Slashdot Mirror
Computer Spies Breach $300B Fighter-Jet Project
suraj.sun writes "Computer spies have broken into the Pentagon's $300 billion Joint Strike Fighter project — the Defense Department's costliest weapons program ever — according to current and former government officials familiar with the attacks. Similar incidents have also breached the Air Force's air-traffic-control system in recent months, these people say. In the case of the fighter-jet program, the intruders were able to copy and siphon off several terabytes of data related to design and electronics systems, officials say, potentially making it easier to defend against the craft."
Yeah--good luck with polishing THAT turd, China.
SJW: Someone who has run out of real oppression, and has to fake it.
I thought I was downloading the latest Windows 7 beta candidate
boy is my face red.
(ob: what's that knock on my door, I'll be *NO CARRIER*)
What kind of connection do you need to have to get away with several terabytes of data before someone notices? Users on my network get pissy when someone downloads a few dozen megs.
Why are these sensitive systems connected to the public internet. Either directly or indirectly, whose bright idea was it? If you need a computer in the lab connected to the internet, fine, just keep the infrastructure seperate.
Not to downplay this event but I really wonder why we don't hear much about espionage from western countries ? Are they better at it (rather than using malware or commonly avaliable tools) ? I am sure the Chinese etc have equally vulnerable systems.
More propaganda to make us "scared" of the internet!!! Yes we better lock down dem interenets boys, the internet is a national security threat !
Or Chinese.....
There is just as good a chance that the information stolen is bad information, as there is that it is good information. Now the Chinese/Russian spies need to determine what is and isn't good information from what they stole
once more into the breach
2009, the year of the open source Jet Fighter.
Life starts at the end of your comfort zone.
Food for thought - doesn't this show that "security through obscurity doesn't work" is true in a broader context than just computer security?
Comment removed based on user account deletion
If I'd spent 300 billion on a project that didn't deliver the goods, I might be tempted to stage an internet break in which would force the projects cancellation, saving face for all concerned.
Speaking of, how much money has been wasted on the missile defence shield? 4 years ago, they were saying 50 billion. Today I think it's up to 115 billion. And of course, it still doesn't work. (And most likely never will.)
Will we see a "break in" on that research any time soon?
300 Billion taxpayer dollars?!? Do they transform into giant robots?
Can we PLEASE have back the ability to go back to specific days??
Like with http://slashdot.org/index.pl?issue=20090413 ???
I'm a week or two behind and want to catch up a day or two at a time without missing anything.
thanks
article blaming china for hacking in the past 6 months. the US must always have an enemy it seems.
first they say "many details couldnt be learned" such as origin, then the article does an about face and implies it came from china...are we just blaming the new kid for everything!?
could this "breech" have been some misinterpretation of say, a backup job being run? the US Navy has a history of this http://en.wikipedia.org/wiki/Iran_Air_Flight_655
Good people go to bed earlier.
Should I lol or weep?
Problem is the average media consumer will swallow the bait with tackle and all!
Power grid threatened by hackers - most likely from China *g*
Poor ol Dalai Lama's Windozw PC infiltrated *g*
Whats going on? Obama tolling up for a big War?:
300 Billion and the rest.
Over budget, Late, and making 'partners' bleed with cost overruns.
Whatever they may have took, would be a lesson to run away from ill managed and maligned gold plated fantasy projects that could eclipse the 'risk management' by a few dodgy banks.
I'm sure someone is hoping someone 'copies' and bring about the downfall of an evil rival. Was it the secret that the initial flight report came back as 'better than a Chevrolet Vega'.
Again reinforcing the need to return to the "Open Air Policy" that any secret or top secret network must have a "nothing but open air" between the secure system and unsecure system. Prior to the 90s many secure networks had a single cable, usually with a manual breaker, that would be enable only as a specific scheduled time, and the end point on the unsecure side was a single terminal (2 NICs, 1 to unsecure network on one subnet, then the secure network on another) where both network cards were phsyically impossible to operate at the same time (the reason for 2 NICs is the secure NIC is an encrypted card)
Seriously, you should never be able to tget from A -> B -> C where A is a public network and C is a secret or top secret network.
Hell last weekend I was at a shop where the DEV network was self contained and the only way they got code builds was compiled on the DEV network (12th floor) then sneaker-net'ed to the testing environment via optical disk (8th floor).
P.S.F.F The office on the 9th floor still has token ring... WTF who still uses Token Ring? Seriously? I mean it's friggin Token Ring... I remember working on Norwest Mortgage's (bought by Wells Fargo) token ring to ethernet conversion, what 12 years ago now... Jebus Rice that was a long time ago now it seems...
