The compromise of the U.S. Army Corps of Engineers’ National Inventory of Dams (NID) is raising new concerns that China is preparing to conduct a future cyber attack against the national electrical power grid, including the growing percentage of electricity produced by hydroelectric dams.

According to officials familiar with intelligence reports, the Corps of Engineers’ National Inventory of Dams was hacked by an unauthorized user believed to be from China, beginning in January and uncovered earlier this month.

The database contains sensitive information on vulnerabilities of every major dam in the United States. There are around 8,100 major dams across waterways in the United States.

Pete Pierce, a Corps of Engineers spokesman, confirmed the cyber incident but declined to provide details.

“The U.S. Army Corps of Engineers is aware that access to the National Inventory of Dams (NID), to include sensitive fields of information not generally available to the public, was given to an unauthorized individual in January 2013 who was subsequently determined to not to have proper level of access for the information,” Pierce said in a statement.

“[U.S. Army Corps of Engineers] immediately revoked this user’s access to the database upon learning that the individual was not, in fact, authorized full access to the NID,” he said.

The Corps is continuing to bolster and review security protocols governing access to the database, he added.

The Corps’ dam database portal recently added a statement that said “usernames and passwords have changed to be compliant with recent security policy changes.” The changes were initiated after the hacking incident.

The database categorizes U.S. dams by the number of people that would be killed if a dam fails. They include “significant” and “high” hazard levels.

Michelle Van Cleave, the former National Counterintelligence Executive, a senior counterintelligence policymaker, said the database compromise highlights the danger posed by hackers who are targeting critical U.S. infrastructure for future attacks.

“In the wrong hands, the Army Corps of Engineers’ database could be a cyber attack roadmap for a hostile state or terrorist group to disrupt power grids or target dams in this country,” Van Cleave said in an email.

“You may ask yourself, why would anyone want to do that? You could ask the same question about why anyone would plant IEDs at the Boston Marathon.”

Van Cleave said the intrusion appears to be part of an effort to collect “vulnerability and targeting data” for future cyber or military attacks.

“Alarm bells should be going off because we have next to no national security emergency preparedness planning in place to deal with contingencies like that,” she said.

Gen. Keith Alexander, commander of the U.S. Cyber Command, warned in a 2011 speech that cyber attacks were escalating from causing disruptions to actual destructive strikes, including cyber attacks on hydroelectric dams.

Alexander provided what he said were indirect examples of two types of anticipated cyber attacks. The first was a cyber strike that could produce a cascading power failure like the August 2003 electrical power outage in the Northeast United States caused by a tree falling on a high-voltage power line

The second involved the catastrophic destruction of a water-driven electrical generator at Russia’s Sayano-Shushenskaya dam, near the far eastern city of Cheremushki, in August 2009. One of the dam’s 10 650-megawatt hydro turbine generators, weighing more than 1,000 tons, was mistakenly started by a computer operator 500 miles away.

As a result, the generator began spinning, rose 50 feet in the air, and exploded, killing 75 people and destroying eight of the remaining nine turbines at the dam.

“That’s our concern about what’s coming in cyberspace—a destructive element,” said Alexander in the September 2011 speech on cyberwarfare. He is also the director of the National Security Agency, the electronic spying agency.

According to the Corps website, the dam inventory was created under a 1972 law and was updated in 1986 to require coordination between the Corps and the Federal Emergency Management Agency.

In 2002 and 2006 the law was updated further in recognition that dams are part of critical U.S. infrastructure and require protection.

Security analysts have said that critical infrastructure—electrical power grids, financial networks, transportation controls, and industrial control systems—are increasingly vulnerable to cyber attack because of computer networks used to run them.

The security lapse highlights the Obama administration’s failure to upgrade cyber security and protect infrastructure despite a recent executive order seeking to improve security.

The dam database compromise also comes amid plans by the administration to expand hydroelectric power in the Untied States, which is considered a “green” renewable energy source, by 15 percent through upgrading dams.

The Energy Department said in a recent report that upgrading dams could produce 12 gigawatts of electricity without carbon emissions, Bloomberg reported recently.

Energy officials analyzed 54,391 dams out of more than 80,000 dams that lack hydroelectric generators. Currently, some 2,500 dams produce hydroelectric power.

Increasing hydroelectric power would “help diversify our energy mix, create jobs and reduce carbon pollution nationwide,” Energy Secretary Steven Chu said in a statement.

