back to article 'Secret Pentagon papers' show China hacked into Patriot missile system

Chinese spies have allegedly hacked into the designs of many of the United States' advanced weapons systems and platforms, including those for F/A-18 Hornet fighter jets, the Patriot missile system and Black Hawk helicopters. According to the Washington Post, a "confidential section" of a report prepared for the Pentagon seen …

COMMENTS

This topic is closed for new posts.
  1. Shasta McNasty
    FAIL

    Security, what security?

    So the Chinese gained access to secret information and then the Media gained access to a report about the Chinese gaining access.

    FFS.

    1. g e
      Holmes

      Pretexting

      That's what it sounds like to me.

      Just like the run up to anything else the USA do. This time the WMD's are digital.

      Or maybe their security really _is_ that shit that the Chinese get a bunch of secret stuff then a newspaper gets the subsequent secret guff on it.

      When someone tells you something a lot, always question how they stand to benefit from you believing them - we're hearing too much about China attacking the USA, then this charade

      1. ecofeco Silver badge
        Mushroom

        Re: Pretexting

        The security really is "that shit". Even El Reg has published articles over the years about what a damn joke it is.

        To fix this, the US needs the kind of computer folks that can't get security clearances and don't give a damn about political games. And that ain't gonna happen.

    2. UKExpat

      UKExpat

      I do not understand what all the fuss is about. As one who personally witnessed all the Scud attacks on Riyadh in the first Gulf War I can confirm that they failed to destroy any Scuds. The US government reports about the Patriots intercepted most of the Scuds may have some semblance of truth but they failed to acknowledge that even though they managed to intercept some Scuds they certainly did not destroy them or stop them from causing damage or casualties. The legend that the Patriot Missiles were somehow a super weapon is a complete myth.

  2. Pete 2 Silver badge

    Opens up the market

    > Chinese spies have allegedly hacked into the designs of many of the United States' advanced weapons systems and platforms

    Great! So we'll soon be able to buy these from the usual websites of chinese goods. Presumably at a tiny fraction of what the americans would charge and delivered in wrappers that say "Gift. Value $5" on the customs declaration.

  3. Anonymous Coward
    Anonymous Coward

    They had most of the info anyway

    I've never been close enough to a real F-18 to see it, but the toy one my son has is so detailed I can read "Made in China" underneath.

  4. Gordon Pryra
    Devil

    a growing Chinese campaign of espionage

    I don't know why China bother to be honest, all they need do is put a camera or microphone in front of any top military and industry sources and they will give them all the details anyway. Far easier

    Unless this is all a load of crap disinformation, one more "+1 to the total Chinese hacking Uncle Sam stories"

    Seems bit convenient that a report is "leaked" about the current USA bug bear,

  5. Anonymous Coward
    Anonymous Coward

    Really?

    Admittedly I've been out of the defence business for 15 years, but back then we knew enough to have physically separate systems and networks for really sensitive stuff. Anything classified above Confidential certainly wouldn't have been on a machine connected to a public network. There are masses of design material and other stuff classified below which could be compromised, but wouldn't reveal much about the weapon system's capability. Without some detail to justify the claims this sounds like another US government Red Peril story.

    1. Khaptain Silver badge

      Re: Really?

      >Anything classified above Confidential certainly wouldn't have been on a machine connected to a public network

      Were there any Chinese engineers/students working in your department back then. Today you might find that there are......

      Firewall can't protect from attacks from within..

      1. Anonymous Coward
        Anonymous Coward

        Re: Really?

        That's wouldn't really be "hacking" though, just plain old-fashioned spying. And although vetting might not be foolproof, I very much doubt that Chinese nationals would get an adequate level of security clearance even today. :)

    2. Psyx
      Pint

      Re: Really?

      "Admittedly I've been out of the defence business for 15 years, but back then we knew enough to have physically separate systems and networks for really sensitive stuff. "

      This. I find it hard to believe that people are plugging this shit into the Web...

      ...Unless we're talking private contractors, in which case no piece of security stupidity is beyond belief.

    3. Anonymous Coward
      Anonymous Coward

      Re: Really?

      I'm not in it, but my roomie is. From what I hear, if you're actually working for the government they are still physically separate, and a royal PITA to use. Vendor handling is a whole other issue. Might be the same, might not.

      The roomie is not entirely sure exactly how effective the system is though. To save costs you try to send as much non-critical information through non-secure channels as possible. At one point someone was recommending a change in which bits got classified so that scientist types could better publish papers in their field and get some of the recognition they deserve (insert 'best mind on this topic in the world but can't tell world about it' story here). Problem was, if the system was implemented and you had the non-secure information from pre-change plus the non-secure information post-change you had all bits needed to make the supposedly secret thing from non-secure information. Not sure how that problem was resolved.