-=[ Who Is John Galt? ]=-
It is important to remember that none of this is classified data. It could be as serious as "Sensitive But Unclassified" or "For Official Use Only" or "XXX Proprietary" or what have you, but it's not as though top secret plans, capabilities, etc. was obtained. This doesn't make it a non-issue, as it's still quite serious. There has been a lot of talk over the years that this kind of stuff should in fact not be stored on Internet connected (indirectly often times) networks, which I tend to agree with. Anyway...
There Are So many randomly capped wordS in tHAT post, I thought you were posting in code.
...that not every network needs to be connected to the Internet. It sounds like an almost absurd idea, I know.
"The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
Comment removed based on user account deletion
I know someone who was involved with this. They stored the project's blueprints on a video game cartridge. It could only be accessed if you played all the way through the end of the game. After that, the blueprints showed, wireframe graphics & all.
General Tagge: What of the Rebellion? If the Rebels have obtained a complete technical reading of [the Joint Strike Fighter], it is possible, however unlikely, they might find a weakness and exploit it.
Darth Vader: The plans you refer to will soon be back in our hands.
Admiral Motti: Any attack made by the Rebels against [the Joint Strike Fighter] would be a useless gesture, no matter what technical data they have obtained. [The Joint Strike Fighter] is now the ultimate power in the universe. I suggest we use it.
What's the point of the F35? A plane that is its in its experimental phase whereas Europeans have had planes for quite a few years that have roughly the same performance (the Rafale in its F3 version is basically on par with the projected performance of the F35, is qualified for CATOBAR on aircraft carriers, is able to perform a nuclear strike, etc.). It would save taxpayer money to just buy those planes which have been already tested operationally. When money is scarce one has to be pragmatic. Look at what the EU is able to do with half the budget of the US, even losing a lot of spending efficiency by having uncoordinated programs. The US military wastes a lot of taxpayer money for poor results (for the amount of money) in the end: http://en.wikipedia.org/wiki/List_of_countries_and_federations_by_military_expenditures
Every time info gets stolen. It's the reds, those commy bastards! Can we please move on its been 20 years. Honestly it could have been one or some of millions of people. Why are we pointing our finger at someone with out even anything pointing to them. There aren't even leads never mind proof. Come on /. I thought we were better than this...
On second thought I didn't but still come onnnnnn...
The F-35 is barely out of R&D. It hasn't had a chance to "not deliver" yet.
Best Slashdot Co
Systems containing classified data are NEVER connected to the internet. Any classified data that was siphoned off was left their either maliciously or through stupidity by someone on the inside. In either case, if this really did happen, the person should be tried for treason. Not only are these other networks locked down from the internet, they are also locked down physically - kept away from windows, often in a vault and physical access is tightly controlled.
Any other data that was acquired was probably crap. I strongly suspect that this is another case of fear mongering by an organization trying to get additional funding.
The alternative, which is almost too scary for me to consider, is that we have changed our practices and now leave sensitive information critical to our defense on unprotected systems.
Call me a troll. It don't change the facts.
Are these plans connected to ANY internet connected network? What kind of dumbass does that? If the damn plane is THAT top secret DON'T MAKE IT INTERNET ACCESSIBLE. Bloody hell, I really do hate being an American now. As my poster says, 'Never underestimate the power of stupid people in large groups.'
The most secure computer is one not on the internet. What 1st year admin doesn't understand that basic concept?
Pax Vobiscum
....if this, too, leads back to BAE, and the problems they had surrounding the project a couple of years ago.
It doesn't matter if the data is on the Internet. No matter how well you protect your data there always are rogue agents on the roster who have access to everything and can operate undetected for a long period of time.
I'm not kidding. I have my sources. I watch 24 after all.
well since we are correcting my spelling instead of the situation of America. Might as well fix one more thing so we get the story straight.
And finally, this is the premeditated chronologically timed public news release on how US computer sucks.
Should be
And finally, this is the premeditated chronologically timed public news release on how US computer "SECURITY" sucks.
Every time info gets stolen. It's the reds, those commy bastards! Can we please move on its been 20 years.
First the Chinese are always busted with unsubtle spying operations like this, and the Chinese have aspirations of displacing the United States as a superpower. One could argue that the other block, the European Union, would be culpable but they are a JSF partner first, and have better spies anyway. If the Europeans, particularly the British, were spying on us, we just wouldn't know it.
