Chinese spies have allegedly hacked into the designs of many of the United States' advanced weapons systems and platforms, including those for F/A-18 Hornet fighter jets, the Patriot missile system and Black Hawk helicopters. According to the Washington Post, a "confidential section" of a report prepared for the Pentagon seen by …
Security, what security?
So the Chinese gained access to secret information and then the Media gained access to a report about the Chinese gaining access.
That's what it sounds like to me.
Just like the run up to anything else the USA do. This time the WMD's are digital.
Or maybe their security really _is_ that shit that the Chinese get a bunch of secret stuff then a newspaper gets the subsequent secret guff on it.
When someone tells you something a lot, always question how they stand to benefit from you believing them - we're hearing too much about China attacking the USA, then this charade
The security really is "that shit". Even El Reg has published articles over the years about what a damn joke it is.
To fix this, the US needs the kind of computer folks that can't get security clearances and don't give a damn about political games. And that ain't gonna happen.
I do not understand what all the fuss is about. As one who personally witnessed all the Scud attacks on Riyadh in the first Gulf War I can confirm that they failed to destroy any Scuds. The US government reports about the Patriots intercepted most of the Scuds may have some semblance of truth but they failed to acknowledge that even though they managed to intercept some Scuds they certainly did not destroy them or stop them from causing damage or casualties. The legend that the Patriot Missiles were somehow a super weapon is a complete myth.
Opens up the market
> Chinese spies have allegedly hacked into the designs of many of the United States' advanced weapons systems and platforms
Great! So we'll soon be able to buy these from the usual websites of chinese goods. Presumably at a tiny fraction of what the americans would charge and delivered in wrappers that say "Gift. Value $5" on the customs declaration.
They had most of the info anyway
I've never been close enough to a real F-18 to see it, but the toy one my son has is so detailed I can read "Made in China" underneath.
a growing Chinese campaign of espionage
I don't know why China bother to be honest, all they need do is put a camera or microphone in front of any top military and industry sources and they will give them all the details anyway. Far easier
Unless this is all a load of crap disinformation, one more "+1 to the total Chinese hacking Uncle Sam stories"
Seems bit convenient that a report is "leaked" about the current USA bug bear,
Admittedly I've been out of the defence business for 15 years, but back then we knew enough to have physically separate systems and networks for really sensitive stuff. Anything classified above Confidential certainly wouldn't have been on a machine connected to a public network. There are masses of design material and other stuff classified below which could be compromised, but wouldn't reveal much about the weapon system's capability. Without some detail to justify the claims this sounds like another US government Red Peril story.
>Anything classified above Confidential certainly wouldn't have been on a machine connected to a public network
Were there any Chinese engineers/students working in your department back then. Today you might find that there are......
Firewall can't protect from attacks from within..
That's wouldn't really be "hacking" though, just plain old-fashioned spying. And although vetting might not be foolproof, I very much doubt that Chinese nationals would get an adequate level of security clearance even today. :)
"Admittedly I've been out of the defence business for 15 years, but back then we knew enough to have physically separate systems and networks for really sensitive stuff. "
This. I find it hard to believe that people are plugging this shit into the Web...
...Unless we're talking private contractors, in which case no piece of security stupidity is beyond belief.
I'm not in it, but my roomie is. From what I hear, if you're actually working for the government they are still physically separate, and a royal PITA to use. Vendor handling is a whole other issue. Might be the same, might not.
The roomie is not entirely sure exactly how effective the system is though. To save costs you try to send as much non-critical information through non-secure channels as possible. At one point someone was recommending a change in which bits got classified so that scientist types could better publish papers in their field and get some of the recognition they deserve (insert 'best mind on this topic in the world but can't tell world about it' story here). Problem was, if the system was implemented and you had the non-secure information from pre-change plus the non-secure information post-change you had all bits needed to make the supposedly secret thing from non-secure information. Not sure how that problem was resolved.
Also, they seem to still be classifying too much information. So bits of it are bound to leak and you hope the bits that do are only ones that if you were doing proper classification wouldn't have been classified (except for disinformation purposes) in the first place.
Overall the impression I get is the system is not unlike the "mind reading" devices from the sf story where all they really were was random explosion devices meant to keep the rubes afraid.
Don't disagree, except that much technical work nowadays is heavily dependent on Internet connectivity
Say your team is coding the F35's helmet's software (a significant bit of that kit and one that is currently a big issue).
Do you want your engineers NOT to be able to lookup C++ syntax references? What about Googling up "runtime error R6025"? If they have to do that on a separate workstation, what's that gonna do to productivity?
Not at all saying that you are wrong or that's it's not common sense. Just that, well, most of us rely on open connectivity and it's easy enough to point the finger.