President Barack Obama has set a goal of producing 80 percent of U.S. electrical power from so-called clean energy systems by 2035.

The Energy Department report said that adding generators to existing dams would be faster and less expensive than building new dams.

Hydropower made up six percent of total U.S. electricity produced in 2011. More than half of all hydroelectric power is produced in Washington, Oregon, and California.

While the military has existing rules that allow it to defend the nation, the Pentagon said, analysts say these new rules make it easier for commanders to take action against cyber threats without clearing it at the presidential level:

“This is all putting the world on notice, particularly the Chinese, that we’re tired of them breaking into private companies,” said Richard Bejtlich, chief security officer at Mandiant, a computer security company.

The so-called rules of engagement will “provide a defined framework for how best to respond to the plethora of cyber-threats we face,” said Lt. Col. Damien Pickart, a Pentagon spokesman.

The rules will be kept secret and cover more conventional combat as well. The difficulty to determine the source of cyber attacks and the need to create a new set of rules signifies how opaque the cyber world is:

Even what constitutes an act of war is difficult to determine.

Gen. Keith Alexander, head of Cyber-Command, said recently the bulk of cyber-attacks are espionage and commercial theft, not an act of war. “If the intent is to disrupt or destroy our infrastructure, I think you’ve crossed a line,” he said.

“It touches all of us,” Rosenzweig, author of Cyber Warfare, said at a Heritage Foundation event.

Rosenzweig warned that the dynamic, rapid spread of the Internet makes the future challenging to predict. He cited the fact that the average cell phone now has as much computing power as a 1980s supercomputer used for nuclear testing by the government.

This rapid increase in computing power makes predicting future attackers and their capabilities nearly impossible.

“In three years it will be so different we can’t even begin to predict what we’re going to need,” said Rosenzweig, who is a visiting fellow at Heritage.

Although the media have reported cyber espionage by Chinese hackers and non-state actors such as “Anonymous,” there has been an increase in cyber attacks between countries, sparking what Rosenzweig called cyber “cold wars.”

The cyber cold war between the United States and Iran has lasted five years and shows no sign of ending. The United States and Israel are believed to have attacked Iran with Stuxnet and Flame, computer viruses designed to destroy parts of Iran’s nuclear facilities. Iran has retaliated with cyber attacks on U.S. businesses.

Experts estimate the cyber attacks have slowed Iran’s nuclear program by two years.

However, cyber relations between China and the United States pose the greatest threat, Rosenzweig said.

The Chinese group “Unit 61398,” which is similar in structure to the National Security Agency, is suspected of stealing trillions of terabytes of data from U.S. companies and the government. It would take semi-trucks spanning the Pentagon to the port of Baltimore to physically steal that much data, Rosenzweig said.

While there is a “potential advantage, so long as we have superior technology,” that may not be the case in five or 10 years, Rosenzweig said.

He suggested strategies such as the “gamification of counter intelligence,” which utilizes private sector hackers around the world to target specific companies profiting from stolen information.

Instead of imposing sanctions on a country,which Rosenzweig said would be slow and hierarchical, the U.S. could impose sanctions on specific companies.

Rosenzweig also suggested the U.S. begin targeting China’s firewall in order to “let a thousand tweets bloom.”

Rosenzweig also warned of a cyber cold war becoming hot, causing enough physical destruction from power grids and computer systems to start a shooting war. While this is possible, Rosenzweig sees it as unlikely.

“Instead of mutually assured disaster, we have mutually assured disruption,” Rosenzweig said.

“Our research and observations indicate that the Communist Party of China is tasking the Chinese People’s Liberation Army (PLA) to commit systematic cyber espionage and data theft against organizations around the world,” the report by the security firm Mandiant said.

Mandiant conducts cyber threat analyses for both government and industry clients. A threat intelligence report produced in 2010 by the company was unable to confirm Chinese military involvement in widespread cyber attacks that were suspected as originating in China.

“Now, three years later, we have the evidence required to change our assessment,” the report said.

“The details we have analyzed during hundreds of investigations convince us that the groups conducting these activities are based primarily in China and that the Chinese government is aware of them.”

Rep. Mike Rogers (R., Mich.), chairman of the House Permanent Select Committee on Intelligence, said the Chinese government plays a direct role in cyber theft that is “rampant,” and a problem growing “exponentially.”