It could be the Russians, but, they tend to have really good ground intelligence and would probably just pay someone to fork over the plans.
This is my sig.
Here's a better shot.
Still don't wanna see the Chi-Coms coming at me in one of those.
Official Heretic from the "Church of Global Warming". Proven right thanks to whistle blowers. AGW = Flat Earth Theory
The question is, will this delay Half-Life 2?
Oh wait, wrong excuse.
Haven't F-35s been sold to several other countries(or are going to be)? I guess this will affect the price a lot, I can't see anyone wanting to buy it with unknown foreign powers having the code & doubtless trying to engineer a backdoor.
Here it is:
http://www.handhewnloghomes.com/
However it can be extremely difficult to determine the true origin because it is easy to mask identities online.
If the government acted like the RIAA some poor farmer in China with a 10 GB hard drive would already be in jail because it was clearly them who broke in to the network as the intruding IP address belonged to them.
Sometimes it is nice to see a bit of common sense involved.
Note that Chinese intruders succeeded in numerous attempts at downloading information related to the F-35 jet fighter. After the 1st such attempt, American intelligence would have become aware of the incident.
If you were a smart intelligence officer, what would you do after the 1st attempt?
You would not publicly announce the breach of security. Rather, you would plant false data into the same computer which was compromised. When the Chinese hacker returns to it to download even more information, then he would get gigabytes of fake data.
The aim is for the Chinese military to develop countermeasures against F-35 performance characteristics that does not exist. When the actual F-35 is deployed, it will defeat those countermeasures and deliver its nuclear payload to Beijing -- on time and on target.
From the article:
The Bush administration planned to spend about $17 billion over several years on a new online-security initiative and the Obama administration has indicated it could expand on that. Spending on this scale would represent a potential windfall for government agencies and private contractors at a time of falling budgets.
I'm pretty sure that doesn't hold a torch to the Manhattan project, which cost over $1B at the time. Adjust that for inflation, and it's about $1T.
Education is the silver bullet.
It's shit like this that shakes my faith in government conspiracies and the existence of men in black.
"smart American intelligence officer" - in Georgia (country), Iraq (red zone) or 'near' Pakistan or Latin America.
The rest are in the private sector.
What you have left watching some of your servers can be seen thanks to Gary McKinnon.
http://en.wikipedia.org/wiki/Gary_McKinnon
Domestic spying is now "Benign Information Gathering"
there is an editorial in the new york times today saying that entire branch of the military should be shut down, since the marines, the army, the navy: they all have their own fighter wings
http://www.nytimes.com/2009/04/21/opinion/21kane.html
the airforce is redundant. of course it won't actually be shut down, but its usefulness is certainly doubtful. i think it should be decimated, and become nothing but a shell to contain the icbms and other missiles, a few other esoteric military projects, and nasa should be moved into its domain. all the other large countries have their space wings under the military, i think the usa should to, if for no other reason than increasing funding for nasa
and then, at some distant future date when spacefaring is more common, we can talk about how the space marines are nothing more than a wing of the air force, the navy is a quaint historical oddity whose functions are now served by the coast guard, and the army should be folded into the world government police force
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
So the solution is to create new high-level posts in the government. Somehow I am skeptical that this will quickly and thoroughly solve the problem.
[Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
They're still people just like everyone else, with human limitations of attention, intelligence, resources, time...
The most likely scenario is that 98% of the info they grabbed is the real stuff. Maaaybe they seeded some wrong values into the schemata to try to minefield attempts to construct them, but the overall structure and general design were successfully stolen. They can't spend a ton of time putting in fake info because this is important information they're stealing while they work on inserting fakes, and even doctored designs can provide insight.
They don't have fake backups standing by because who has the time and resources to simultaneously produce real work and fake work in parallel(and from the same limited body of personnel with sufficient clearance?)
FFS, why are these military networks even accessible via the Internet? Shouldn't they be on their own network infrastructure - completely inaccessible from outside the military?
If you were a smart intelligence officer, what would you do after the 1st attempt?
The terms "smart" and "intelligence" are often strongly associated. However, please remember that the current context is a military organization or its commercial suppliers. It is entirely possible that those terms are almost mutually exclusive here.
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
Whoever allowed that data to be connected to the web should have their security clearance yanked, and be fired.
It's been quite a few years since I dealt with any DoD customers directly, but back in the late 1980s I remember they were all about air-gap security. I'm astounded that any machines containing classified materials were allowed to be connected to the internet.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Somehow this all seems to me like a Deathstar/Bothans analogy...
This is just a cover for the U.S. stealing technology from
Russia.
