In November 2006, hackers attempted to penetrate the networks of the U.S. Naval War College, an institution responsible for training senior Navy officers and developing cyberspace strategies. The incident resulted in a two-week shutdown of the college’s computer and email systems as infected machines were restored.
The attack was described as a network intrusion, and the source of the attack was not officially confirmed, but China was suspected as the origin of the attack. According to news reports, the hackers targeted the website of the college, and the attack was sophisticated enough to take down the entire college network. The Naval War College systems were removed from the Global Information Grid so that investigators could recover from the intrusion and upgrade firewalls.
This incident highlights the growing concern about cyber attacks on military and government institutions. It also highlights the importance of robust cybersecurity measures to protect critical infrastructure and sensitive information. In response to the incident, the Department of Defense (DOD) raised its department-wide information warfare awareness level from Information Condition (Infocon) 5 to Infocon 4, and implemented measures to improve the security of its networks, such as tightening the perimeter by closing down ports and upgrading firewalls.
According to Alan Paller, director of research at the SANS Institute, cyber investigators can recognize network attackers through electronic signatures they leave behind. In this case, the electronic signatures matched those of previous Chinese intrusions, such as the Titan Rain series of attacks that started in 2003 and may still be ongoing. The college was forced to replace all the computers affected by the attack, as it was the only confidence-building measure that could be taken.
It was also noted that Chinese attacks on DOD systems are far more widespread than is publicly known, but almost all attacks remain classified. The Chinese government employs 39,000 full-time Internet police, and if the government wanted to find hackers, they could do it, and they have the capability to do so.
This incident serves as a reminder of the importance of cybersecurity in protecting critical infrastructure and sensitive information and the need for organizations to take proactive measures to detect and prevent cyber-attacks. In this case, the US Navy College had to take drastic measures, such as shutting down the entire network and replacing infected computers in order to mitigate the effects of the attack.