      Also, they seem to still be classifying too much information. So bits of it are bound to leak and you hope the bits that do are only ones that if you were doing proper classification wouldn't have been classified (except for disinformation purposes) in the first place.

      Overall the impression I get is the system is not unlike the "mind reading" devices from the sf story where all they really were was random explosion devices meant to keep the rubes afraid.

    4. JLV
      Boffin

      Re: Really?

      Don't disagree, except that much technical work nowadays is heavily dependent on Internet connectivity

      Say your team is coding the F35's helmet's software (a significant bit of that kit and one that is currently a big issue).

      Do you want your engineers NOT to be able to lookup C++ syntax references? What about Googling up "runtime error R6025"? If they have to do that on a separate workstation, what's that gonna do to productivity?

      Not at all saying that you are wrong or that's it's not common sense. Just that, well, most of us rely on open connectivity and it's easy enough to point the finger.

      Sounds like they need systems that can segment a workstation between normal and restricted access.

      Maybe something like similar to the BlackBerry Balance gizmo, where the OS enforces separation between work/personal matters? Or a VM that allows internet access from an otherwise locked down workstation?

      Maybe also a DoD edict for contractors that either forbids Windows on sensitive workstations or allows full DoD access to check that Windows is sufficiently hardened on them? And no Adobe software.

      I suspect Windows will still be necessary due to CAD and other software availability.

  6. Frankee Llonnygog

    Oh dear

    "sensitive design information for aircraft and ships was also illicitly accessed, including: the V-22 Osprey tiltrotor transport aircraft; the US Navy's new Littoral Combat Ship, designed to patrol close to shore; and the F-35 Joint Strike Fighter"

    And when the PLA Generals looked at the secret plans for those money-pits, they must have been ROFL like the robots in the Cadbury's Smash ads. "Look, the imperialists are sabotaging themselves more effectively than we ever could!"

    1. Peter Simpson 1
      Happy

      Re: Oh dear

      And when the PLA Generals looked at the secret plans for those money-pits..."

      ...or they'll go broke trying to build their own copies of them. All part of a cunning plan!

  7. Anonymous Coward
    Facepalm

    Oh great, as if the F35 wasn't bad enough, we now have shanzhai Chinese versions to look forward to.

  8. Denarius
    Trollface

    and in breaking news

    to save money more defense sites will be connected to public networks in the US...

    After all, yanks dont build anything anymore. Everything except genuine Mercs and BMWs are made in China.

  9. TeeCee Gold badge
    Happy

    "Also cribbed designs for Blighty's F-35 fighter jet"

    I do hope that gave them as much of a laugh as it did us.

  10. Anonymous Coward
    Anonymous Coward

    Can't wait for the cheaper knockoff clones

    with engrish names

    FA018- Stinging Insect Fighter

    Defender again oppression Missle system

    Dark raptor helicopters

    1. vonRat
      Mushroom

      Re: Can't wait for the cheaper knockoff clones

      Try "Shenyang J-31", it's on Wiki...

    2. Frankee Llonnygog

      Re: Can't wait for the cheaper knockoff clones

      "Nest of Flightless Dragons" aircraft carrier

  11. Ageless Stranger
    FAIL

    Why are these "secret" files available via a public network? You would think that they would be on a closed network

    1. Peter Gathercole Silver badge

      Probably stored in 'the cloud' to save money.

  12. Anonymous Coward
    Anonymous Coward

    Let me guess, they want more budget..

    "Leaking" (cough) such information seems to serve but one purpose these days. I can't see any other reason why this leaks, unless as evidence that the "Chinese" (or fill in your own enemy du jour) don't exactly have to work hard to obtain information that should be kept on an isolated network..

  13. Anonymous Coward
    Anonymous Coward

    i blame those pesky moles

    they're everywhere, leaving tunnels and holes in their wake...

    securing systems means watching who/what is 'leaving' the 'premises' too!

    no point in having a 'badge' to get access...them pesky tunnels provide a 'great escape'

  14. Anonymous Coward
    WTF?

    really?

    Did the Chinese really hack in to the missile system per se or discover plans for it on a file server?

    Let's be clear chaps.

    1. Ole Juul

      Re: really?

      Naw, none of this happened. Except the story is everywhere now, so doesn't matter any more because it'll get the budgetary result they were looking for. Facts are completely irrelevant in this game.

  15. P.Nutt
    Mushroom

    Here is a soloution

    Anything with confidential data on it, simply uplug the blooming NIC cable. Why on earth they were connecting to a web facing network is beyond me!