Yours In Socialism,
Kilgore Trout
You may remember that /. ran the following several stories:
Feds Seize $78M of Bogus Chinese Cisco Gear
http://slashdot.org/article.pl?sid=08/02/29/1642221
and
FBI Says Military Had Counterfeit Cisco Routers
http://it.slashdot.org/article.pl?sid=08/05/09/164201&from=rss
Lets see, extra chips on a piece of equipment that handles all the network traffic, which would include NFS and a variety of other plain text protocols (why would someone use encryption on a "secure" network). Add to that a sprinkling of Teredo
http://en.wikipedia.org/wiki/Teredo_tunneling
And looks to me like it's very likely that someone could steal whatever they wanted.
Good thing all our corporate suppliers are bound by contracts that would totally be enforced by this foreign government who's providing the bogus equipment. Didn't think about that, did you, stupid corporate outsourcing asshat.
-Runz
And, do not overestimate Western security procedures.
Planting fake data reminds me of one of the tricks in The Cuckoo's Egg. Hmm... that book is about a computer security breach quite a few years ago.
Where law ends, tyranny begins -- William Pitt
"In the case of the fighter-jet program, the intruders were able to copy and siphon off several terabytes of data related to design and electronics systems"
And the solution is, find out who is responsible for implementing the system and then put them up against the wall and shoot them.
--
sig:
Jesus H. tap dancing Christ on roller skates, who is their right mind puts a secret fighter project on the Internet
davecb5620@gmail.com
... in the comments or article, so it's probably Linux.
That's actually a vaguely good explanation of a big part of CI.
Hate to toot my own horn, but I believe our effectiveness and experience at counter-intel against nation states is very strong.
I think the Cold War taught us a lot about informational/digital security that potential adversaries underestimate.
*Nothing is perfect*, but we do our very best to keep things we don't want vulnerable from being accessible, and we have lots of experience in that field.
The JSF will be a NATO fighter anyways--other nations with, ahem... lesser practiced counter intelligence will eventually have the design schemes anyways.
-USAF14N
Fake data? Bah. I'd much rather we plant bad information that will cause the most monumental non-nuclear explosion and fire ever seen from space.
When the actual F-35 is deployed, it will defeat those countermeasures and deliver its nuclear payload to Beijing -- on time and on target.
I'm sure you didn't mean it, but don't say "when" in describing such an event!
"The Joint Strike Fighter, also known as the F-35 Lightning II, is the costliest and most technically challenging weapons program the Pentagon has ever attempted. The plane, led by Lockheed Martin Corp., relies on 7.5 million lines of computer code, which the Government Accountability Office said is more than triple the amount used in the current top Air Force fighter"
.. Lockheed's F-22 Raptor Gets Zapped by International Date Line
Ohh, fuck
I recall one where the pilot wondered what would happen if he pressed the 'gear up' lever while still on the ground. The gear retracted and the aircraft was severely damaged.
What they should do is for every project they work on, generate two sets of data -- one real, one fake. Store all the real ones in a secure monitored location, and plant the rest all over the network on various honeypots. Basically generate so much misinformation that the enemy can never tell what's real from what's fake.
yeah, that would be trivial to administer ...
> "smart American intelligence officer" - in
> Georgia (country), Iraq (red zone) or 'near'
> Pakistan or Latin America.
> The rest are in the private sector.
They are civilians, not "private sector". Who their employer contracts to makes the difference. Civilian psyops specialists have always been a prominent part of theory and field work. The psyops 'bible' was written by a civilian: Dr. Paul "E.E. 'Doc' Smith" Linebarger.
As for the military intelligence people, what was said about planting false data about the plane applies to the external appearance of the intelligence community. You don't want the enemy to know how many troops you have and what their capabilities are. The same goes for your intelligence capabilities.
While the media reports various intelligence shortcomings and fuckups, and congress investigates same whether they happened or not, some of the smartest people you'll never meet are running around inside the Pentagon's various intelligence offices, and in and out of offices that same entirely different things on the door. Some of them are running an intelligence agency operating within the US, including field operations, that rivals the CIA in quantity and quality of results. Of course this can't be true because the US military is not allowed to conduct operations against US civilians without a federal decree of martial law, right?