Sounds like they need systems that can segment a workstation between normal and restricted access.
Maybe something like similar to the BlackBerry Balance gizmo, where the OS enforces separation between work/personal matters? Or a VM that allows internet access from an otherwise locked down workstation?
Maybe also a DoD edict for contractors that either forbids Windows on sensitive workstations or allows full DoD access to check that Windows is sufficiently hardened on them? And no Adobe software.
I suspect Windows will still be necessary due to CAD and other software availability.
"sensitive design information for aircraft and ships was also illicitly accessed, including: the V-22 Osprey tiltrotor transport aircraft; the US Navy's new Littoral Combat Ship, designed to patrol close to shore; and the F-35 Joint Strike Fighter"
And when the PLA Generals looked at the secret plans for those money-pits, they must have been ROFL like the robots in the Cadbury's Smash ads. "Look, the imperialists are sabotaging themselves more effectively than we ever could!"
Re: Oh dear
And when the PLA Generals looked at the secret plans for those money-pits..."
...or they'll go broke trying to build their own copies of them. All part of a cunning plan!
Oh great, as if the F35 wasn't bad enough, we now have shanzhai Chinese versions to look forward to.
and in breaking news
to save money more defense sites will be connected to public networks in the US...
After all, yanks dont build anything anymore. Everything except genuine Mercs and BMWs are made in China.
"Also cribbed designs for Blighty's F-35 fighter jet"
I do hope that gave them as much of a laugh as it did us.
Can't wait for the cheaper knockoff clones
with engrish names
FA018- Stinging Insect Fighter
Defender again oppression Missle system
Dark raptor helicopters
Re: Can't wait for the cheaper knockoff clones
Try "Shenyang J-31", it's on Wiki...
Re: Can't wait for the cheaper knockoff clones
"Nest of Flightless Dragons" aircraft carrier
Why are these "secret" files available via a public network? You would think that they would be on a closed network
Probably stored in 'the cloud' to save money.
Let me guess, they want more budget..
"Leaking" (cough) such information seems to serve but one purpose these days. I can't see any other reason why this leaks, unless as evidence that the "Chinese" (or fill in your own enemy du jour) don't exactly have to work hard to obtain information that should be kept on an isolated network..
i blame those pesky moles
they're everywhere, leaving tunnels and holes in their wake...
securing systems means watching who/what is 'leaving' the 'premises' too!
no point in having a 'badge' to get access...them pesky tunnels provide a 'great escape'
Did the Chinese really hack in to the missile system per se or discover plans for it on a file server?
Let's be clear chaps.
Naw, none of this happened. Except the story is everywhere now, so doesn't matter any more because it'll get the budgetary result they were looking for. Facts are completely irrelevant in this game.
Here is a soloution
Anything with confidential data on it, simply uplug the blooming NIC cable. Why on earth they were connecting to a web facing network is beyond me!
Nuke as hopefully they have not networked those as well.....DO YOU WANT TO PLAY A GAME
Must be on a web-facing machine
"Anything with confidential data on it, simply uplug the blooming NIC cable"
You're all so misguided. Everyone knows that the US military run Windows for Warships, Windows for Warmongerers and Windows for the Terminally Incompetent. Equally everyone knows that Micro$not needs to update at least once a month, virus checkers every two minutes and flash twice a week 'to stay secure' so you *must* necessarily be connected to the internet to mitigate security threats from ... errr ... the internet ... Then, if you were no longer secure when sending the plans for the F18 by email, who knows what might happen ...
Re: Must be on a web-facing machine
"You're all so misguided. Everyone knows that the US military run Windows for Warships, Windows for Warmongerers and Windows for the Terminally Incompetent. Equally everyone knows that Micro$not needs to update at least once a month, virus checkers every two minutes and flash twice a week 'to stay secure' so you *must* necessarily be connected to the internet to mitigate security threats from ... errr ... the internet ... Then, if you were no longer secure when sending the plans for the F18 by email, who knows what might happen ..."
I had to glace to the side to see if Eadon wrote that.
I bet most of it comes from personnel.
You didn't think that stunning 21 yo Chinese girl that was suddenly infatuated with you outside the gates of "insert defence agency here" really wanted you for your looks?
Actually most of it is likely to be spear phishing attacks, most likely on fuckwitted 'consultants' or 'contractors'. Not particularly complicated, but effective when you play the percentages. The big question is how some of these external companies get away with such slack security.
With their low, low prices
Backhanders included, of course.
"You didn't think that stunning 21 yo Chinese girl that was suddenly infatuated with you outside the gates of "insert defence agency here" really wanted you for your looks?"