“The Mandiant report provides vital insights into the Chinese government’s economic cyber espionage campaign against American companies,” Rogers said through a spokeswoman. “It is crucial that the administration begin bilateral discussions to ensure that Beijing understands that there are consequences for state sponsored espionage.”

The Chinese cyber espionage unit was identified as a PLA unit that is “a single organization of operators that has conducted a cyber espionage campaign against a broad range of victims since at least 2006,” the report said, adding that “it is one of the most prolific cyber espionage groups in terms of the sheer quantity of information stolen.”

The report represents an unusual but not unprecedented disclosure about Chinese military-related cyber warfare and cyber espionage that until recently has remained limited to classified intelligence and military reports.

The Pentagon declined to comment on the Mandiant disclosure of Chinese military spying.

“We are aware of the Mandiant Technologies Report and its contents,” said Pentagon spokesman Lt. Col. Damien Pickart. “However, as a matter of policy we do not comment on the details of private-sector reports such as this, nor do we discuss matters of intelligence.”

Pickart said the government is seeking to address cyber theft and that the Pentagon “takes seriously” its role in cyber security, but declined to specify.

Instead, Pickart said the United States and China need to continue “a sustained, meaningful dialogue and work together to develop an understanding of acceptable behavior in cyberspace.”

A U.S. intelligence official said Chinese cyber spying relies on both military specialists as well as semi-government computer hackers.

China’s government, as it has in the past, denied the findings of the Mandiant report and dismissed the reported links to the PLA as “groundless.”

The Project 2049 Institute in an October report disclosed for the first time that China’s military was conducting extensive cyber warfare and spying operations from a site called the Beijing North Computing Center that was linked to extensive cyber espionage against the U.S. government and private networks. Its military cover name is Unit 61539. The Washington Free Beacon first disclosed the report.

Classified State Department cables disclosed in 2011 revealed that China’s military was involved in cyber spying through a PLA unit in Chengdu called the First Technical Reconnaissance Bureau.

The Mandiant report said China’s main military cyber espionage organization is the PLA’s 2nd Bureau of the General Staff Department’s 3rd Dept., code-named Unit 61398.

“The nature of Unit 61398’s work is considered by China to be a state secret; however, we believe it engages in harmful Computer Network Operations,” the report said.

The unit is located on Datong Road in a region called Gaoqiaozhen near Shanghai where hundreds to thousands of cyber spies are at work.

The unit relies on special fiber optic lines provided by the state-run China Telecom.

The Shanghai cyber network has “systematically stolen hundreds of terabytes of data from at least 141 organizations, and has demonstrated the capability and intent to steal from dozens of organizations simultaneously,” the report said.

The cyberspy unit used well-defined computer network attack methods developed over years and, once it gained access over several months or years, stole broad categories of information. They include technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and emails and contact lists from leaders within the victim organizations.

Chinese hackers targeted British military drone technology, the London Times reported Saturday. Cyber attacks from Chinese government spies targeted British aerospace, defense and technology firms working on drones. The attacks used a spyware program identified as Beebus.

Special software is also used to steal email, and in one case the PLA cyber spies gained access to a target network for four years and 10 months.

The unit uses at least 937 command and control servers hosted on 849 distinct Internet Protocol addresses in 13 countries.

The report identified three online personas linked to Chinese hacking. They include “UglyGorilla,” a screen name for a hacker named Wang Dong linked to computer attacks since October 2004, and “DOTA,” who was connected to dozens of email accounts linked to social engineering and spear phishing cyber attacks in PLA campaigns. DOTA, believed to be taken from the video game “Defense of the Ancients,” was identified by a Shanghai phone number used in registering his online accounts.

“We have observed both the UglyGorilla persona and the DOTA persona using the same shared infrastructure,” the report said.

A third person behind the Chinese attacks uses the nickname “SuperHard” and is believed to be Mei Qiang, who was identified in the report as a significant contributor to several types of malicious software used in cyber attacks by the Chinese military. SuperHard revealed his location to be in the Pudong New Area of Shanghai.

Mandiant made public more than 3,000 indicators that can be used by network administrators to harden computers against cyber attacks from the spying unit.

“The sheer scale and duration of sustained attacks against such a wide set of industries from a singularly identified group based in China leaves little doubt about the organization behind [Advanced Persistent Threat 1],” the report said. “We believe the totality of the evidence we provide in this document bolsters the claim that APT1 is Unit 61398.”

