Print 63 comment(s) - last by borismkv.. on May 30 at 4:58 PM

F-35, Aegis, PATRIOT Missile, Littoral vessel, Blackhawk chopper, and THAAD are among the compromised programs

The Defense Science Board (DSB) in a new report suggests that Chinese military hackers have compromised one of America's most costly weapons projects -- the nearly $1.4T USD F-35 Joint Strike fighter weapons system.  

I. Why Research When You Can Steal?

In its confidential report for the Pentagon and industry officials -- first revealed by The Washington Post -- the DSB claims that blueprints and data pertaining to two dozen weapons systems -- including U.S. missile defenses and combat aircraft and ships -- were accessed by Chinese hackers.  The report, by the mixed civilian/government board, which advises government and corporate policy makers, does not suggest necessarily the Chinese have stolen complete designs.

The U.S. federal government recently expressed the desire to force "help" onto private sector utilities.  However, the report basically indicated that at this point the federal government is incompetent when it comes to cybersecurity when it comes to foreign threats, unable to sufficiently block attacks on itself, let alone others.

Among the other weapons systems accessed by Chinese hackers include:

The nation's most expensive weapon in history -- the F-35 -- has been compromised by Chinese intrusions and may be effectively useless in combat as a result.
[Image Source: Lockheed Martin]

Compromised contractors include:
  • Lockheed Martin Corp. (LMT)
  • Raytheon Comp. (RTN)
  • Northrop Grumman Corp. (NOC)
Mark Stokes, executive director of the Project 2049 Institute -- an Asian-centric D.C. think-tank, comments, "[The intrusions are] staggering.  These are all very critical weapons systems, critical to our national security. When I hear this in totality, it’s breathtaking."

II.  Experts Astounded by China's Weapons Progress

China has expressed frustration that its military trails the U.S.'s technologically.  But recently the Asian nation has been shocking observers with its weapons development.  While "experts" expressed skepticism that China would be able to field a stealth fighter, it shocked the world in Jan. 2011 showing off a fully functional design.

Much of the design of the "J-20" stealth fighter is thought to have been stolen from the U.S., though it's unclear whether that was the result of offline subterfuge (analysis of crashed U.S. fighters) or online intrusions.

China's strategy to update its military in the most cost effective manner possible appears to be two-fold.  Some technologies it buys at budget rates from U.S. Cold War-era rivals like Russia -- such as its first aircraft carrier that deployed last year (a retrofitted Russian craft).  Other technologies it simply steals from the U.S. and builds itself.

The hodge-podge approach isn't pretty, but it may prove modestly effective given the size of the nation's military.

China cyberattacks
China's cost-saving approach to defense appears to be partially to steal U.S. technology.
[Image Source: DMM News]

James A. Lewis, a cyber-policy expert at the Center for Strategic and International Studies (CSIS), remarks, "You’ve seen significant improvements in Chinese military capabilities through their willingness to spend, their acquisitions of advanced Russian weapons, and from their cyber-espionage campaign.  Ten years ago, I used to call the PLA [People’s Liberation Army] the world’s largest open-air military museum. I can’t say that now."

A frustrated unnamed senior military official told The Washington Post that the Chinese strategy of stealing U.S. technology has allowed it to save billions.  The source comments, "In many cases, they don’t know they’ve been hacked until the FBI comes knocking on their door.  This is billions of dollars of combat advantage for China. They’ve just saved themselves 25 years of research and development. It’s nuts."

According to the report, the stolen information could be used not only to make weapons, but also to counter U.S. designs by pinpointing and compromising their digital or physical weaknesses.  Winslow T. Wheeler, director of the Straus Military Reform Project at the Project on Government Oversight (POGO), comments, "If they got into the combat systems, it enables them to understand it to be able to jam it or otherwise disable it.  If they’ve got into the basic algorithms for the missile and how they behave, somebody better get out a clean piece of paper and start to design all over again."

III. Obama Administration's "Tough Talk" Approach Fails

According to The Washington Post report, sources indicate that a year ago U.S. officials met with top Chinese officials in a closed door meeting to present evidence that they had "caught" China in cyberspying.  The Chinese, unperturbed responded with their usual denials.

Unable to defend itself with cyber-might, the Obama administration has since largely turned its focus to defense via rhetoric.  Following the U.S. Department of Defense's (DoD) May 2011 declaration that cyberattacks could be construed as acts of warU.S. National Security Agency director Gen. Keith Alexander delivered testimony on Chinese hacking to the Senate Armed Services Committee.  In his testimony, held March 2012, he claimed that the Chinese were destroying the U.S. economy with hacks.

President Obama bows to the President of China. [Image Source: Reuters]

U.S. President Barack Obama was mostly silent until this year, when a series of Chinese-sourced attacks struck The New York TimesBloombergThe WSJ, and the U.S. Federal Reserve.  Around that same time security officials with the research firm Mandiat finally pinned the attacks on an elite group of PLA hackers -- dubbed Unit 61398 -- which were based out of a government-guarded 12-story white high-rise in Shanghai.  That report was confirmed by government officials earlier this month, which led to China responding that the U.S. was "the real 'hacking empire.'"

