U.S. House to probe federal network intrusions by foreign hackers

Computerworld - A House subcommittee this week is scheduled to hear testimony from government and industry representatives about the extent to which federal networks and critical infrastructure have been compromised by foreign hackers.

The Thursday hearing will take place before a subcommittee of the Committee on Homeland Security, which is chaired by Rep. Bennie Thompson (D-Miss.).

Among those scheduled to testify are David Jarrell, manager of the critical infrastructure protection program at the Department of Commerce, and Don Reid, senior coordinator for security infrastructure from the Department of State. Both agencies were infiltrated last year by hackers using servers that appeared to be based in China. Also slated to testify are representatives from the Department of Homeland Security, the Idaho National Laboratory and security vendor VeriSign Inc.

The hearing is designed to raise awareness of the extent to which foreign entities have infiltrated government networks, according to briefing materials made available to Computerworld.

"The purpose of this hearing is to afford [House members] the opportunity to understand how deeply our systems have been penetrated," the materials said. "Experts believe that the remediation efforts that are currently underway are not able to completely clear out hackers from government networks."

In June 2006, attackers using computers with IP addresses in China penetrated the State Department's networks and stole passwords and other data that the agency claimed was unclassified. The hackers also planted backdoor programs on several servers to allow them to access the systems at will. The compromise resulted in the agency having to shut down Internet access for several days.

A month later, in July, the Bureau of Industry and Security (BIS), an agency in the Commerce Department, was hacked into, resulting in the attempted theft of user account information. And in October, a server belonging to an external company that the agency was working with was hit by sustained distributed denial-of-service attacks launched by servers based in China. Those attacks forced the BIS to restrict Internet access to only those workstations that were not connected to any of the bureau's internal systems.

This week's hearing will focus on security executives at the two agencies and their responses to the compromises.

A letter from Thompson to the secretary of one of the federal departments, a copy of which was obtained by Computerworld, lists a series of very detailed questions that the subcommittee wants answers to at the hearing. The information sought includes details on how quickly the agency detected the intrusion into its networks, how long the hackers remained undetected and details about all of the systems compromised.

The subcommittee also wants detailed information on what the agency did to "eliminate any infestations" from perpetrators who had control of the systems. Members, for instance, are looking into whether the agency completely wiped all the disks on the compromised systems and reloaded them from backups and whether "rogue tunnel audits" were done to look for backdoors on the systems.