Weak evidence links congressmen's cyber-attacks to China
U.S. House of Representatives members who worry that China may have been responsible for attacks on their computers have provided little evidence to back up their claims, according to computer security experts.
The two Republican congressmen, Representatives Frank Wolf and Christopher Smith, disclosed Wednesday that computers in their offices were hacked in late 2006 and early 2007. Both men have been critical of China's human rights record and said that the attacks raised concerns that they were being targeted for their support of Chinese dissidents.
Wolf said that the U.S. Federal Bureau of Investigation had told him that the attackers came from within China. Smith said that the IT professionals who repaired his hacked computers told his staff that the attacks came from Chinese IP addresses and that the hackers had accessed files related to China.
"My suspicion is that I was targeted by Chinese sources because of my long history of speaking out about China's abysmal human rights record," said Wolf in a statement. He is the senior Republican on the State and Foreign Operations subcommittee.
The Chinese Foreign Ministry has denied any connection to the attacks, according to reports. An FBI spokeswoman declined to comment on the matter late Thursday.
However, computer security experts said that the evidence that the two congressmen provided to back up their claims simply does not prove that the Chinese government, or even Chinese nationals, were involved.
"It's so very hard to conclude that something came from someplace if all you're going from is an IP address," said Marcus Sachs, director of the SANS Internet Storm Center, a volunteer-run effort that tracks emerging computer threats. "Those of us who have done this for a living, we know that you can't prove that it was a Chinese person on the keyboard if you have a Chinese IP address," he said. "Without making some of the evidence public… you leave everybody else guessing."
Computer attacks are often launched from Chinese IP addresses because a large number of computer systems in China have been hacked and are being used to redirect online attacks. Also, the country is notorious for providing so-called "bulletproof" hosting services that keep servers running even when international law enforcement tries to take them down.
"For US$1,000 a month or less you can get a bulletproof server in China," said Gary Warner, director of research in computer forensics with the University of Alabama at Birmingham.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
cyber-attacks
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