The report said another unlikely possibility is that the Chinese hacking group is a secret group that is well-resourced and has direct access to Shanghai-based telecommunications infrastructure “right outside of Unit 61398’s gates, performing tasks similar to Unit 61398’s known mission.”

Due to extensive Chinese government monitoring of the Internet, the spying unit’s long-running operations indicate it “is acting with the full knowledge and cooperation of the government,” the report said.

“In a state that rigorously monitors Internet use, it is highly unlikely that the Chinese Government is unaware of an attack group that operates from the Pudong New Area of Shanghai,” the report said. “The detection and awareness of APT1 is made even more probable by the sheer scale and sustainment of attacks that we have observed and documented in this report.”

The Chinese are also suspected to be responsible for cyberattacks on the New York Times and Wall Street Journal that occurred last week.

Post spokeswoman Kris Coratti released a statement:

Like other companies in the news recently, we face cybersecurity threats. In this case, we worked with [security company] Mandiant to detect, investigate, and remediate the situation promptly at the end of 2011. We have a number of security measures in place to guard against cyberattacks on an ongoing basis.

Grady Summers, the vice president for the security group, Mandiant, that protects the Post’s system, said that Chinese government hackers “want to know who the sources are, who in China is talking to the media. … They want to understand how the media is portraying them — what they’re planning and what’s coming.”

Chinese hackers are also suspected in an attempt to obtain classified information from the Energy Department.

The sophisticated denial-of-service cyber attacks have been underway for several months and involve Iranian-origin hackers who flood banking and financial institution web sites with massive log-in attempts that disrupt or halt remote banking services.

“The are going after the same types of sites,” said an intelligence official familiar with reports of the attacks.

The official criticized the Obama administration for failing to protect American corporations from what the official said were state-sponsored cyber attacks.

Critics in government and the private sector say the U.S. government remains unprepared to respond to such coordinated covert cyber attacks.

Several government agencies, including the military’s U.S. Cyber Command, U.S. intelligence agencies, the Department of Homeland Security, and the FBI are responsible for dealing with cyber attacks. Yet the White House is in charge of directing any counterattacks on nation-states and so far has refused to authorize aggressive action, such as retaliatory counter cyber attacks.

The intelligence official suggested that the administration is reluctant to take action because of the president’s conciliatory policies toward Iran. President Barack Obama failed to back Iran’s democratic opposition in 2009 and has taken limited diplomatic action against Iran’s illicit nuclear program.

The administration appears to be treating the Iranian cyber attacks as a law enforcement matter rather than covert warfare.

White House National Security Council spokesman Tommy Vietor declined to comment when asked why the administration has failed to respond to the attacks.

FBI spokeswoman Jennifer Shearer also declined to comment on what she said were “ongoing matters.”

The hackers called the attacks Operation Ababil and stepped up their efforts last week, prompting PNC Bank to warn customers about the disruptions.

PNC Bank disclosed in a statement Jan. 3 that a number of U.S. banks, including PNC, were dealing with “unusually high volume of traffic at their Internet connections.”

“This volume of traffic is consistent with threatened cyber attacks on the U.S. banking system and is designed to cause access delays for legitimate Internet customers,” the bank said.

The bank said some customers have been unable to conduct business remotely as a result of security efforts to mitigate the attacks.

The bank sought to assure customers that the website is protected by “sophisticated encryption strategies” that protects data and accounts.

“While this situation is an access issue and not an issue of account security, it is always important to remember to protect yourself by not sharing personal or financial information on any non-secure sites,” the bank stated.

Cyber security analysts said an Iranian group called the Izz ad-Din al-Qassam Cyber Fighters carried out the attacks.

On the hacker forum pastebin.com, the group said in a statement posted Dec. 25 that a “second phase” of their attacks were underway over the past several weeks.

The group said it has targeted JPMorgan Chase & Co., Bank of America Corp, Citigroup Citibank, Wells Fargo & Company, U.S. Bancorp, PNC Financial Services Group, BB&T Corporation, SunTrust Banks, and Regions Financial Corporation.

One cyber forensic specialist, who spoke on condition of anonymity, said the al-Qassam Cyber Fighters claim to be a group of private hackers but their activities appear state-sponsored.

“Except for their statements they have no presence and it feels much more like a state-sponsored action,” meaning backed by the Tehran regime, the specialist said.

