Chinese attacks cost U.S. Defense Department over $100M

Chinese army hackers apparently caused more than $100 million worth of damage to U.S. Department of Defense networks, according to NSA research detailed in documents from the Edward Snowden cache.

On Saturday Germany’s Der Spiegel published a story, based on the Snowden documents, that described some of the offensive “digital weapons” the NSA has developed and generally outlined the chaotic, unregulated arms race that’s ramping up in the digital realm.

A large part of the article focused on the capabilities of other countries – something that’s not previously come through very strongly in publications of Snowden’s revelations – and how the NSA tracks what foreign intelligence agencies steal, then steals that information from them. This cunning practice is apparently known as “Fourth Party Collection”.

One Snowden document, however, outlined damage perpetrated by the Chinese Army on the U.S.’s own military infrastructure. It’s a presentation from a few years back that’s based on the findings of the NSA’s “Byzantine Hades” research into Chinese computer network exploitation, and it referred to more than 30,000 incidents involving Department of Defense (DoD) systems, over 500 of which it called “significant intrusions”. More than 1,600 computers on the DoD network were penetrated.

The presentation stated that it cost the DoD more than $100 million to assess the damage and rebuild its networks. It also suggested that the Chinese were after information on U.S. missile navigation and tracking systems, nuclear submarine and anti-air missile designs, space-based laser technology, and various military jets.

According to the documents, when the NSA traced back one Chinese attack on the DoD, they found not only the source of the attack but also information that the Chinese had stolen from others, including the United Nations.

Other documents, drawn up by the Canadian NSA partner CSEC, detailed spyware implants dubbed Snowball and Snowman (a system collectively referred to as Snowglobe) that CSEC thought “with moderate certainty” was the work of the French. The targets here included Iran, former French colonies such as Algeria and the Ivory Coast, and European countries such as Greece, Norway and Spain. The malware also appeared to have targets within France itself.