Slashdot Mirror

← Back to Stories (view on slashdot.org)

Computer Spies Breach $300B Fighter-Jet Project

Posted by CmdrTaco on from the we're-still-number-one-at-this dept.

suraj.sun writes "Computer spies have broken into the Pentagon's $300 billion Joint Strike Fighter project — the Defense Department's costliest weapons program ever — according to current and former government officials familiar with the attacks. Similar incidents have also breached the Air Force's air-traffic-control system in recent months, these people say. In the case of the fighter-jet program, the intruders were able to copy and siphon off several terabytes of data related to design and electronics systems, officials say, potentially making it easier to defend against the craft."

12 of 330 comments (clear)

  1. Re:Open source. by TheRaven64 · · Score: 4, Informative

    Actually it won't, and this is one of the reasons a few countries pulled out of the JSF project. The DoD is refusing to release source code for the weapons-control systems and their partners did not want to be flying expensive fighters when they had not been able to audit the code that controlled the weapons and had no idea if the USA had added a remote kill switch (the key for which had then been stolen by enemy-of-the-day and used to disable the fighters).

    --
    I am TheRaven on Soylent News
  2. I call bullshit, maybe by gentlemen_loser · · Score: 5, Informative

    Systems containing classified data are NEVER connected to the internet. Any classified data that was siphoned off was left their either maliciously or through stupidity by someone on the inside. In either case, if this really did happen, the person should be tried for treason. Not only are these other networks locked down from the internet, they are also locked down physically - kept away from windows, often in a vault and physical access is tightly controlled.

    Any other data that was acquired was probably crap. I strongly suspect that this is another case of fear mongering by an organization trying to get additional funding.

    The alternative, which is almost too scary for me to consider, is that we have changed our practices and now leave sensitive information critical to our defense on unprotected systems.

    1. Re:I call bullshit, maybe by sunking2 · · Score: 3, Informative

      I think to a great extent your perception of what the security around a lot of the F-35 program is a bit over zealous. F-35 is an ITAR program, which mainly means can't be worked on my foreign nationals. All the data is secured, but primarily its not on its own network. My guess is this data probably came out of a hack or someone who got access to something like a DOORS or Team Center server and just started grabbing stuff. Now granted, some things are greater protected than others. But I can say we work extensively on flight controls and other things of importance and security is there as more a nuisance than anything else.

      Keep in mind F35 is not a black project. Those get their own network, machines locked behind big doors, big approval list to install programs, etc. F35 is such a large project with so many subcontractors that this doesn't surprise me one bit. Security is largly there to pass an audit, and that's about it.

      This whole piece of largely fear mongering to get money approved to create some more bureucracy. Chances are nothing of importance was even gotten as the F35 will be exported to so many countries anyway.

  3. Re:Only a few terabytes? by eltaco · · Score: 2, Informative

    espionage, counter-espionage, counter-counter-espionage, etc, are part of the doctrine and thus are usually planned and prep'ed way in advance. all it takes is a flip of a switch.

    --
    It's not about fate, it's about character.
    there be no shelter here, the frontline is everywhere!
  4. Re:Do not underestimate Western-security procedure by AHuxley · · Score: 3, Informative

    "smart American intelligence officer" - in Georgia (country), Iraq (red zone) or 'near' Pakistan or Latin America.
    The rest are in the private sector.
    What you have left watching some of your servers can be seen thanks to Gary McKinnon.
    http://en.wikipedia.org/wiki/Gary_McKinnon

    --
    Domestic spying is now "Benign Information Gathering"
  5. Counterfeit Cisco Gear Perhaps? by RunzWithScissors · · Score: 3, Informative

    You may remember that /. ran the following several stories:
    Feds Seize $78M of Bogus Chinese Cisco Gear
    http://slashdot.org/article.pl?sid=08/02/29/1642221
    and
    FBI Says Military Had Counterfeit Cisco Routers
    http://it.slashdot.org/article.pl?sid=08/05/09/164201&from=rss

    Lets see, extra chips on a piece of equipment that handles all the network traffic, which would include NFS and a variety of other plain text protocols (why would someone use encryption on a "secure" network). Add to that a sprinkling of Teredo
    http://en.wikipedia.org/wiki/Teredo_tunneling

    And looks to me like it's very likely that someone could steal whatever they wanted.

    Good thing all our corporate suppliers are bound by contracts that would totally be enforced by this foreign government who's providing the bogus equipment. Didn't think about that, did you, stupid corporate outsourcing asshat.

    -Runz

  6. Re:didn't deliver the goods? by VShael · · Score: 1, Informative

    Barely out of R&D? On the contrary, the F-35 has been under development since 2001, and it's had multiple test flights since 2006.
    It's expected to be rolled out in 2 years.

    As for it's not delivering, I seem to remember hearing of a study by RAND which raised concerns over its effectiveness in fighting multiple Russian craft.

    You can read about it here :
    http://img246.imageshack.us/img246/9283/jsfnews3pu5.jpg

  7. Re:Do not underestimate Western-security procedure by shadow349 · · Score: 2, Informative

    You would not publicly announce the breach of security. Rather, you would plant false data into the same computer which was compromised. When the Chinese hacker returns to it to download even more information, then he would get gigabytes of fake data.

    Fake data? Bah. I'd much rather we plant bad information that will cause the most monumental non-nuclear explosion and fire ever seen from space.

  8. Re:Do not underestimate Western-security procedure by Anonymous Coward · · Score: 1, Informative

    An F-35 would not be carrying a nuclear payload over China in the event of nuclear war. Delivery would be by other means, probably an SLBM.

  9. Government Regs on How to Transmit Classified Data by eric02138 · · Score: 3, Informative

    Check out the DoD's guidelines for securing classified data:
    http://nsi.org/Library/Govt/Nispom.html

    Especially pertinent here is Transmission policy for different types of classified data
    http://nsi.org/Library/Govt/Nispom.html#link5
    and network security
    http://nsi.org/Library/Govt/Nispom.html#link8

    Not exactly scintillating reading, but them's the rules.

  10. Re:Do not underestimate Western-security procedure by couchslug · · Score: 2, Informative

    "When the actual F-35 is deployed, it will defeat those countermeasures and deliver its nuclear payload to Beijing -- on time and on target."

    Nice try. The F-35 is not a nuclear delivery system but a light tactical fighter-bomber.

    --
    "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
  11. Re:Only a few terabytes? by StikyPad · · Score: 3, Informative

    Turns out we already discussed that 5 years ago. http://slashdot.org/comments.pl?sid=98957&threshold=1&commentsort=0&mode=thread&pid=8438763

    The evidence seemed to point to the story being BS.

    --
    https://www.eff.org/https-everywhere