You take that back - We're in LOVE!
"Actually most of it is likely to be spear phishing attacks, most likely on fuckwitted 'consultants' or 'contractors'. Not particularly complicated, but effective when you play the percentages. The big question is how some of these external companies get away with such slack security."
Having worked on both sides of that coin; the fuckwittery is by no means confined to contractors - in fact the consequences for a contractor doing something stupid (financial penalties on contract, getting fired, reputational damage etc) are worse than some idiot MOD graduate emailing himself restricted documents to his Hotmail account and getting a slap on the wrist.
ah the 'love you long time' conspiracy!
Re: most of it is likely to be spear phishing attacks
My money would actually be on the Sponsors (i.e., the inside the military guys who are supposed to know better but allow the consultants and contractors to get away with crap that would never fly in private business).
You take that back - We're in LOVE!
*SNORT* *CHOKE* *SPEW*
Thank god I get free keyboards.
At least in this case China had to do some hacking to get this information In the past, our enemy states know about western weaponry because we've sold it to them (best example I guess being the military hardware that was routed to the Afghans back when they were the good guys because they weren't commie Soviets).
I'm reminded of a line from Drop The Dead Donkey during the 1990/91 Gulf War - when an MoD official said that assessments of Iraqi military hardware didn't come from intelligence reports; "we just looked at copies of the invoices"
Re: hacking required
To be fair I think they stole that one from Bill Hicks: “You know we armed Iraq. I wondered about that too, you know during the Persian Gulf war those intelligence reports would come out: "Iraq: incredible weapons - incredible weapons." How do you know that? "Uh, well...we looked at the receipts."”
Re: hacking required
Generally speaking, export variants of Western weapon systems are downgraded, such as having less powerful engines, or not having the latest avionics and weapon system capabilities.
This has even affected the UK. I understand that some of the VTOL technology in the F35B is so secret that the design details cannot leave the US. Which is strange, as we gave most of it to the Yanks in the first place!
The list of technology designs being reported as stolen is a bit strange however, because F/A 18, Patriot and Blackhawk, must all be regarded as mature technologies now, and aren't particularly bleeding edge.
Re: hacking required
"Persian Gulf war"
We don't call it the Persian Gulf. That's what those nasty Persians call it. We but our oil from Saudi Arabia, so it's the Arabian Gulf...
Were they even the real blueprints?
It's not like the Yanks have never fed bollocks designs/data to an enemy's intelligence network. Besides, everybody's spying on everybody else except the Faroese who are too busy shooing away a $1.5m Greenpeace boat that probably cost more than their entire fishing fleet.
Never underestimate the power of idiocy
Separated systems are of course still standard for classified documents - but that doesn't stop people doing something stupid.
I've seen 'Sales' presentations downloaded from the internet on current in-service weapon systems that talk about performance data with all the interesting bits redacted using little black boxes. All well and good, until you go into Powerpoint and move the box out the way revealing all the data... It's the thought that counts I suppose.
Add a "C" to that somewhere, and I expect Anne Summers could make a kinky battery operated version.
AC because that pun is just so bad.
National Security & 'The Sequester'
There is currently a political pissing contest here in the U.S. called sequester where across the board cuts were made to nearly every sector of government. If you want to claw back some of that money you have to prove the issue is of significant national concern. Seeing as how nobody is dropping bombs on us they've had to show a new bad guy. The Chinese have been spying on us for years and everyone had phasers set to apathy. Now we're winding down wars and the military wants to keep their funds flowing.
It's all shit really.
Re: National Security & 'The Sequester'
Probably true. It's so hard to know though - it could range from totally true to totally made up and we would never know.
I am a firm believer in most people being incompetent, especially the ones that get promoted, so it would not surprise me if the chinese had done the dirty deed and the network was wide open.
Why is this sort of information on a internet enabled network anyway? Should it not be on a secure non internet connected network or does the mighty US military have a soft spot for cats?
Talking-up the cyber bogeyman ...
"Chinese spies have allegedly hacked into the designs of many of the United States' advanced weapons systems and platforms"
Who's idea was keeping all their secret designs and blueprints on the Internet? Besides which Patriot never actually worked as was demonstrated in Gulf War 11. It's just an excuse to extract even more revenue from central gov.
- YARR! Pirates walk the plank: DMCA magnets sink in Google results
- Pics Whisper tracks its users. So we tracked down its LA office. This is what happened next
- Review Xperia Z3: Crikey, Sony – ANOTHER flagship phondleslab?
- OnePlus One cut-price Android phone on sale to all... for 1 HOUR
- UNIX greybeards threaten Debian fork over systemd plan