Iranian officials have been quoted in state-run press accounts as promising to conduct cyber attacks against the United States and other western states in retaliation for cyber attacks against Iran’s nuclear program.

The hackers can move up to 70 gigabytes of data per second at their targets and they have been detected renting “botnets,” collections of robot computers used in conducting the attacks, the specialist said.

The attacks are called distributed denial of service attacks and use hijacked computers that are networked to conduct mass numbers of log-in attempts at banking web sites.

One malicious technique used by the group is server administrative access software called “itsoknoproblembro” that has been linked to the attacks.

Denial of service attacks have been used by sophisticated cyber warfare units to conduct cyber espionage and cyber reconnaissance, potentially more destructive techniques than denying service.

Ten major U.S. banks were hit by the cyber attacks in September during the first wave of attacks.

Around the time the attacks were detected, the Pentagon’s Joint Chiefs of Staff stated in a report that the cyber strikes on financial institutions were Iranian-backed aggression.

“Iran’s cyber aggression should be viewed as a component, alongside efforts like support for terrorism, to the larger covert war Tehran is waging against the west,” the report, dated Sept. 14, stated.

A Treasury Department statement in February stated that Iran’s Ministry of Intelligence and Security, the civilian spy agency, has assisted the terrorist group Hezbollah with “multiple joint projects … in computer hacking.”

The “efficient” virus is said to “wipe files on different drives in various predefined times” and cannot be detected by anti-virus software, Iran’s official Information Technology Organization revealed in a statement over the weekend.

The malware does not appear to be as sophisticated as previous viruses that have targeted computers governing Iran’s nuclear program, according to the statement.

However, the website Ars Technica reported that the virus bears similarities to previous programs used to spy on Iran:

Dubbed Batchwiper, the malware systematically wipes any drive partitions starting with the letters D through I, along with any files stored on the Windows desktop of the user who is logged in when it’s executed, according to security researchers who independently confirmed the findings. The reports come seven months after an investigation into another wiper program targeting the region led to the discovery of Flame, the highly sophisticated espionage malware reportedly designed by the US and Israel to spy on Iran. Wiper, as the earlier wiping program is known, shared a file-naming convention almost identical to those used by the state-sponsored Stuxnet and Duqu operations, an indication it may have been related, security researchers said.

The latest virus “is not considered to be widely distributed,” according to the statement released by Maher, Iran’s Computer Emergency Response Team Coordination Center.

“This targeted attack is simple in design and it is not any similarity to the other sophisticated targeted attacks,” according to the statement.

Separate reports indicate that the virus may have been deleting files for more than a week.

“According to Symantec, the batch file is programmed to wipe drives only on certain dates, with the next one being Jan. 21,” Ars Technica reported. “Previous dates listed in the file include Dec. 11, 12, and 13, suggesting the malware campaign may have been active for the past week and may already have inflicted damage.”

The virus is also reportedly capable of remaining on a person’s system after it has been fully rebooted.

“The opening salvos of the next war will likely occur in cyberspace and the Navy must be ready,” the report said. “We must organize, train, and resource a credible workforce of cyber professionals and develop forward-leaning, interoperable, and resilient cyberspace capabilities to successfully counter and defeat a determined adversary in cyberspace.”

The report, “Navy Cyber Power 2020,” outlines the Navy’s plans to defend against cyber attacks and to conduct cyber warfare and other operations in future conflicts.

Threat of cyber attack comes from nations, terrorists, and hackers. Among the threats are jamming of communications of weapons systems and aircraft; denial of network communications; disruptive internal penetrations of computer networks; and attacks on critical infrastructure, according to the report.

Computer networks and the information they provide are key advantages that “enabled the Navy to act with speed, agility, and precision in a broad spectrum of operations ranging from humanitarian assistance to major combat operations,” the report said.

However, these advantages could become vulnerabilities if the Navy is prevented from fighting effectively due to cyber attacks.

“Practically all major systems on ships, aircraft, submarines, and unmanned vehicles are networked to some degree,” the report said. These systems include most combat, communications, engineering, and position, navigation, and timing (PNT) systems used in precision guided missile and bomb attacks.

Key objectives for the coming decade will be to make sure cyberspace can be used for critical mission functions and to command and control forces.

To prevent “strategic surprise in cyberspace” the Navy will also monitor adversary actions in cyberspace through intelligence operations and analysis.

