Chinese Cyber Spies and the idiocy of Bureaucracy
I read my way through an interesting article today that was both encouraging and dissapointing at the same time. It boils down to this, an information security guy working for “Sandia National Laboratories” finds evidence that some group of hackers is really trying thier best to access Sandias resources, and those of other Federal organizations as well. For those that don’r know what Sandia really is it’s described in the Sandia FAQ’s as “Sandia is a government-owned/contractor operated (GOCO) facility. Lockheed Martin manages Sandia for the U.S. Department of Energy’s National Nuclear Security Administration”, you know, just simple stuff like guarding Americas Nuclear Weapons programs.
This guy, Shawn Carpenter, gets a lead on the activity and pursues the evidence trail, and after much hard work finds the source of the activity. The following excerpt describes the severity of the hack.
“The hackers he was stalking, part of a cyberespionage ring that federal investigators code-named Titan Rain, first caught Carpenter’s eye a year earlier when he helped investigate a network break-in at Lockheed Martin in September 2003. A strikingly similar attack hit Sandia several months later, but it wasn’t until Carpenter compared notes with a counterpart in Army cyberintelligence that he suspected the scope of the threat. Methodical and voracious, these hackers wanted all the files they could find, and they were getting them by penetrating secure computer networks at the country’s most sensitive military bases, defense contractors and aerospace companies.”
Now, knowing what he knows, he goes to his immediate supervisors and is told to stand down, he then goes to the FBI and is encouraged to continue “under cover”. After making much headway into the case his activites are found out and he is terminated from Sandia Labs.
“They fired him and stripped him of his Q clearance, the Department of Energy equivalent of top-secret clearance. Carpenter’s after-hours sleuthing, they said, was an inappropriate use of confidential information he had gathered at his day job. Under U.S. law, it is illegal for Americans to hack into foreign computers.”
Now, true, it is illegal but only if you get caught by someone who gives a shit, in the interests of National Security lets continue shall we? Hell the Feds do it all the time and they dont get fired. So, our hero tracks the activity back to China and a network that is showing hostile activity 24 x 7. He bugs the edge router with a trojan/logger and mines them for all the data he can, a sample of this is below:
“Carpenter copied a huge collection of files that had been stolen from Redstone Arsenal, home to the Army Aviation and Missile Command. The attackers had grabbed specs for the aviation-mission-planning system for Army helicopters, as well as Falconview 3.2, the flight-planning software used by the Army and Air Force.”
For work like this he loses his job and security clearance from Sandia (although he does get hired by a contracting firm and susequently gets his clearance back) he should be rewarded and transferred to a section of the Fed that can best use his talents…. the NSA comes to mind.
Carpenter had this to say about his situation:
“Carpenter says he has honored the FBI’s request to stop following the attackers. But he can’t get Titan Rain out of his mind. Although he was recently hired as a network-security analyst for another federal contractor and his security clearance has been restored, “I’m not sleeping well,” he says. “I know the Titan Rain group is out there working, now more than ever.”
The entire article is six pages long but well worth the few minutes it will take to read, go ye and read the whole gory thing and do some googling on some of the info contained in the article and you should come away more informed for your efforts.