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
The article clearly states that the classified network is physically separated from the internet. All the super sensitive info is on a network COMPLETELY SEPARATE from the rest of the world. Furthermore, in order to "connect the laptop to the network" would require significantly more than plugging in the cable and accidentally leaving wireless enabled. Ever heard of port security? How about MAC filtering? There would be no accident for a system to be attached. It would HAVE to be malicious, and even then the individual would have to have access to the router and network configuration to get it to connect. My guess is that most of what they stole was either non-vital or completely falsified. Just because other nations are working on the development, doesn't mean everyone knows everything about the plane, thereby giving everyone access. No matter how much of a "joint" or "coalition" effort it is, there are parts and pieces kept from other nations, especially if it is a US led effort. Have you told your friends ALL of your secrets? The government doesn't either. Stop friggin worrying!
Except that the article states that the breach came through a subcontractor's computer network which, very likely, is not under direct control of any government intelligence agency. I would bet that the breach came through the network of a relatively small subcontractor, a parts developer rather than a system configurator, which probably had an IT department staff of about 3-5 guys, 2 of which sometimes know what they are doing and 3 of which spend most of the time looking for answers on google groups. I hate to be overly critical, but in my experience the IT departments of relatively small contractors tend to have a hard enough time ensuring the network connectivity of their own internal networks. Locking them down securely tends to be a level a bit over their head....
I think it's amusing how slashdotters instantly go off on a tangent. I'm fairly certain that the intended use of these jets are for offense, not defense.
Do not underestimate the cleverness of American-intelligence procedures.
And don't underestimate the cleverness of foreign intelligence and espionage techniques.
American CIA/NSA, American Navy SEALs, American Marine RECON... they aren't the only people who can field operatives and be effective behind enemy lines.
Isreal, China, North Korea, India, Pakistan, Russia, Germany, England (every special forces group is based on British SAS), South Africa... they all, good or bad, have their fair share of highly trained, highly competent bad asses capable of extreme bad assery.
And their technical access rivals one another. The North Korean intelligence field operative have access to very bright hackers/crackers, engineers and scientists just as the American in the CIA.
When the actual F-35 is deployed, it will defeat those countermeasures and deliver its nuclear payload to Beijing -- on time and on target.
Why do you want to deliver a nuclear payload to Beijing or anywhere?
Is it your answer to the security problems?
I would say that a better way (better for the humankind) is to improve the safety of sensitive information and the defense, instead of looking where and how to send a nuke.
Do not say it is not what you meant, because it is exactly what you meant.
Umm, don't over estimate the intelligence of these people either. Unless things have vastly improved in the past couple of years, I'm sure the attackers got what they wanted.
saw this in February.
we can rectify the issue by sending one of our defense contractors over to China. run their economy straight into the ground with cost overruns, under-deliveries, and little failures that go bump in the flight.
if this is supposed to be a new economy, how come they still want my old fashioned money?
That would imply that the intel community is plugged into the DIB as a stand-up counter-intelligence capability (If anyone was at the CERT 20th anniversary conference you would realize that the IC and the Fed came to the conference with blank expressions while asking for help - they are not plugged in all too well). The 2-day March 10-11 conference concluded with the CERT Director remarking, "Hopefully next time we'll meet under better circumstances."
Additionally implied is that the corporate DIB has the funding, the skill in their INFOSEC departments, and the willingness to bend a few rules from time to time for the sake of national interest. It is no surprise that the DIB has no interest in an offensive intelligence capability against hardened intelligence assets either inside the DIB contractor, inside the US, elsewhere in the "Ether," or sourced out of the foreign services intelligence service of the collecting country - that is the Govt job.
Offensive intel capability inside a DIB is a Tom Clancy novel starring Ben Afleck where a secret message found on a discarded Taco wrapper in the caferia prevents total NBC holocaust. Had the FS collector stole or zero'ed out the account recievable ledger of the DIB contractor, then you might see the DIB get serious about the threat.
Der Wachter.
When the actual F-35 is deployed, it will defeat those countermeasures and deliver its nuclear payload to Beijing -- on time and on target.
Yeah, it's really too bad that it's not on budget as well.
Do not underestimate the incompetence of Western intelligence officials.
Now that they have the plans let them build their own and bankrupt themselves in the process. Then we win!
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
You rush it out to the press so you can pretend you're winning the war on terror and compromise intelligence operations.
True Security is when your opponent knows everything about you/your systems/your hardware/your nukes -- and still cant break it.
Tho it seems this doesnt apply in America.
"civilians" are ex airforce who wheel the bombs out and load them for 3X the pay they used to get. :) :)
The only people who are in uniform are the pilots on speed or the lifers in Georgia (country), Iraq (red zone) or 'near' Pakistan or Latin America.
As for "smartest people you'll never meet", I play an open source game with a guy tapped by the NSA.
