FBI hacked by China

The Washington Times Weekly - - National Security -

A re­cent com­puter in­tru­sion that forced the FBI to shut down its com­puter net­work and dis­rupted FBI op­er­a­tions was traced to an e-mail con­tain­ing ma­li­cious code that orig­i­nated in China, ac­cord­ing to FBI of­fi­cials.

The forced shut­down of the net­work af­fected one sig­nif­i­cant FBI op­er­a­tion — the May 20 ar­rest of home­grown ter­ror­ism sus­pects in New York, said of­fi­cials who spoke on con­di­tion of anonymity be­cause they were not au­tho­rized to dis­cuss the mat­ter.

“The Chi­nese shut down our net­work,” said one FBI of­fi­cial fa­mil­iar with as­sess­ments of the at­tack.

The FBI net­work dis­rup­tions fol­lowed a sim­i­lar pen­e­tra­tion of the De­fense Depart­ment e-mail sys­tem used by De­fense Sec­re­tary Robert M. Gates in 2007, which de­fense of­fi­cials have said was traced to com­puter servers in China.

FBI spokesman Mike Kor­tan de­clined to ad­dress the sus­pected Chi­nese ori­gin of the com­puter strike or its likely pen­e­tra­tion through an e-mail at­tach­ment.

Chi­nese Em­bassy press spokes­woman Wei Xin said China has a “res­o­lute pol­icy of op­pos­ing and crack­ing down on cy­ber crimes in­clud­ing hack­ing, ac­cord­ing to law.”

“Rel­e­vant au­thor­i­ties of the Chi­nese gov­ern­ment at­tach great im­por­tance to crack­ing down on cy­ber crimes, and have strength­ened co­op­er­a­tion with other coun­tries and in­ter­na­tional or­ga­ni­za­tions, in­clud­ing the In­ter­pol on jointly fight­ing against crimes such as cross-bor­der cy­ber at­tacks through bi­lat­eral con­sul­ta­tion and co­op­er­a­tion,” she said.

Mr. Kor­tan re­ferred In­side the Ring to an FBI state­ment is­sued May 29 in re­sponse to a New York Post re­port on the net­work dis­rup­tion. The FBI stated that their net­work was shut down as a pre­cau­tion and that e-mail traf­fic was “largely re­stored within 48 hours” af­ter the de­tec­tion of the ma­li­cious code.

“The ex­ter­nal, un­clas­si­fied net­work is gen­er­ally used for rou­tine com­mu­ni­ca­tions and mes­sages,” the state­ment said. “It is im­por­tant to note that the FBI’s in­ter­nal, classified net­work is where com­mu­ni­ca­tions and email about sen­si­tive and in­ves­tiga­tive mat­ters take place and was never af­fected.”

How­ever, a se­nior FBI of­fi­cial said the shut­down dis­rupted com­mu­ni­ca­tions used dur­ing the May 20 raid in New York that net­ted a group of home­grown ter­ror­ists.

A sec­ond FBI of­fi­cial said that com­puter ac­cess by the en­tire agency and its thou­sands of of­fi­cials was re­stricted for at least two weeks and was only re­stored to nor­mal lev­els last week.

“Out of an abun­dance of cau­tion, the FBI has tem­po­rar­ily self-im­posed a limit on send­ing and re­ceiv­ing at­tach­ments on our ex­ter­nal, un­clas­si­fied net­work to give our tech­ni­cians time to scan all the at­tach­ments that came into the e-mail sys­tem to make sure we have iden­ti­fied and mit­i­gated all threats to the net­work,” the FBI state­ment said.

Ac­cord­ing to the of­fi­cials, the com­puter net­work pen­e­tra­tion occurred in early May af­ter an FBI em­ployee opened an at­tach­ment to an e-mail marked H1N1 in the sub­ject line. The H1N1 virus is also known as the swine flu. It then per­mit­ted hack­ers some ac­cess to the FBI net­work that was not dis­cov­ered un­til at least a week af­ter the e-mail elec­tronic in­fec­tion.

The in­tru­sion also af­fected the U.S. Mar­shals Ser­vice. sev­eral is­sues, in­clud­ing the de­ci­sion not to de­fine vol­un­tary hu­man shields as di­rect par­tic­i­pants in hos­til­i­ties. All 50 ex­perts on the panel had agreed that civil­ians who act as vol­un­tary hu­man shields should fit within the def­i­ni­tion, which would make them le­git­i­mate mil­i­tary tar­gets.

The fi­nal re­port de­fines “civil­ians at­tempt­ing to shield a mil­i­tary ob­jec­tive by their pres­ence” as per­sons en­ti­tled to pro­tec­tion against di­rect at­tack. It states that the con­duct of vol­un­tary hu­man shields “does not amount to di­rect par­tic­i­pa­tion in hos­til­i­ties.”

One par­tic­i­pant in the process said the ICRC de­ci­sion might pre­vent mil­i­tary forces from tar­get­ing le­git­i­mate ter­ror­ist groups and their op­er­a­tions.

The par­tic­i­pant, who spoke on con­di­tion of anonymity be­cause he is not au­tho­rized to speak pub­licly on the mat­ter, said the ICRC failed to fur­ther con­sult with the ex­perts even though it knew the ex­perts dis­agreed with the in­ter­na­tional or­ga­ni­za­tion on the is­sue.

“When the fi­nal re­port was cir­cu­lated to the ex­perts two weeks ago, it con­tained a ma­jor aban­don­ment of key por­tions of the fi­nal draft agreed to by the ex­perts,” he said.

