A simple vulnerability scan aka port scanner can bring down a network switch or similar device if one is sufficiently careless. It's not rocket science. Any so called 'hack' that gets past that is generally exploiting a vulnerability one should have fixed a long long time ago. That they don't indicates the DoD is pathetically bad at their job vis a vis this.

Great piece, Mr. Leonard, and good call on the manipulation of the language. That kind of stuff happens across the topical board in our "free" press: they have poor; we have underprivileged. They kill; we defend. They spy; we study. They terrorize; we liberate. And so on (and on -- the mainstream media has tons of that kind of sanitizing speech).

So, it's no surprise that we "scan" while they "hack."

Since I happen to be lucky enough to work in the computer security field, here's what I believe are commonly accepted lay definitions of these various words (in order of perceived severity). I'll try to draw parallels to attempting to break into a locked house:

Scanning caveat: Two types exist - port scanning, and vulnerability scanning. In the absence of either modifier, I think most people assume "scan" means "port scan" - but they're fairly different.

Port Scanning: With no further information, one would assume that a scan would be simply a "port scan" - essentially a brief confirmation of which devices and services one could access over a network. This is very rarely dangerous, and there are debates about whether it's even illegal, as you don't attempt to access a resource, you simply see if you _could_ access a system. Roughly equivalent to wandering up to someone's house and counting the doors and locks on the doors.

Probing: This is an ill-defined term, and I suspect that different practitioners would have different opinions about this, but I believe that probing is generally assumed to be be (barely) a step beyond Port Scanning. A probe implies that you are doing more than just seeing if a network port is open, but also are attempting to see what sort of information you can get from the port (e.g., what type of web-server is this?). The legality of this is also not clear, as one can convincingly argue that you're not attempting to break in, simply querying to find out what type of server is running. Roughly equivalent to wandering up to someone's house, writing down the lock types, and analyzing the thickness of the doors.

Vulnerability Scan: This is the more robust form of scan, where you're actively checking to see if specific attacks succeed against an opponent's system. It's hard to tell the difference between a vulnerability scan and an actual attack, so I think most reasonable people would conclude that a vulnerability scan is an illegal, and malicious act. You may not break in, but you're certainly checking to see what could break in. Roughly equivalent to wandering up to someone's house, and putting in skeleton keys and various types of lockpicks, turning the locks to see if they open, and turning the door knobs to see if the door is even locked, but not going inside.

Cracking (aka hacking, though most old school computer security professionals tend to refer to cracking instead): This is the clearly illegal act of attempting to break into someone else's information system and steal data, break systems, etc., You've found a weakness with your vulnerability scan, and then you use it to break in. Roughly equivalent to breaking into someone's house, and then doing whatever you want to its contents, including vandalizing and removing things.

Infiltrating: This is not a word that would have an agreed upon definition in computer security - I suspect that it's journalistic license which led to the choice of this word. Generally speaking, one could assume that this is a longer term, more covert version of cracking, where you leave some sort of presence in place so that you can get back in whenever you want, or have some sort of information tap in place. Probably equivalent to breaking into someone's house, and then installing a trapdoor, listening devices, and remote control systems so you can do whatever you want to the house or its occupants.

Any firewall administrator worth the nabs he eats at his desk can tell you that every US network is regularly scanned, probed and penetrated by Chinese hackers. It is safe to say that a large percentage of these hackers are trained and employed by the Chinese Government if not the PLA itself.

I have 5 years of syslogs from many PIX firewalls that I have managed that show a pattern of attacks originating from IP blocks in China. Many can be traced to Chinese Government offices. Others can't seem to be traced at all; it is these that are likely PLA or other Chinese government agencies.

The Chinese have made no secret of training hackers, literally legions of them. The US should actively pursue its own virtual forces, including the development of black hat hacker agencies, robotic hacking and cyberdefense systems, and seriously upgraded network security services both for government and civilian networks.

Silly persons that describe this as a non threat have not been paying attention.

Of course, the problem is not limited to China; Russia and many of its vassal states, some European countries (even members of NATO), and several South American countries all have professional network military agencies.

Lest we forget that the official charter of many of the intelligence services of some of our 'closest' allies, among them France have as a matter of their own black letter law industrial espionage against their own allies as a bona fide and fully supported activity. This is why in said countries, again, among them France, that domestic use of encryption is very closely watched and in some cases outright illegal.

FWIW it's also why my customers are often prohibited by law from using products developed outside of the US e.g. Bitdefender, Checkpoint, Nokia and others.

As a professional in the field who worries about these things a lot, I am curious where your customers are getting their computers and related hardware these days. It has become increasingly difficult to source various components while ensuring chain of custody, particularly with so few chip foundries remaining in the US.