Chinese computer hackers penetrated the Naval War College network earlier this month, forcing security authorities to shut down all e-mail and official computer network work at the Navy’s school for senior officers.
Navy officials said the computer attack was detected Nov. 15 and two days later the U.S. Strategic Command raised the security alert level for the Pentagon’s 12,000 computer networks and 5 million computers.
A spokesman for the Navy Cyber Defense Operations Command, located in Norfolk, said “network intrusions” were detected at the Newport, R.I., military school two weeks ago.
“The system-network connection was terminated and known affected systems were removed and are being examined for forensic evidence to determine the extent of the intrusion,” said Lt. Cmdr. Doug Gabos, the spokesman.
“The Naval War College computer system-network is used by students at the war college and contains Navy Professional Reading Program and other materials, all of which are unclassified information.”
The FBI and Naval Criminal Investigative Service are investigating the breach, another official said.
The Naval War College trains senior officers, conducts war games and carries out some classified research such as studies of future warfare. The college’s Web site was not accessible yesterday.
Adm. Michael Mullen, chief of naval operations, recently directed the war college’s Strategic Studies Group to begin work to develop concepts for waging cyber-warfare, a Navy spokesman said.
“The Naval War College is where the Navy’s Strategic Studies Group is planning and practicing cyber-war techniques, and now they don’t even have e-mail access,” one U.S. official said.
U.S. defense officials said intelligence reports indicated that the cyber-attack on the college came from China, which a recent congressional report said has begun a series of computer network attacks against defense and military systems in the United States code-named “Titan Rain.”
Retired Air Force Maj. Gen. Richard Goetze, a Naval War College professor, told a class Monday in Washington that Chinese computer hackers were behind the network attack. Gen. Goetze told students that communications were hobbled because the Chinese “took down” the entire Naval War College computer network.
Students and professors at the college now have to use private e-mail from home, raising security questions.
Cmdr. Gabos declined to comment on the origin of the attack. “The nature and extent of intrusion are operational issues,” he said. “I can tell you it was an isolated incident and did not affect other elements of Department of Defense.”
However, the U.S. Strategic Command, which is in charge of Defense Department computer warfare and defenses, issued a directive about the time the attack was detected ordering all defense computer users to heighten security by changing passwords.
The Strategic Command directive stated that the “information condition” was to be raised Nov. 17 from Infocon 5 to Infocon 4, or heightened alert against attack.
Alan Paller, a computer security specialist with the private SANS Institute, said the Chinese network attack against the war college is “the tip of the iceberg.”
“The depth of the penetration is more than anybody is even admitting,” he said in an interview. “People are trying to hide this because they’re embarrassed.”
Mr. Paller said the Chinese military’s doctrine calls for waging cyber-warfare against computer networks. “Part of it is gathering data and part is leaving a back door so they can get in [to military computers] in the future,” he said.
The annual report by the U.S.-China Economic and Security Review Commission, released Nov. 16, stated that there are “clear examples of computer network penetrations coming from China,” including those linked to Titan Rain.
The report said the Chinese military has “information warfare units [that] are developing viruses to harm the computer systems of its enemies.”