The with­drawal of a to­tal of 12 ex­perts, many of whom are prom­i­nent in­ter­na­tional le­gal schol­ars, took place in the days be­fore the re­port was re­leased in June. “Those who did are the big­ger names, too, prac­ti­tion­ers rather than the aca­demi­cians and NGOs — from Amnesty In­ter­na­tional, Hu­man Rights Watch — who nor­mally align with ICRC,” the par­tic­i­pant said.

The ex­perts’ group in­cluded lawyers from Bri­tain, Ger­many, Canada, Bel­gium, Le­banon, Bar­ba­dos, Switzer­land, France, Nether­lands, In­dia, Tan­za­nia, Ar­gentina, and Is­rael.

The Amer­i­can par­tic­i­pant said the ICRC de­ci­sion was “in­con­sis­tent with U.S. fed­eral court de­ci­sions, in­clud­ing U.S. Supreme Court de­ci­sions, do­mes­tic court de­ci­sions in other na­tions, de­ci­sions of the Euro­pean Court of Hu­man Rights, and state prac­tice in in­ter­na­tional armed con­flict.”

He said the ICRC’s fail­ure to of­fer an ac­cu­rate state­ment of ex­ist­ing law, notwith­stand­ing ad­vice to the con­trary by the le­gal ex­perts it en­listed, “was crit­i­cal to my de­ci­sion” not to sup­port the re­port.

“I am dis­ap­pointed that the ICRC chose to ig­nore the work and ad­vice of the le­gal ex­perts it en­listed and in­stead pro­duced a po­lit­i­cal rather than le­gal doc­u­ment that as a con­se­quence is an in­com­plete and in­ac­cu­rate state­ment of the law.”

A Texas-based law pro­fes­sor said in an e-mail to the ICRC that he be­lieved it was “sub­stan- tially chang­ing the con­clu­sions of­fered by its ex­perts.”

“I hereby with­draw autho­riza­tion of iden­ti­fi­ca­tion or any other list­ing of me as a par­tic­i­pant in the ICRC study that en­deav­ored to de­fine the treaty phrase ‘tak­ing a di­rect part in hos­til­i­ties’ in the 1977 Pro­to­col I ad­di­tional to the 1949 Geneva Con­ven­tions,” he wrote.

A Tel Aviv Uni­ver­sity law pro­fes­sor also with­drew his sup­port for the ICRC say­ing he con­sid­ered the fi­nal lan­guage as a “per­sonal be­trayal.” This pro­fes­sor said he had of­fered a com­pro­mise on the lan­guage iden­ti­fy­ing vol­un­tary hu­man shields as le­git­i­mate mil­i­tary tar­gets if they were de­fined as hav­ing “mem­ber­ship in ir­reg­u­larly con­sti­tuted armed groups — not be­long­ing to any bel­liger­ent party.”

But, he said, “if you in­sist on pro­ceed­ing with the pub­li­ca­tion of the present text, I must with­draw my name from the project.” He ul­ti­mately was among those who did.

A Dutch spe­cial­ist on in­ter­na­tional crim­i­nal and hu­man­i­tar­ian law closely in­volved in or­ga­niz­ing the ex­perts stated that his in­sti­tute “has de­cided to take un­der re­view the ques­tion of whether [it] wishes to have its name as­so­ci­ated in any way with the fi­nal doc­u­ment.”

A Ger­man pro­fes­sor also op­posed the fi­nal ICRC re­port drop­ping ref­er­ences to vol­un­tary civil­ian hu­man shields and asked the ICRC to “delete my name from the list of par­tic­i­pants.”

ICRC spokesman Flo­rian West­phal said in an e-mail that the ex­perts’ views “widely in­formed” the re­port, ti­tled “In­ter­pre­tive Guid­ance on the No­tion of Di­rect Par­tic­i­pa­tion in Hos­til­i­ties un­der In­ter­na­tional Hu­man­i­tar­ian Law (IHL).”

How­ever, “the aim of the In­ter­pre­tive Guid­ance is not to re­flect a unan­i­mous view or ma­jor­ity opin­ion of the ex­perts, but to pro­vide the ICRC’s own rec­om­men­da­tions as to how IHL re­lat­ing to the no­tion of ‘di­rect par­tic­i­pa­tion in hos­til­i­ties’ should be in­ter­preted in con­tem­po­rary armed con­flict,” Mr. West­phal said.

The ex­pert meet­ings were held un­der rules that pro­hibit iden­ti­fy­ing the mem­bers pub­licly, he said.

“The use of hu­man shields con­sti­tutes a vi­o­la­tion of IHL,” he stated. “The ICRC has con­demned this prac­tice in past and re­cent con­flicts and will con­tinue to do so in the fu­ture.”

The re­port came to a “nu­anced con­clu­sion” on what cir­cum­stances un­der which vol­un­tar y hu­man shields lose pro­tec­tion from at­tack, he said.

“There was no ‘be­trayal’ [of the ex­perts],” Mr. West­phal said.

“While the In­ter­pre­tive Guid­ance is not legally bind­ing, the ICRC hopes that it will be per­sua­sive to states, non­state ac­tors, prac­ti­tion­ers and aca­demics alike and that, ul­ti­mately, it will help bet­ter pro­tect the civil­ian pop­u­la­tion from the dan­gers of war­fare,” he said.

Bill Gertz cov­ers na­tional se­cu­rity af­fairs. He can be reached at 202/636-3274, or at in­sid­e­ther ing@wash­ing­ton­times.com.


Lurk­ing: Cy­ber-China

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.