    Nuke as hopefully they have not networked those as well.....DO YOU WANT TO PLAY A GAME

    1. Andy The Hat Silver badge

      Must be on a web-facing machine

      "Anything with confidential data on it, simply uplug the blooming NIC cable"

      You're all so misguided. Everyone knows that the US military run Windows for Warships, Windows for Warmongerers and Windows for the Terminally Incompetent. Equally everyone knows that Micro$not needs to update at least once a month, virus checkers every two minutes and flash twice a week 'to stay secure' so you *must* necessarily be connected to the internet to mitigate security threats from ... errr ... the internet ... Then, if you were no longer secure when sending the plans for the F18 by email, who knows what might happen ...

      1. Psyx
        Boffin

        Re: Must be on a web-facing machine

        "You're all so misguided. Everyone knows that the US military run Windows for Warships, Windows for Warmongerers and Windows for the Terminally Incompetent. Equally everyone knows that Micro$not needs to update at least once a month, virus checkers every two minutes and flash twice a week 'to stay secure' so you *must* necessarily be connected to the internet to mitigate security threats from ... errr ... the internet ... Then, if you were no longer secure when sending the plans for the F18 by email, who knows what might happen ..."

        I had to glace to the side to see if Eadon wrote that.

  16. Anonymous Coward
    Megaphone

    I bet most of it comes from personnel.

    You didn't think that stunning 21 yo Chinese girl that was suddenly infatuated with you outside the gates of "insert defence agency here" really wanted you for your looks?

    1. Anonymous Coward
      Anonymous Coward

      Actually most of it is likely to be spear phishing attacks, most likely on fuckwitted 'consultants' or 'contractors'. Not particularly complicated, but effective when you play the percentages. The big question is how some of these external companies get away with such slack security.

      1. squigbobble
        Trollface

        With their low, low prices

        Backhanders included, of course.

      2. Anonymous Coward
        Anonymous Coward

        "Actually most of it is likely to be spear phishing attacks, most likely on fuckwitted 'consultants' or 'contractors'. Not particularly complicated, but effective when you play the percentages. The big question is how some of these external companies get away with such slack security."

        ----

        Having worked on both sides of that coin; the fuckwittery is by no means confined to contractors - in fact the consequences for a contractor doing something stupid (financial penalties on contract, getting fired, reputational damage etc) are worse than some idiot MOD graduate emailing himself restricted documents to his Hotmail account and getting a slap on the wrist.

      3. Anonymous Coward
        Anonymous Coward

        Re: most of it is likely to be spear phishing attacks

        My money would actually be on the Sponsors (i.e., the inside the military guys who are supposed to know better but allow the consultants and contractors to get away with crap that would never fly in private business).

    2. Anonymous Coward
      Anonymous Coward

      "You didn't think that stunning 21 yo Chinese girl that was suddenly infatuated with you outside the gates of "insert defence agency here" really wanted you for your looks?"

      ----

      You take that back - We're in LOVE!

      1. ecofeco Silver badge
        Thumb Up

        You take that back - We're in LOVE!

        *SNORT* *CHOKE* *SPEW*

        Thank god I get free keyboards.

    3. Anonymous Coward
      Anonymous Coward

      ah the 'love you long time' conspiracy!

  17. Mostly_Harmless Silver badge
    Holmes

    hacking required

    At least in this case China had to do some hacking to get this information In the past, our enemy states know about western weaponry because we've sold it to them (best example I guess being the military hardware that was routed to the Afghans back when they were the good guys because they weren't commie Soviets).

    I'm reminded of a line from Drop The Dead Donkey during the 1990/91 Gulf War - when an MoD official said that assessments of Iraqi military hardware didn't come from intelligence reports; "we just looked at copies of the invoices"

    1. Uncle Slacky Silver badge
      Stop

      Re: hacking required

      To be fair I think they stole that one from Bill Hicks: “You know we armed Iraq. I wondered about that too, you know during the Persian Gulf war those intelligence reports would come out: "Iraq: incredible weapons - incredible weapons." How do you know that? "Uh, well...we looked at the receipts."”

      1. Psyx
        Pint

        Re: hacking required

        "Persian Gulf war"

        We don't call it the Persian Gulf. That's what those nasty Persians call it. We but our oil from Saudi Arabia, so it's the Arabian Gulf...

    2. Peter Gathercole Silver badge

      Re: hacking required

      Generally speaking, export variants of Western weapon systems are downgraded, such as having less powerful engines, or not having the latest avionics and weapon system capabilities.

      This has even affected the UK. I understand that some of the VTOL technology in the F35B is so secret that the design details cannot leave the US. Which is strange, as we gave most of it to the Yanks in the first place!

      The list of technology designs being reported as stolen is a bit strange however, because F/A 18, Patriot and Blackhawk, must all be regarded as mature technologies now, and aren't particularly bleeding edge.

