title: Pentagon Got Hacked by the PLA: Join the Club, Bob link: https://onemoretech.wordpress.com/2007/09/04/pentagon-got-hacked-by-the-pla-join-the-club-bob/ author: lembobro description: post_id: 644 created: 2007/09/04 19:53:00 created_gmt: 2007/09/04 19:53:00 comment_status: open post_name: pentagon-got-hacked-by-the-pla-join-the-club-bob status: publish post_type: post

Pentagon Got Hacked by the PLA: Join the Club, Bob

It’s now being reported that the Chinese military hacked the Pentagon’s e-mail in June.

One article describes the technological equivalent of a wrestling match between “their” cyberguys and “ours”.

My favorite take on all this comes from, unsurprisingly, The Register:

Pentagon: Chinese military hacked us (We’ll need a whole bunch of expensive stuff).

Big deal. Join the club (Secretary of Defense) Bob (Gates)!

First, this isn’t the first time we’ve heard this kind of thing. In 2005, Time Magazine published an article entitled The Invasion of the Chinese, about a PLA intrusion into Department of Energy systems. Of course, in that instance the guy who threw down the flag on the PLA got summarily bashed by Uncle Sam.

The pattern of attack described in the earlier 2004 incident and in the more recent acknowledgement (Clarion call? Alarm bell? Fear-mongering to fatten the next appropriations bill?) seem nearly identical.

The amazing part is that you’d think the Pentagon would find the whole experience humiliating, in that it exposes the ineffectiveness, ineptitude, of their electronic defenses. Of course this is the same organization that couldn’t even defend it’s own headquarters on 9-11 from a successful attack by an unarmed, subsonic, aircraft. As in so many things, they appear to have no shame in this either.

Not that I’ve had any experience with any effort by systems originating on a People’s Liberation Army network “footprinting” and then penetrating my home network, but if I did it surely would have caused me to be embarrassed.

Now if the PLA were to have done something like that, I would have been surprised to discover that they did it using machines that were so easy to track back to their publicly known network addresses that my 7 year-old son could have found them.

Again, if such an expoit took place, they did it with a straight shot at my server through an open port on my firewall, using an incredibly well-known vulnerability in UNIX systems that only an unhardened, or an ineptly hardened, system would have succumbed to. The other professionally humiliating detail was that I discovered the breach (er, assuming there was a breach) completely by accident and only did my forensic work long after they’d had their fun.

So, if this kind of thing had happened the system logs, once checked, clearly showed the origin of the dozens of connection attempts, and a couple of successful connects, by a remote system that a little backtracking through DNS revealed to becoming from a subnet owned by the PLA. Tracking that down took less than an hour.

No hacking of foreign systems was required to do the detective work described above. It was all done with traceroute, dig and a few queries on the World Wide Web. Nothing fancy, and certainly insufficient to constitute evidence in any court of law.

Ironically, a couple of rules on my router to deny access to anything coming from one of the subnets controlled by the PLA would have effectively blocked the whole effort. My home router is a $59 Linksys device. I’m guessing that the U.S. Department of Defense uses equipment that’s somewhat more sophisticated and configurable than that.

I wonder if this most recent intrusion was done though a system located on network publicly known to be controlled by the Chinese government? Would the brain trust at DOD be so negligent as to not block access from addresses on such networks? Something tells me that if they were, we’re not going to know about it for awhile.

You know what? I’d say the PLA has done us all a service here, by putting the spotlight on our government’s weaknesses. In fact, I’d encourage them to keep it up. Given what contractors usually charge to conduct penetration tests, we’re getting a good workout at a bargain price. After all, with all the U.S. debt they own, the Chinese have a vested interest in the continued good health of our economy, at least. Maybe shaving a few hundred billion dollars wasted on an failed defense establishment would improve the “bottom line” enough to give them (the Chinese) some significantly better return on their investment — not to mention on ours (the American people).

Man, you can’t make this stuff up.

P.S. Of course, even back a couple of years ago I was running Linux on all my systems, while both DOE and DOD have a preponderance of Windows boxes. Not that Windows (more particularly, MS Exchange, which is what I’m guessing is the e-mail server product most recently compromised — all so Bob and “crew” can use their Blackberrys) can’t be hardened (see the NSA’s Security Configuration Guides page, which you’d never find through the main site navigation if you didn’t know what you were looking for — thank God for Google), it just takes alot more skill and effort than hardening a UNIX box — which kind of blows the whole “Windows is better because it doesn’t require expensive, highly trained, technical resources to be effective in even the most demanding environments” mantra that Microsoft has been chanting for 20 years.

BIG P.P.S. The intruders into my system (if an intrusion occured) didn’t hurt anything, nor do they seem to have been interested in stealing any files they might have seen. There were no config changes or file transfers during their time on my machine. From what I can tell, their sole interest seemed to be in achieving the breach itself, and they didn’t stick around long after.

Copyright 2004-2019 Phil Lembo