August 3, 2000

Hackers linked to China stole Los Alamos documents By Bill Gertz THE WASHINGTON TIMES

Hackers suspected of working for a Chinese government institute in Beijing broke into a computer system at Los Alamos National Laboratory and pilfered large amounts of sensitive information, including documents containing the word "nuclear," The Washington Times has learned. The incident involving sensitive but unclassified data was uncovered by a National Security Agency computer analyst early last year but kept secret until now, said U.S. intelligence officials who spoke on the condition of anonymity. "They [the Chinese] obtained the equivalent of a stack of documents 3 feet high," one official said. Officials said the case highlights the fact that foreign governments continue to seek U.S. nuclear weapons information. They said it is a clear example of Chinese government-sponsored computer spying techniques, which Beijing's military has cultivated for several years. Disclosure of the incident is the latest example of Beijing's covert efforts to obtain U.S. nuclear secrets.

Fired Los Alamos scientist Wen Ho Lee is awaiting trial on charges he mishandled sensitive nuclear weapons secrets. His arrest grew out of a major investigation that revealed China had obtained secrets on every deployed warhead in the U.S. nuclear arsenal. Officials said the Chinese hackers disguised their attack by entering a Los Alamos "file transfer protocol" site, or FTP, on the Internet through several computer system gateways at U.S. universities. Such FTP sites often are used to store information. The incident took place in late 1998 or early last year, the officials said. Using electronic tracing techniques developed by the National Security Agency, the analyst tracked the intruder back to a research institute in Beijing. Under China's communist system, all research institutes are part of the government and have been used in the past for spying activities.

The officials did not provide further details or identify the Chinese institute. Sensitive, but not secret, data stored on Los Alamos computers until recently included information dubbed "unclassified," "controlled nuclear information," "official use only," "naval nuclear propulsion information," "export controlled information" and "corporate proprietary data." A counterintelligence official said that, in general, computer-based information lost to foreign spies from Department of Energy facilities, including Los Alamos, has been extremely valuable to foreign weapons programs. The data helped foreign governments save time and money on their nuclear weapons programs while undermining U.S. national security and economic competitiveness, the official said. China is one of the most aggressive foreign powers seeking to glean data on nuclear weapons via computer from U.S. weapons laboratories, the official said. The Chinese are known to use several forms of computer attacks to gain access to the information. Chinese spies also have targeted Los Alamos for documents related to verifying compliance with arms control agreements, including the START arms pact and a chemical weapons agreement. Intelligence officials said Chinese research institutes made nearly 50 attempts to obtain two documents during the late 1990s. In a 1996 case, Army Pvt. Eric Jenott passed information on Pentagon computer systems to a Chinese national working at the Energy Department's Oak Ridge facility. He was convicted of computer fraud. In another case, a Chinese scientist working at the Brookhaven National Laboratory on Long Island, N.Y., was caught sending technical notes to the Chinese Academy of Sciences, a government entity in charge of weapons development programs. A recent report to Congress on Chinese spying, produced jointly by the FBI and CIA, made no mention of the covert computer attack. The report said the Chinese gather science and technology information through U.S. national laboratories and acquire "highly valued, yet unclassified information."

National Security Agency spokesman Fred Lash declined to comment on the agency's role in tracking the Chinese computer attack. However, Los Alamos spokesman Jim Danneskiold said the laboratory was under widespread computer attack during the time in question, although security officials have no record of a specific incident involving Chinese downloading information from an FTP site. "Certainly there were massive attacks around that time as part of Moonlight Maze," Mr. Danneskiold said, using the Pentagon code name for a series of worldwide computer assaults, primarily against Defense Department computers.

Mr. Danneskiold suggested that the Chinese intrusion in question might not have been detected because security officials at Los Alamos were in the process of installing a security "fire wall" system designed to keep out unauthorized computer intruders. There is "an enormous amount of Chinese activity hitting our green, open sites," Mr. Danneskiold said. "We're talking Web hits, and it happens continuously." The computer systems at the laboratory were partitioned during the period in question by creating a "green" system for open access to all Internet users, a limited-entry "yellow" site for remote access to sensitive but unclassified information and a classified "red" system closed to unauthorized users. "Yeah, sure, people have gotten into the unclassified system," Mr. Danneskiold said. "Our unclassified site has been hacked." During one 10-month period in the late 1990s, officials said, intelligence agencies recorded 792 computer security incidents, including 324 attacks from outside the United States.

The attacks included efforts to gain password files, probes of computer defenses and scans of system vulnerabilities to intrusion. Several computer systems have been compromised by intruders who gained "root" access to Energy Department computer systems. Such access allows hackers to gain complete access and total control over computer systems that permit them to see all information on the systems, the officials said.

Many of the attacks are from foreign intelligence services seeking restricted nuclear information or other sensitive material, particularly on science and technology.

http://www.washingtontimes.com/national/default-20008321179.htm

-- Martin Thompson (mthom1927@aol.com), August 03, 2000