Additionally, the Navy “delivers cyber effects at a time and place of its choosing across the full range of military operations in support of commanders’ objectives,” the report said.

Cyber attacks by foreign governments and non-state adversaries can “hold Navy forces at risk.”

“Over the past several years Navy networks have been attacked in cyberspace by a broad array of state actors, terrorist organizations, ‘hacktivist’ groups, organized crime, and individual hackers,” the report said. “Motivations include personal gain, information theft, discrediting the United States, sabotage, political gain, denial or degradation of the Navy’s access to cyberspace, and mapping Navy networks.”

The attacks led to diminishing the Navy’s advantage over adversaries, security compromises, and personnel stress.

The major danger was described as “Advanced Persistent Threats” posed by foreign governments and non-state actors that can “relentlessly probe and attack our networks as part of a larger Anti-Access/Area Denial (A2/AD) strategy.”

The anti-access and area denial forces are often used by the Pentagon as code for threats posed by China’s cyber warfare capabilities and high-technology weapons, such as anti-ship ballistic missiles, anti-satellite missiles, and submarines.

The Navy will counter those threats through both defensive and offensive efforts, the report said.

“Our success in the maritime domain depends upon our ability to project power and prevail in cyberspace,” the report said.

The Navy also outlined its plans for “information dominance” in a separate report released Wednesday night. It states that adversaries are using advanced technology to exploit “seams” in military networks; disrupt Navy dependence on over-the-horizon intelligence, communications, and combat systems; and spy on Navy ship and aircraft movements.

This report said the Navy will boost its lethal and non-lethal electronic warfare capabilities.

The first report also warned about threats to information technology supply chains. For example, hardware and software that has been produced overseas, especially in Asia, could be compromised.

U.S. officials have said advanced aircraft and other weapons systems contain Chinese-made microchips that could contain hard-to-detect digital openings in computer chips that could be accessed remotely by China to disable weapons systems during wartime.

“Each node within the global IT supply chain presents adversaries with an opportunity to introduce a cyber threat or exploit the system for their own purposes,” the report said.

“Our acquisition system must have greater visibility and more effective controls across the entire supply chain supporting Navy needs.”

“These assertions are simply not true,” said Paul Howell, the university’s chief information technology security officer.

According to the university, the security firm’s report about the College of Engineering malicious cyber activity was actually research conducted by J. Alex Halderman, a professor of electrical engineering and computer security, who has been conducting a six month study on Internet security.

The statement said the university believes the reported hacking attempts were “actually benign connection attempts generated from one computer, not a network, in the College of Engineering.”

“The program is designed to contact randomly selected servers and count the number of successful connections,” the statement said.

The security analyst said he stands by his firm’s reporting on the malicious activity emanating from the University of Michigan network.

Iranian hackers took over a University of Michigan computer network during a massive cyber attack on U.S. financial systems last week that continued following comments on the strike by Defense Secretary Leon Panetta.

According to reports by a leading Internet security-monitoring firm, the cyber attacks against Bank of America, JPMorgan Chase, Citibank, and several other U.S. financial institutions began Oct. 8 when hackers gained control of the university’s College of Engineering network in Ann Arbor.

The attack then used automated malicious software to simulate hundreds of thousands of attempts by customers to log in to the banks’ remote access portals, resulting in overloading the networks.

Some of the bank’s operations were slowed or otherwise disrupted, and others were halted during the attacks, which a well-placed security analyst said are continuing.

The company and the analyst declined to be identified over concerns that they would become a future target of cyber attackers.

The attacks began with cyber strikes against 75 ports on the Internet and were described as “severe,” continuously repeating strikes. The attacks eventually increased to digital probes on 167 ports. There are a total of 65,535 Internet ports.

At the height of the attacks, the report stated that the Iranian hackers targeted more than 68,500 sites that had produced automated monitoring responses that counted more than 641,000 malicious digital attacks.

The attackers used a method that involved the use of botnets, or zombies, software, and operating methods that covertly take over private or institutional computers remotely by implanting malicious software inside.

According to the report, one of the sources of the attacks originated from the University of Michigan College of Engineering network domain.

“There has been an outbreak of DNS probe [attacks] from what appears to be most, if not all the servers within the University of Michigan (UM) College Of Engineering network domain,” the report said, noting that 26 servers were involved.

