China frequently hacks TRANSCOM contractors' computers, probe finds
By JAMES ROSEN | McClatchy Washington Bureau (MCT) | Published: September 17, 2014
WASHINGTON — The Chinese government has frequently hacked into the computer systems of defense contractors for the U.S. Transportation Command, the Pentagon agency responsible for deploying American troops and military equipment worldwide.
A bipartisan Senate investigation found that in one year, from June 1, 2012, through May 31, 2013, the Chinese government had gained access to sensitive U.S. defense logistics information at least 20 times but that the Transportation Command, known as TRANSCOM in military circles, was aware of only two of the security breaches.
“These peacetime intrusions into the networks of key defense contractors are more evidence of China’s aggressive actions in cyberspace,” said Sen. Carl Levin, a Michigan Democrat who chairs the Senate Armed Services Committee, which conducted the probe.
“Our findings are a warning that we must do much more to protect strategically significant systems from attack and to share information about intrusions when they do occur,” Levin said.
Richard Bejtlich, chief security strategist for FireEye, a cybersecurity firm in Milpitas, Calif., said his company tracks three dozen hacking groups that it traces to Chinese military, intelligence or other government agencies.
“They’re the worst in terms of scope,” Bejtlich told McClatchy. “They’re hitting the most number of targets, and they are the most aggressive. When you kick them off a system, they’ll try to get back on the next day.”
The Senate investigation found that the FBI knew of about half of the 20 cyberattacks on the defense contractors but had not informed the contractors or TRANSCOM of most of them.
“Cyber-intrusions into operationally critical contractors pose a threat to defense operations,” the Senate report said. “It is essential that potentially affected commands such as TRANSCOM be aware of such intrusions so that they can take steps to mitigate the threat.”
Among the examples provided, the probe found that between 2008 and 2010, one TRANSCOM contractor “was compromised by the Chinese military, who stole emails, documents, user accounts, passwords and even source code.”
In another, “In 2010, the Chinese military compromised the computer network of a Civil Reserve Air Fleet contractor, stealing documents, flight details, credentials and pins and passwords for encrypted email.”
Under one scenario, Bejtlich said, the Chinese could be interested in obtaining U.S. military logistical information because of Beijing’s increasing control of Taiwan.
“The most likely event that would cause a shooting war between the United States and China would be an invasion of Taiwan,” he said. “In the event that the Chinese decide to take over Taiwan, they want to disrupt our logistics and slow us down so that we won’t be able to get our forces to Taiwan as quickly.”
Sen. Jim Inhofe of Oklahoma, the senior Republican on the Armed Services Committee, said lawmakers must ensure that cyberattacks don’t disrupt military readiness.
“It is essential that we put into place a central clearinghouse that makes it easy for critical contractors, particularly those that are small businesses, to report suspicious cyberactivity without adding a burden to their mission-support activities,” Inhofe said.
Ben Johnson, a senior technical analyst for Bit9, a Waltham, Mass., firm that sells security software, said it’s difficult to protect defense contractors because many use more open computer networks than government agencies use.
“They’re going to be the first ones breached because the Defense Department or the CIA operate behind classified networks,” he told McClatchy. “Defense contractors may be doing a lot of sensitive work, but it’s usually not on classified networks, so it’s easier to access.”
TRANSCOM is one of nine U.S. unified military commands across all services, seven of which are geographically based.
Johnson said the Chinese have almost a digital-vacuum approach to American computer systems.
“They’re going after all sorts of information relative to our country, relative to our businesses,” he said. “They’re going after everything.”
Johnson said that defense contractors’ systems should be put behind bigger firewalls, but that it’s nearly impossible to stop all cyberattacks.
“I definitely think there needs to be more emphasis put on hardening these companies,” Johnson said. “The problem is that they can harden themselves, but they buy from subcontractors that aren’t secure. You kind of follow the chain, and eventually there’s a weak link somewhere.”
©2014 McClatchy Washington Bureau. Distributed by McClatchy-Tribune Information Services.