How do I know he is tapped by the NSA? He loves to talk of his really advanced extra math courses (crypto), his tutors and his security clearance
"US military is not allowed to conduct operations against US civilians" - just look up at any protest and wave, your on " intelligence agency" cam.
The people in strange camo looking down at you are not locals
Domestic spying is now "Benign Information Gathering"
"Why build one when you can build two for twice the price?"
*sigh* back to work...
The psyops 'bible' was written by a civilian: Dr. Paul "E.E. 'Doc' Smith" Linebarger.
Um, no. Dr. Paul Linebarger wrote science fiction under the pseudonym of Cordwainer Smith
www.lucernesys.comHorizon: Calendar-based personal finance
Most of the electronics in development will now soon be available on the Chinese market at a much cheaper price, and long before the American contractors finish their development. Meaning we can get these birds up much quicker and at a much lower price now! (Provided we don't mind the fact that the reliability and testing of the parts for the missile guidance system is slightly less than that for a cheap Fisher-Price toy!)
I've abandoned my search for truth; now I'm just looking for some useful delusions.
Someone is going to get a promotion for this. Because people who "work" in government almost never, ever get fired.
Maybe they'll find a low level grunt to blame it on..
It's only a matter of time, after all, the U.S. and China are the two largest military powers on the globe. Sooner or later, one of them will get cocky...
-Billco, Fnarg.com
Not stolen
Man, you craazy.
Yep, the US got wind that the Soviets were stealing natural gas pipeline control software, so they let them steal a version that had a logic bomb in it. When it blew up, it caused the largest non-nuclear explosion ever seen from space. http://www.msnbc.msn.com/id/4394002
Anyone who uses the stolen data is a fool.
All ideas^H^H^H^H^Hprocesses in this post are Patent Pending. (as well as the process of patenting all postings)
I was an intern at McDonnel Douglas [which had recently become Boeing Aircraft and Missile Systems] about 10 years ago. I was doing IT work and was in a server room working on stuff when i noticed an entire _wall_ of full-height SGI gear. I asked my boss about it. "That's our data server for our peices of the JSF project. It's about 2 terabytes of disks".
So there you have it. I had _physical_ access to the JSF projects servers almost 10 years ago. I had no security clearance, etc. I took the standard company urine test and filled out some forms, but that was that. I had no login/project access to the JSF gear, but i could unplug the whole thing if I wanted to :) I also have no idea what network(s) internally that JSF project server was attached to. There were probably cameras watching the room, but who knows? I don't remember..
Every computer at Boeing AMS was nominally related to the tasks of engineering and producing military aircraft. None of them were on the "public" internet, but 99% of them could "get" to the internet. Who knows how many back channel attack vectors that allowed? I have no idea what is different now.
In any case, there are a lot of entities involved in building something like the JSF. That JSF server was one of the first peices of McDonnel/Boeing owned IT equipment; a few years prior they had sold all of their IT assets to IBM and leased them back; this was the birth of IBM Global Services. So now you have IBM owning/operating aircraft engineering/production data, on behalf of McDonnel/Boeing. Lot's of moving parts. And McDonnel/Boeing was just one of the contractors involved; Lockheed was also doing JSF work as were hundreds of subcontractors for specific systems or parts.
This report seems to be light on details, so who knows what was really attacked and really disclosed?
My opinions are my own, and do not necessarily represent those of my employer.
They say any security is as good as its weakest part. Well in thise case defending a $300B project with obviously something cheap enough to allow hackers to download TERABYTES of data before someone found out and before news hit the Internet, that security system must be that weakest link. Obviously no point to invest billions inventing secret machine to defend from your enemies, if the system storing information on this machine can't keep the door closed. I mean if I buy a luxury car I better make sure the garage door is well locked, and if hackers were lock thieves and vice versa, garage doors are being opened up every second.
I blame slashdot user Anonymous Coward. After all, it's common knowledge that anonymous users are domestic ter'rists!
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
became unprofitable not because of anything the new york times did wrong, but because changing times made them obsolete
kind of like the air force
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
... ooops meant Chinese / Russians (nudge nudge, wink wink say no more)
Tell the directors "I warned you about this years ago", and resign? ;)
IT IS THE HARDWARE BITCH!
Dibs on that band name.
We are Hardware Bitch, thank you, good NIGHT!!
Because sub contracts around the country, and in teh case of this specific program, around the world, are all collaborating in real time. How can they NOT be on the net?
You're fooling yourself. This could have been going on for years, and somebody just noticed because they installed an IDS upgrade, or turn on a new rule or something. The impression that the entire US government has their computer security ducks in a row is comforting, perhaps, but not really true.