The computer specialist said federal authorities were notified of the attacks and contacted the university, which eventually “unplugged” the entire attacking network.

However, the attackers had control over the network for about 24 hours.

The computer specialist said the attacks began falling off Thursday and were expected to end that day, coinciding with traditional Friday prayers in Iran. However, the attacks continued, and are continuing, in apparent reaction to the fact that Panetta confirmed the attacks late last week and threatened to take retaliatory action against major cyber strikes.

The company’s security report from Sunday stated that “the cyber attacks are still extremely severe and at a very high level.”

In a speech in New York City on Thursday, Panetta revealed for the first time that U.S. financial institutions were hit with distributed denial of service attacks.

“These attacks delayed or disrupted services on customer websites,” he said. “While this kind of tactic isn’t new, the scale and speed with which it happened was unprecedented.”

He did not single out Iran as the origin of the bank attacks, but in his speech to a business group said that Iran, along with China and Russia, operate sophisticated cyber attack capabilities.

Panetta also said the Saudi Aaramco state oil refinery in Saudi Arabia was attacked two months ago and that computer attackers hit the RasGas energy company in Qatar in recent days.

“These attacks mark a significant escalation of the cyber threat and they have renewed concerns about still more destructive scenarios that could unfold,” Panetta said.

He warned that foreign cyber attackers are probing America’s critical infrastructure networks and targeting computer control systems that run chemical, electricity, and water plants, as well as networks used for nationwide transportation.

“We know of specific instances where intruders have successfully gained access to these control systems.”

The defense secretary suggested that the U.S. military is prepared to retaliate for such attacks if U.S. security is severely threatened.

“If a crippling cyber attack were launched against our nation, the American people must be protected,” Panetta said. “And if the commander in chief orders a response, the Defense Department must be ready to obey that order and to act.”

A U.S. official with access to intelligence reports said there are indications that the bank attacks were an operation conducted by the Iranian government. The official said the Iranians used the Lebanese terrorist group Hezbollah as a “cut out” or surrogate for the cyber strikes.

Also, the hackers put out a false story that the cyber strikes were a response to the anti-Muslim video that had been posted on the Internet.

In reality, the Iranian bank attacks are a response to U.S. and western covert actions against Iran’s nuclear program.

In recent months, it has been disclosed that the U.S. and Israel launched cyber attacks against Iranian nuclear facilities. These attacks include the Stuxnet virus, which assaults industrial control systems inside Iranian nuclear facilities.

Iranian nuclear scientists also have been targeted in what appears to be a covert campaign of assassinations designed to disrupt the nuclear program.

Security analysts and recent news reports stated that the Iranian attackers were suspected of being a group called the Izz ad-Din al-Qassam Cyber Fighters, who last month posted a notice that they planned to carry out the attacks.

A spokesperson for the University of Michigan could not be reached for comment.

The Iranian strike used a method called botnet or zombie attacks, which involves orchestrating the use of a large number of compromised computers to send spam emails, transfer viruses, or overwhelm a network or server with massive data requests.

Compromised computers become infected with malware that communicates with hackers and is used to launch cyber attacks.

The goal is to prevent the networks from operating and thus denying service, technically known as a distributed denial of service attack.

Computer hackers are known to sell lists of computers that have been compromised.

An FBI spokeswoman declined to comment.

On Capitol Hill, House Republicans this week asked the White House to provide details of the attack on the White House Communications Agency, which runs the Situation Room and classified communications and teleconferences.

Meanwhile, officials said President Barack Obama was not notified about the cyber attack—which was traced to China when it was first discovered—but was informed about the incident later.

The FBI is conducting the investigation with support from the U.S. Secret Service, which is in charge of White House security, said officials familiar with the probe. The National Security Agency is also involved in the investigation.

White House National Security Council spokesman Tommy Vietor declined to comment when asked about the probe into the hacking. An FBI spokesman also declined comment.

White House Press Secretary Jay Carney on Monday officially confirmed the cyber attack, which he described as “spear phishing”—the use of fraudulent email that often results in an attacker gaining unauthorized access to a computer network.

Carney told reporters in Las Vegas, “The attack … was what’s known as a spear-phishing attack against an unclassified network.”

He sought to play down the significance of the incident and declined to provide specifics when asked if the attacked computer network was located within the White House Military Office. That office is in charge of presidential communications, travel, and the nuclear command and control suitcase known as the “football.”

