The attacks have been traced to the Chinese province of Guangdong, and the techniques used make it appear unlikely to come from any other source than the military, said Alan Paller, the director of the SANS Institute, an education and research organization focusing on cybersecurity.
"These attacks come from someone with intense discipline. No other organization could do this if they were not a military organization," Paller said in a conference call to announced a new cybersecurity education program.
In the attacks, Paller said, the perpetrators "were in and out with no keystroke errors and left no fingerprints, and created a backdoor in less than 30 minutes. How can this be done by anyone other than a military organization?"
Paller said that despite what appears to be a systematic effort to target government agencies and defense contractors, defenses have remained weak in many areas.
"We know about major penetrations of defense contractors," he said.
Security among private sector Pentagon contractors might not be as robust, said Paller, because "they are less willing to make it hard for mobile people to get their work done".
Paller said that the US government strategy appears to be to downplay the attacks, which has not helped the situation.
"We have a problem that our computer networks have been terribly and deeply penetrated throughout the United States ... and we've been keeping it secret," he said.
"The people who benefit from keeping it secret are the attackers."
Although Paller said that the hackers probably have not obtained classified documents from the Pentagon, which uses a more secure network, it is possible they stole "extremely sensitive" information.
He said that it has been documented that US military flight planning software from its Redstone Arsenal was stolen.
Pentagon officials confirmed earlier this year that US Defense Department Websites are probed hundreds of times a day by hackers, but maintained that no classified site is known to have been penetrated by hackers.
The US military has code-named the recent hacker effort "Titan Rain" and has made some strides in counter-hacking to identify the attackers, Paller said. This was first reported by Time magazine.
Paller said that a series of attacks on British computer networks reported earlier this year might have similar goals, but seems to use different techniques.
In the United States, he said that there are some areas of improvement such as the case of the Air Force, which has been insisting on better security from its IT vendors. But he argued that "the fundamental error is that America's security strategy relies on writing reports rather than hardening systems".
© 2005 Agence France-Presse
To add a comment,
Please log in:
Don't have an account?
Register now to comment on stories and stay up to date on important events and issues in the Middle East with our newsletter.