If you mod me down, I shall become more powerful than you could possibly imagine.
An F-35 would not be carrying a nuclear payload over China in the event of nuclear war. Delivery would be by other means, probably an SLBM.
Generating fake engineering data that's believeable takes about as much effort as doing the real thing. There's no way to make "gigabytes of fake data" in an afternoon.
Check out the DoD's guidelines for securing classified data:
http://nsi.org/Library/Govt/Nispom.html
Especially pertinent here is Transmission policy for different types of classified data
http://nsi.org/Library/Govt/Nispom.html#link5
and network security
http://nsi.org/Library/Govt/Nispom.html#link8
Not exactly scintillating reading, but them's the rules.
Really?
The Chinese have a new broadband connection technology that allows them to download "terabytes" of data - while the brilliant Pentagon cybersecurity sleuths don't notice ANY spike in bandwidth!
Right.
When is that technology coming to the States, please?
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
The Obama administration might as well release all the documents to the public now. After all according to their (twisted) logic its out in the public already, so why keep it secret.
This is a non-trivially frightening possibility. IPv6 security is wildly different from IPv4 security, and the fact that the DOD is pushing it so heavily may impact their overall security profile.
Its so easy to decompile and search for
PREFIX CODE (1-6-3-0-9)
...you would plant false data into the same computer which was compromised. When the Chinese hacker returns to it to download even more information, then he would get gigabytes of fake data.
You are delusional. And you need to keep in mind the underlying truth of Hanlon's razor.
A huge amount of effort and money has been put into creating the stolen documents. Do you really think that it would be easy to create credible fakes? Even if they would choose to make very small but key modifications, do you really think that purposely handing out the bulk of the files, which would be unadulterated information, would be worth the unlikely scenario that the modified drawings would provide an advantage in a battle that will not happen?
You've been watching way too many movies.
Probably one of the best times for the Chinese hacks this year. With the economy in a free fall, why the hell would we want to build a $300 Billion Dollar Fighter Jet in the first place especially with people being so critical that the government is spending over $3 Trillion dollars in spending?
The Rapture is NOT an exit strategy.
Why do you think these planes cost so much then? All that fake engineering is expensive.
Fuck yeah!
Money is for war and not education!
(awesome guitar outro)
Sure, but here's a twist. Australia decided not so long back that they really want the F-22, but the previous government had done all the paperwork for the F-35.
Maybe someone wants to shelve the project so that the project becomes impossible to sell. Militarily Australias biggest threat is Asia.
And seriously, who the hell leaves F-35 plans on an unsecure computer in the Pentagon. Air gap people. My assumption is that someone wanted this information to get out. Be it real or fake, doesn't matter, selling the F-35 just became impossible.
There's a secure military network that's not connected to the internet where all the really sensitive information is stored (http://en.wikipedia.org/wiki/SIPRNET). This is just folks trying to get another govt agency started to "secure" networks that are connected to the internet. It will just suck vast amounts of taxpayer dollars and employ many IT people for years to come, but is not really important to real national security.
Yes, yet another (in)famous German design copied succesfully.
http://en.wikipedia.org/wiki/Sturmgewehr_44
"Kill 'em all and let Root sort 'em out"
"why the DoD has sensitive information hooked up to the net in any way"
Dollars to donuts, it's a contractor system. Prolly a network that never had more than corporate security standards applied to it. Maybe even the same systems the contractor uses for their civilian/commercial systems design.
DoD classified stuff is usually physically isolated from untrusted networks. (A so-called "air gap" firewall.)
The big problem US government faces today is that there's a huge amount of unclassified information out there that's still valuable. There are lots of rules for the classified stuff -- and just as important, jurisdiction to enforce those rules. The sensitive-but-unclassified stuff is much less standardized. Some installations will be a model of perfect security. Others... less so.
At the same time, there's a big push to keep as much stuff as possible unclassified, because the security measures mandated for classified stuff cost big bucks.
On a somewhat related note: I was somewhat amused to see the F-35 called the most expensive plane ever, right after the funding was cut for the previous most expensive plane ever (F-22 Raptor). Maybe part of the reason these planes are so expensive is that they keep reallocating the funding to different projects...
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
"Systems containing classified data are NEVER connected to the internet."
Who says it was classified? My guess is that this would be a contractor doing sensitive-but-unclassified work on a production UNCLASS network.
The WSJ even said someone said that avionics and other critical systems are on computers physically separated from the network. I'm guessing that would be the classified stuff.