“Let’s be clear: this is an unclassified network,” Carney said. “These types of attacks are not infrequent, and we have mitigation measures in place.”

“In this instance, the attack was identified, the system was isolated, and there is no indication whatsoever that any exfiltration of data took place,” he said, adding that the attack “never [had] any impact or attempted breach of any classified system.”

The cyber attack was first reported Sunday by the Free Beacon.

Rep. Dana Rohrabacher (R., Calif.), chairman of the House Committee on Foreign Affairs’ Oversight and Investigations Subcommittee, called on the president to take steps to punish China for the cyber attack.

“How can this president continue to smile and gloss over significant differences with Chinese Communist leaders as they are hacking into the White House’s most sensitive systems? It is totally unacceptable,” Rohrabacher told the Free Beacon.

Carney declined to discuss the specifics of “classified and unclassified networks, except that there are distinctions between those networks that contain classified information and those that don’t, and the attack was against an unclassified network.”

Defense and intelligence officials said the cyber attack was traced to a server in China, although the precise identity of the attackers is not known.

One official called the digital strike one of the most brazen cyber attacks by the Chinese, who have both civilian and military hacker forces. These forces are known to conduct large-scale cyber espionage and preparation for sabotage against both government and private sector computers.

The spear phishing in the latest case allowed the hacker to gain access to a computer within the White House Communications Agency, the agency in charge of presidential communications, according to a law enforcement official discussing the case with Fox News.

Regarding presidential notification, the cyber attack was not considered serious enough to interrupt the president’s schedule. In recent weeks Obama has been traveling throughout the country while campaigning for reelection.

The cyber attack was mentioned during one of the president’s intelligence briefings several days after it was discovered and halted, said officials who spoke on condition of anonymity.

Asked if the president was informed of the cyber attack when it was discovered, Vietor, the White House spokesman, said: “The president is constantly apprised of potential cyber security threats.”

“As a general matter, we don’t get into specifics about what is briefed to him or not, but as you know with this incident there was never any impact on or attempted breach of any classified system.”

The White House cyber attack took place in late September and coincided with Chinese cyber attacks against Japanese government and private sector computers amid heightened tensions between Beijing and Tokyo over the Senkaku islands. The islands have been under Japanese control for decades and China, which refers to them as the “Diaoyu islands,” is now claiming them as its territory.

The Pentagon has moved two U.S. aircraft carrier strike groups to waters near the islands that are located south of Okinawa and north of Taiwan. A Marine Corps amphibious group is also in the region near the Philippines.

China’s military conducted live-fire naval drills in the East China Sea recently in what state television called practice for improving capabilities against “island targets.”

Richard Fisher, a specialist on the Chinese military, said China’s military would seek to penetrate the White House Military Office for several intelligence and operational reasons.

“Spear phishing attacks can potentially spread within a system very rapidly yielding data, new targets, and placing ‘doors’ for future access,” Fisher said.

Fisher said a key strategic goal for the Chinese in seeking to gain access to the office is “to affect the president’s ability to exercise military command” as well as to learn about continuity of government operations.

“China may calculate that a president less able to command may also be less likely to respond to a Chinese attack,” Fisher said.

China’s government was linked to a sophisticated spear phishing attack on the online giant Google and other U.S. companies that was discovered in late 2009.

The attack, code-named Operation Aurora, combined human-intelligence gathering techniques with technical elements to gain access to valuable corporate secrets.

The attack led Google to move its search-engine and other online operations from the mainland to Hong Kong amid concerns about Chinese government hacking.

U.S. government officials were able to confirm with moderate confidence that the attack was linked to China’s military.

That attack used email that targeted corporate engineers, quality assurance developers, and people with high levels of access to information within the company, according to security specialists who investigated Aurora.

The Chinese used social media such as Facebook to find targets for emails, which were then sent disguised as coming from a trusted associate urging the recipient to click on a link.

The recipient’s computer was then directed to a server in Taiwan that was under control of Chinese hackers, who then planted malicious code “payload” within the computer that allowed repeated covert access to the infected system.

The Google attack was based on research that identified a security flaw in the web browser Internet Explorer.

U.S. intelligence agencies believe China has a force of about 2,000 people engaged in cyber warfare efforts, including digital espionage designed to obtain secrets and clandestine efforts to plant “sleep agent” software inside systems that can be used to attack or sabotage computer networks in a crisis or wartime.