Advertisement
Advertisement
Senate Armed Services Committee chairman Senator Carl Levin talks to media about cyberattacks from China. Photo: AP

Update | Chinese hackers targeted US military contractors, Senate panel committee finds

Senate committee claims attacks gained insight into logistics and 'foothold' to disrupt operations

Hackers associated with the Chinese government have repeatedly infiltrated the computer systems of US airlines, technology companies and other contractors involved in the movement of US troops and military equipment, a US Senate panel has found.

The Senate Armed Services Committee’s year-long probe, concluded in March but made public on Wednesday, found the military’s US Transportation Command, or Transcom, was aware of only two out of at least 20 such cyber intrusions within a single year.

The investigation also found gaps in reporting requirements and a lack of information sharing among US government entities. That in turn left the US military largely unaware of computer compromises of its contractors.

“These peacetime intrusions into the networks of key defence contractors are more evidence of China’s aggressive actions in cyberspace,” Democratic Senator Carl Levin of Michigan, the committee’s chairman, said in releasing the report.

Officials with the Chinese Embassy in Washington did not immediately comment.

Cybersecurity expert Dmitri Alperovitch, chief technology officer with the security firm Crowdstrike, said China had for years shown a keen interest in the logistical patterns of the US military.

The investigation focused on the US military’s ability to seamlessly tap civilian air, shipping and other transportation assets for tasks including troop deployments and the timely arrival of supplies from food to ammunition to fuel.

Those companies typically do not have the same level of defence against hackers as major weapons-makers or the military itself.

“The military uses secret or top-secret networks that are not on the internet, but private companies do not,” said Alperovitch. “That’s a real challenge.”

The FBI said in a statement that it “continues to aggressively investigate cyber intrusions emanating from state-sponsored actors and other criminals.

“We remain committed to working with our interagency partners to identify threats, protect the nation’s infrastructure from potential harm, and hold accountable those groups and individuals that pose a threat in cyberspace,” the statement added.

In a 12-month period beginning on June 1, 2012, there were about 50 intrusions or other cyber events into the computer networks of Transcom contractors, the 52-page report stated.

“We must ensure that cyber intrusions cannot disrupt our mission readiness.”
Senator Jim Inhofe

At least 20 of those were successful intrusions attributed to an “advanced persistent threat,” a term used to designate sophisticated threats commonly associated with attacks against governments. All of those intrusions were attributed to China.

Senator Jim Inhofe of Oklahoma, the committee’s top Republican, called for a “central clearinghouse” that makes it easy for contractors to report suspicious cyber activity.

“We must ensure that cyber intrusions cannot disrupt our mission readiness,” Inhofe said.

The investigation found that a “Chinese military intrusion” into a Transcom contractor between 2008 and 2010 “compromised emails, documents, user passwords and computer code.” In 2012, another intrusion was made into multiple systems of a commercial ship contracted by Transcom, the report said.

The Senate probe could further increase tensions between the two world powers over cyber espionage.

In May US authorities charged five Chinese military officers, accusing them of hacking into American nuclear, metal and solar companies to steal trade secrets.

Last month, Community Health Systems, one of the largest US hospital groups, said Chinese hackers had stolen Social Security numbers and other personal data from some 4.5 million patients.

 

This article appeared in the South China Morning Post print edition as: 'Chinese hackers targeted US military contractors'
Post