Most DoD projects have a classified component and an unclassified component. Mainly for cost reasons.
"I strongly suspect that this is another case of fear mongering by an organization trying to get additional funding. "
To paraphrase Heinlein, "Never attribute to intent that which can be adequately explained by stupidity." I think somewhere, some security manager (or the PHB controlling the security money) screwed the pooch and is now in the process of being nailed to the wall for it. All that hammering prolly attracted notice.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
These reports always get me. Why is a secret government system connected in anyway to the internet? There can be no logical reason for this. All classified systems should not even be touching the net. And if they do they should have one choke point to filter and monitor.
"Rather, you would plant false data into the same computer which was compromised. When the Chinese hacker returns to it to download even more information, then he would get gigabytes of fake data."
The production of fake fighter plane plans, with fake capabilities for the plane, that look credible would take a massive amount of work.
What you're essentially saying is produce a whole new fighter design, bad but credible enough, whose specifications were such that whatever counter-measures designed for them would be ineffective against the real thing.
The sheer scale of this enterprise, the colossal amount of thought involved, all of which could be invalidated if it was found to be fake (all it would need is a whisper) is bad enough; to do it in time before they get the real thing? Insane.
When the actual F-35 is deployed, it will defeat those countermeasures and deliver its nuclear payload to Beijing -- on time and on target.
An F-35 to deliver a nuclear payload to Bejing?
I shutter to think of what might have happened to all the submarine launched missiles, land based ballistic missiles, B-2 stealth bombers, B-1B bombers, even cruise missiles?
What form of catastrophy would leave the US in the position of needing to nuke Bejing, and having no more approriate asset left to do it with, then it's second line fighter?
We hear about various hacking events all the time concerning military systems, but it begs the question "can I get a torrent for it?". Sure, the data might be several terabytes in size, but I'm sure there are sub-sections of that data that could be divided out for usage by... anyone. If the information connected to that aircraft were to enter the public domain I can imagine a serious leap in public technology, no sweat [not to mention foreign governments]. At the same time I can imagine some people currently sweating behind their keyboard, debating whether they should pay the $30 billion ransom to prevent just that. So, we currently know the information has been stolen from a secure facility. All someone needs to do now [big ask, I know] is to hack the systems of the individuals who gained that information.
"When the actual F-35 is deployed, it will defeat those countermeasures and deliver its nuclear payload to Beijing -- on time and on target."
Nice try. The F-35 is not a nuclear delivery system but a light tactical fighter-bomber.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
There is a reason "Military Intelligence" is considered an oxymoron.
"When the Chinese hacker returns to it to download even more information, then he would get gigabytes of fake data. "
How exactly would you generate gigabytes of real-seeming but fake data about something as complex as a jet fighter? And do it on demand, in near-real-time?
Seems like whatever agency can do that, has probably already cracked strong AI.
You are not a brain: http://books.google.com/books?id=2oV61CeDx-YC
according to CNN, who were in charge of "designing and building the aircraft."
The article also points out that it was mainly design and performance data, the really sweet stuff was supposedly not compromised.
So some contractor checked his MySpace on the wrong computer...
Wow, what a pie-in-the-sky response.
If you were a smart intelligence officer, say, smart enough to break into one of the most important military systems in the world, wouldn't you be well-aware of baiting tactics, seeing as to how even random slashtards know of them?
In fact, what you're basically saying is that there is no such thing as compromising secret data, because all of it is just there to fool the intruders and everyone, including random slashtards, knows that the data is fake. And by that logic, there's no need to secure the data at all...
Besides that, what makes you think the Chinese want to counter the F-35?
Allow me to adjust your optimism for the future:
When the actual F-35 is deployed, it may be done so by the US.
Given that the F-22 is the costliest program ever and that the JSF was the name of the proposal and pre-flight vehicle (the F-35 is called the "Lightning II") I doubt this story is true.
When the basic info is wrong, chances are the rest of the article is nothing but garbage.
Nice try. The F-35 is not a nuclear delivery system but a light tactical fighter-bomber.
Nice try? Right back at you.
You are wrong and your smugness has only made you an asshat. Please face the corner, thank you. Too bad about the idiot mods you modded you up.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
It's also manned. Which means that it is already almost obsolete.
For all we know, the brass has realized that the F-35 is a waste of money to build, and they want to move on to more and better robots. So let the Chinese waste their money building it. The more extravagantly expensive the design is (multiple terabytes of design data anyone?), the better.
FATMOUSE + YOU = FATMOUSE