US Gov't to Probe Network Intrusions by Foreign Hackers

A House subcommittee is scheduled to hear testimony from government and industry representatives about the extent to which US federal networks and critical infrastructure have been compromised by foreign hackers.

The hearing will take place before a subcommittee of the Committee on Homeland Security, which is chaired by Republican Bennie Thompson.

Among those scheduled to testify are David Jarrell, manager of the critical infrastructure protection program at the Department of Commerce, and Don Reid, senior coordinator for security infrastructure from the Department of State. Both agencies were infiltrated last year by hackers using servers that appeared to be based in China. Also slated to testify are representatives from the Department of Homeland Security, the Idaho National Laboratory and security vendor VeriSign.

The hearing is designed to raise awareness of the extent to which foreign entities have infiltrated government networks, according to briefing materials made available to Computerworld.

"The purpose of this hearing is to afford [House members] the opportunity to understand how deeply our systems have been penetrated," the materials said. "Experts believe that the remediation efforts that are currently under way are not able to completely clear out hackers from government networks."

In June 2006, attackers using computers with IP addresses in China penetrated the State Department's networks and stole passwords and other data that the agency claimed was unclassified. The hackers also planted backdoor programs on several servers to allow them to access the systems at will. The compromise resulted in the agency having to shut down Internet access for several days.

Similarly, the Bureau of Industry and Security (BIS), an agency in the Commerce Department, was hacked into last July, resulting in the theft of user account information. And in October, the agency admitted to being hit by sustained distributed denial-of-service attacks launched by servers based in China. Those attacks forced the BIS to restrict Internet access to only those workstations that were not connected to any of the bureau's internal systems.

This hearing will focus on security executives at the two agencies and their responses to the compromises.

A letter from Thompson to the secretary of one of the federal departments, a copy of which was obtained by US Computerworld, lists a series of very detailed questions that the subcommittee wants answers to at the hearing. The information sought includes details on how quickly the agency detected the intrusion into its networks, how long the hackers remained undetected and details about all of the systems compromised.

The subcommittee also wants detailed information on what the agency did to "eliminate any infestations" from perpetrators who had control of the systems. Members, for instance, are looking into whether the agency completely wiped all the disks on the compromised systems and reloaded them from backups and whether "rogue tunnel audits" were done to look for backdoors on the systems.

"Members will understand that the penetrations on our systems were bad - so bad that we don't even know whether we or the attackers now control our own systems," the briefing materials noted.

The hearing also plans to look at whether the agencies implemented all the requirements of the Federal Information Security Management Act (FISMA) and whether those controls really improved defences. Officials at one of the agencies, for example, are expected to testify that even if it had received an A+ on its FISMA grades, the attacks would still have happened, the briefing materials said.

"I always hoped Congress would wake up one day and finally discover that the federal government had been deeply and broadly penetrated by cyberattackers from other countries," said Alan Paller, director of research at security research and training company the SANS Institute. He also asserted "that the defences they have in place have not protected them, that much of the money they have spent on FISMA reports has been wasted, and [that FISMA funding] should have been spent on actual security", he said.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

• Bookmark this page
• Share this article
  •  
  • facebook
  • slashdot
  • digg
  • Reddit
  • stumbleupon
  • linkedin
  • twitter
• Got more on this story? Email CIO
• Follow CIO on twitter

• Share
  Share this article

  •  google+
  • facebookfacebook
  • slashdotslashdot
  • diggdigg
  • RedditReddit
  • stumbleuponstumbleupon
  • linkedinlinkedin
  • twittertwitter
• print
• email
• Bookmark