- The Washington Times - Friday, March 7, 2008

Defense-related think tanks and contractors, as well as the Pentagon and other federal agencies, were the target of repeated computer network intrusions last year that originated in China, the Department of Defense said this week.

In its annual report to lawmakers on China’s military power, the department said the intrusions “appeared to originate in” China, but added that “it is unclear if these intrusions were conducted by, or with the endorsement of,” the Chinese government or military.

The report gave few details, but one China expert who works in the private sector said that in the past 18 months, China scholars who have close links to the U.S. government have been the repeated targets of sophisticated hacking attempts, using malicious software packages called Trojan horses hidden in e-mail attachments.

“Almost every think tank in Washington has dealt with this,” said the expert, who did not want to be named because of the ongoing investigations into the intrusions. “I personally have received more than two dozen” such e-mails, which arrive purportedly sent by other China watchers.

“They would spoof the addresses to make it look like the e-mail was coming from someone I knew and give the attachment a name … designed to catch my attention,” said the expert.

The e-mails varied in sophistication. “The vast majority are fairly primitive,” said the expert, “littered with … misspellings” or other obvious errors. But one purporting to come from a U.S. Air Force e-mail account was “very legitimate looking,” said the expert, adding “I would have opened the attachment, but fortunately it was on a subject I wasn’t interested in.”

If the attachment is opened, the hidden Trojan horse software is designed to bury itself deep in the computer’s operating system and begin covertly exporting data from the target’s calendar, contacts and e-mail folders to an Internet address in China, the expert said.

“This was a comprehensive intelligence-gathering effort by the Chinese, aimed at (China watchers) with one foot in the government,” the expert said.

“People who likely have unclassified but still sensitive material on their computers.”

At the RAND Corp., a think tank with historic links to the U.S. Air Force, the expert said the infections were buried so deep that the FBI physically removed some computer hardware.

A statement from RAND’s Chief Information Officer Woody Stoeger, confirmed that the think tank “has faced periodic attacks on our computer systems as have many organizations across the nation.”

Mr. Stoeger added RAND was “vigilant in guarding against (such) attacks” but declined to comment in any more detail about their nature, or where they might have originated from.

Neither the Chinese Embassy nor the FBI responded to requests for comment.