U.S. Senate says Chinese hackers attacked military contractors

PanARMENIAN.Net - Hackers associated with the Chinese government broke into the computers of airlines and military contractors over 20 times in a single year, the U.S. Senate said.

The attacks were allegedly targeted at systems that move troops and equipment. They included breaking in to computers on a commercial ship and uploading malicious software on to an airline's computers, the Senate report alleged, according to BBC News.

Chinese officials denied the allegations.

A year-long investigation was concluded in March, but the findings have only just been made public, the BBC says.

In a 12-month period from June 2012, it found evidence of about 50 cyber-attacks on military contractors. Of those, 20 were attributed to "an advanced persistent threat", a term associated with attacks on governments. All were attributed to China.

The report did not disclose the names of the affected contractors.

"These peacetime intrusions into the networks of key defense contractors are more evidence of China's aggressive actions in cyberspace," senator Carl Levin, chairman of the committee, said.

Chinese embassy officials in Washington questioned the report, calling the accusations "groundless".

The row between China and the U.S. over cyber-attacks has been a long-running one. The Chinese government has previously accused U.S. spies of infiltrating its computer networks.

In May the U.S. government accused five Chinese military members of hacking into and stealing trade secrets from the computers of several large U.S. companies.

The latest report revealed that officials had only been told about two of these incidents. It also found that U.S. government agencies had failed to share the information about the attacks among themselves.

This lack of transparency from contractors has raised questions and prompted calls for new procedures about how such hacks are reported.

Senator Jim Inhofe, who sits on the committee, called for a central clearinghouse to make it easier for contractors to report suspicious cyber-activity.

According to the report, contractors are only required to report network-level cyber-intrusions.

Paul Dignan, from security firm F5 Networks, said: "A lot of attacks target end-users with malware so that they can piggyback on legitimate access to the network.

"Firms use lots of security vendors but there are also lots of gaps and, without adequate integration, it is these gaps that will be exploited."