The head of Cyber Command, Gen. Keith Alexander, confirmed today that China was behind last year's penetration and software theft from the respected Internet security company, RSA.
Alexander was asked by Sen. Carl Levin, chairman of the Senate Armed Services Committee, for unclassified examples of cyber attacks from China. Alexander, who rarely speaks in any detail about threats, immediately offered the RSA attack as an example of China's "high order" capability to launch attacks against the U.S. and other countries.
Alexander said that China stole some of RSA's "underlying software" during the early March theft. The attack means that if China "can do it against RSA that means almost all companies are vulnerable," Alexander told the committee.
In his written testimony, Alexander said that attackers in general are shifting from botnets and are now targeting security companies such as RSA, as well as smartphones and relying on phishing emails.
According to the official blog on the RSA website, this is what happened in the attack on them:
"The attacker in this case sent two different phishing emails over a two-day period. The two emails were sent to two small groups of employees; you wouldn't consider these users particularly high profile or high value targets. The email subject line read '2011 Recruitment Plan.'
"The email was crafted well enough to trick one of the employees to retrieve it from their Junk mail folder, and open the attached excel file. It was a spreadsheet titled "2011 Recruitment plan.xls."
When the spreadsheet was opened, it "contained a zero-day exploit that installs a backdoor through an Adobe Flash vulnerability..." That vulnerability has been fixed.
But even with such sophisticated capabilities being arrayed against the U.S., Alexander said he did not want NSA or Cyber Command lurking in the public networks, watching for threats. Instead, he made clear that the current setup, where the government shares threat data with industry and relies on industry to inform it when an attack occurs, is the right path to take.
Sen. John McCain, ranking member of the committee, was highly critical of the current setup, where the Department of Homeland Security is the putative lead in protecting the United States from attack.
"Anyone who has been to an airport has no confidence int the technical abilities of the Department of Homeland Security," McCain said with scorn. Alexander made it clear that the Pentagon has decided to try and shift Cyber Command's 13,000 troops from an emphasis on defending U.S. networks to building impressive and effective offensive capabilities.
How grave is the threat in the long term? Alexander, pressed by McCain, agreed that threats from cyber is "absolutely" the greatest threat faced by the U.S. military. And he agreed that that threat grows every day. "Every day the probability of an attack increases," he said.