several said they were intimately familiar with it. But Kellermann said it was yet another example of how "the cyber security threat has really gotten out of control. But it's not only a national security threat. It's an economic security threat."

Business Exchange related topics:
Cyber Security
Defense Industry
Obama's Economic Policy

Epstein is a correspondent in BusinessWeek's Washington bureau.