Amid the confirmations that the PLA was behind the victimization of the U.S., President Obama responded to these developments with his toughest rhetoric yet, which led to counter-accusations from China.  The tough rhetoric from the Commander-in-chief seemed to work, though; Unit 61398 fell silent for nearly three months from February into May, but recently returned to action.

China's President Xi Jinping and President Obama are expected to meet next month in California; the issue of hacking is expected to be high on the agenda.

IV. Plans for Australian Spy Headquarters Stolen by Chinese

In related news, Chinese hackers have reportedly stolen plans to the Australian Security Intelligence Organization's new $630M AU ($608M USD) headquarters.  The plans were stolen from a contractor and include locations/details of communications cabling, servers, and security systems.

First reported by the Australian Broadcasting Company, Des Ball, an Australian National University cybersecurity expert, suggests that the hack could allow Chinese spies to effectively bug the building.

ASIO Building
The ASIO building [Image Source: AFP]

The spy agency's chief dodged the reports calling them "unsubstantiated", while refusing to definitively confirm or deny if data loss had occurred.  He commented, "This building is a very secure, state-of-the-art facility.  I'm not going to comment on operational matters involving the Australian Security Intelligence Organization or any security matters."

The lakeside glass-and-concrete structure has been plagued with budget overruns and delays.  The structure is located in Canberra, a city in southeastern Australia.

Source: The Washington Post

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Why is it connected?
By BRB29 on 5/28/2013 1:14:23 PM , Rating: 2
Everything is interconnected these days. Internet today was made mainly for military use. Research and development is spread throughout the country and by different large corporations(contractors). Unless we build a new and completely separate infrastructure for communication, we are going to use the internet for communications.

Our other apparent problems are equal opportunity hiring. We hire a lot of Chinese IT specialists. They are using that against us. The vast majority of Chinese hired is probably honest and clean. You only need less than a handful to know how things work and discover exploits to send overseas.

RE: Why is it connected?
By othercents on 5/28/2013 1:24:36 PM , Rating: 4
All IT Specialists should still be required to complete the appropriate security level for what they are working on. Privileged information like this should be only accessible from a secure system and secure network either from the manufacturer's system or the government systems. Security could be tight enough to be on it's own private network not accessible to the internet while still allowing Government and Manufacturer to access the same information.

It is possible that the hack came from a portable system that was compromised by a virus that gave remote access to the system. Hence the reason why these systems must be locked down and possibly desktop only. As we continue to bleed information we might find ourselves behind other countries when it comes to producing the technology we engineer.


RE: Why is it connected?
By BRB29 on 5/28/2013 1:43:45 PM , Rating: 2
All IT specialists do have security clearances. That still doesn't mean anything on someone without a criminal record or tied with a terrorist organization.
I have my clearances and I know how the process works since I've been through it 3 times. It's hard to tell if anyone is working for another country. We only ask people to give up their foreign citizenship to get clearances.

Also, only contractors directly working for the government needs clearances. There are IT people that works for the company but isn't involved in the projects with the federal government. Those people don't need clearances.

For example, my friend is a information security specialist for a big government contractor. He has no clearances. He has to make sure the database is secured. He has to work with NSA, NCIS, CIA, etc... all the time because the database is tied with military projects.

I know it seems stupid and retarded but there's still serious security flaws in both the systems and access. Hence why you see/hear advertisements offering high pay for any information security specialists straight out of college. The federal government is seriously going to hire ~50k people just for IT security.

I've asked many questions for many years when I was in the military and DoD. It's frustrating that the problems are recognized but we are so slow to react because of sheer scale and costs. On top of that, we can't even hire enough IT tech because Information Security Program didn't even exist before in school.

RE: Why is it connected?
By idiot77 on 5/29/2013 12:19:09 PM , Rating: 2
Here is what I hear when the term "IT Specialist" is used.

Someone that couldn't compete anywhere else except in a high growth area industries. In generations past most of them would be digging ditches.

Meaning, they aren't that bright. You can't fix stupid. I believe that's where your problem lies... thinking that "IT Specialists" are smart enough to be good at security when they've already exceeded their maximum level of competence.

RE: Why is it connected?
By BRB29 on 5/29/2013 12:49:07 PM , Rating: 2
I think your name is a good fitting for you.

"DailyTech is the best kept secret on the Internet." -- Larry Barber

Most Popular Articles5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
No More Turtlenecks - Try Snakables
September 19, 2016, 7:44 AM
ADHD Diagnosis and Treatment in Children: Problem or Paranoia?
September 19, 2016, 5:30 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM
Automaker Porsche may expand range of Panamera Coupe design.
September 18, 2016, 11:00 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki