US in danger of losing green-tech competition, experts say

TECHNOLOGY
- Infrastructure
  - Network
  - Security
    - Virus
    - Intruder
    - Spyware
    - Spam
    - Theft
    - Disaster Recovery
    - Privacy
    - Regulatory Compliance
  - Client
    - Desktop
    - Laptop
    - Laptop - Macbook
    - PDA
  - Server
    - Load Balancing
  - Mobile
  - Operating Systems
    - Windows
    - Windows - Vista
    - Linux
    - Mac
    - Mac - Leopard
    - Unix
    - Other
  - Data Center
  - Virtualization
- Applications
  - SaaS
  - Cloud Computing
  - ERP
  - CRM
  - BI
  - BPM
  - KM
  - SCM
  - RFID
  - Middleware/EAI
  - Portals
    - B-to-B
    - Consumer
  - Inventory Management
  - Databases
  - Document Management
  - E-Business
  - Data Warehouse
- Development
  - Open Source
  - Eclipse
  - Java
  - .NET
  - Agile
  - Web Services
- Architecture
  - SOA
  - Enterprise Architecture
LEADERSHIP

IT DRILLDOWN

NEWSLETTERS

CIO.com updates, insights and advice on technology, management and your career.

RSS Feeds »

LEADERSHIP

CIO Executive Programs

The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

CIO Executive Council

A Peer-Advisory Service and Professional Association for CIOs

Social Responsibility's Strategic Benefits

December 15, 11:30 AM - 12:30 PM US/Eastern (GMT-5)

Join Ed Granger-Happ, CIO of Save the Children, for a discussion of how creating an organization that is socially responsible improves staffing, retention, leadership development and overall corporate health.

Working With and Communicating to Your Board of Directors

January 13, 2009, 4:00 PM - 5:00 PM US/Eastern (GMT-5)

CIO panelists who will share tips and experiences working with their boards: Twila Day of SYSCO; Jeff O'Hare, West Corp.; Marc West, formerly with H&R Block.

IT's Role in Growing Mid-Market Companies

January 14, 4:00 PM - 5:00 PM ET (GMT-5)

Mid-market Council members will share their companies' stories and challenges in driving or coping with growth. Panelists represent Veterinary Pet Insurance, Medicis Pharmaceutical, and Intrax Cultural Exchange.

More / Register »

Learn more about the CIO Executive Council »

RESOURCE CENTER

buy a link »

SUBSCRIBE TO CIO

Are you involved in setting the direction for your company's IT budget or strategy?

Apply today for a FREE subscription to CIO Magazine!

Subscription Services »

Reprints »

News

Weak Evidence Links Congressmen's Cyber-Attacks to China

U.S. House of Representatives members who worry that China may have been responsible for attacks on their computers have provided little evidence to back up their claims, according to computer security experts.

Leave a comment

By Robert McMillan

June 12, 2008 — IDG News Service —

U.S. House of Representatives members who worry that China may have been responsible for attacks on their computers have provided little evidence to back up their claims, according to computer security experts.

The two Republican congressmen, Representatives Frank Wolf and Christopher Smith, disclosed Wednesday that computers in their offices were hacked in late 2006 and early 2007. Both men have been critical of China's human rights record and said that the attacks raised concerns that they were being targeted for their support of Chinese dissidents.

Wolf said that the U.S. Federal Bureau of Investigation had told him that the attackers came from within China. Smith said that the IT professionals who repaired his hacked computers told his staff that the attacks came from Chinese IP addresses and that the hackers had accessed files related to China.

"My suspicion is that I was targeted by Chinese sources because of my long history of speaking out about China's abysmal human rights record," said Wolf in a statement. He is the senior Republican on the State and Foreign Operations subcommittee.

The Chinese Foreign Ministry has denied any connection to the attacks, according to reports. An FBI spokeswoman declined to comment on the matter late Thursday.

However, computer security experts said that the evidence that the two congressmen provided to back up their claims simply does not prove that the Chinese government, or even Chinese nationals, were involved.

"It's so very hard to conclude that something came from someplace if all you're going from is an IP address," said Marcus Sachs, director of the SANS Internet Storm Center, a volunteer-run effort that tracks emerging computer threats. "Those of us who have done this for a living, we know that you can't prove that it was a Chinese person on the keyboard if you have a Chinese IP address," he said. "Without making some of the evidence public & you leave everybody else guessing."

Computer attacks are often launched from Chinese IP addresses because a large number of computer systems in China have been hacked and are being used to redirect online attacks. Also, the country is notorious for providing so-called "bulletproof" hosting services that keep servers running even when international law enforcement tries to take them down.

"For US$1,000 a month or less you can get a bulletproof server in China," said Gary Warner, director of research in computer forensics with the University of Alabama at Birmingham.

China has been blamed for many intrusions on federal computer systems, including breaches at the U.S. Department of Commerce and the Pentagon, but according to Warner, virtually any computer plugged into the Internet will find itself scanned by probes from China IP addresses. "Anybody who looks at their firewall logs can prove that they're being attacked from China. Does this prove that they're really being attacked by the Chinese? I don't know, "he said.