  18. squigbobble
    Meh

    Were they even the real blueprints?

    It's not like the Yanks have never fed bollocks designs/data to an enemy's intelligence network. Besides, everybody's spying on everybody else except the Faroese who are too busy shooing away a $1.5m Greenpeace boat that probably cost more than their entire fishing fleet.

  19. Anonymous Coward
    Anonymous Coward

    Never underestimate the power of idiocy

    Separated systems are of course still standard for classified documents - but that doesn't stop people doing something stupid.

    I've seen 'Sales' presentations downloaded from the internet on current in-service weapon systems that talk about performance data with all the interesting bits redacted using little black boxes. All well and good, until you go into Powerpoint and move the box out the way revealing all the data... It's the thought that counts I suppose.

  20. Robert Helpmann??
    Childcatcher

    Littorally

    ...the US Navy's new Littoral Combat Ship, designed to patrol close to shore...

    Which? The Freedom class or the Independence class?

    1. Anonymous Coward
      Anonymous Coward

      Re: Littorally

      Add a "C" to that somewhere, and I expect Anne Summers could make a kinky battery operated version.

      AC because that pun is just so bad.

  21. Don Jefe
    Meh

    National Security & 'The Sequester'

    There is currently a political pissing contest here in the U.S. called sequester where across the board cuts were made to nearly every sector of government. If you want to claw back some of that money you have to prove the issue is of significant national concern. Seeing as how nobody is dropping bombs on us they've had to show a new bad guy. The Chinese have been spying on us for years and everyone had phasers set to apathy. Now we're winding down wars and the military wants to keep their funds flowing.

    It's all shit really.

    1. tentimes
      Thumb Up

      Re: National Security & 'The Sequester'

      Probably true. It's so hard to know though - it could range from totally true to totally made up and we would never know.

      I am a firm believer in most people being incompetent, especially the ones that get promoted, so it would not surprise me if the chinese had done the dirty deed and the network was wide open.

  22. Wattsy
    FAIL

    Why is this sort of information on a internet enabled network anyway? Should it not be on a secure non internet connected network or does the mighty US military have a soft spot for cats?

  23. Anonymous Coward
    WTF?

    Talking-up the cyber bogeyman ...

    "Chinese spies have allegedly hacked into the designs of many of the United States' advanced weapons systems and platforms"

    Who's idea was keeping all their secret designs and blueprints on the Internet? Besides which Patriot never actually worked as was demonstrated in Gulf War 11. It's just an excuse to extract even more revenue from central gov.

  24. nuked
    Flame

    Yet another contribution towards the almost daily media narrative against the East, no doubt designed to garner public support for an increase in cyber-defence spending, together with 'essential' legislation to further limit our privacy and freedom.

    Whether there is a factual underpinning to the whole East vs West cyber-saga, I have no idea, but at best these constant 'leaks' are gross political opportunism of the highest order.

  25. Graham Jordan

    in other news

    Barak Obama admits to funding and tasking a crack team of developers to hack and take down Iranian nuclear sites.

    of course its ok when they do it don't you know.

  26. Maharg
    Black Helicopters

    Delete where applicable

    I think its interesting that the US had these plans *stolen/leaked* by the *Evil Commies/Outsourcing department* and now we can wait to a load of *Copies/knockoffs* that the US Government can *buy back/purchase as part of a current pre-signed trade agreement*, this will also help to continue the UK’s *cost-saving/mindlessly gutting* of the defence budget.

  27. henrydddd
    FAIL

    Why?

    My question is why does a computer containing sensitive information have any contract with the Internet, ether direct or indirect? Is is necessary for the people using these computers to have the ability to log on to Facebook? Computers containing top secret information should be totally isolated from the internet period. No sharing USB drives, no connecting to a network that has computers connected to the internet. If the Chinese can do this, so can millions of hackers world wide. Someone should be fired for this stupidity!

  28. Anonymous Coward
    Anonymous Coward

    Nothing to see here, move along

    1. Nations spy upon one another. Less of the holier than thou please. Does the CIA not have assets doing the same in China? If not, that would be a truly epic fail.

    2. Bigging up an adversary's skills is standard issue political fare. See [Gap, Missile]. So what.

    3. Don't make this private-vs-public sector. Some contractors are great, some are terrible, and so are the agencies they work for. Remember that young Mr Manning was able to download oddles of classified info onto a USB stick. Despite (a) being a lowly private (b) under disciplinary procedures (c) the areas not being anything to do with his day job. That isn't a comment on the correctness of his actions, but I find the real scandal of that case the fact that the ideas of need-to-know and compartmentalized information have been so completely thrown in the trash.

This topic is closed for new posts.

Other stories you might like