Slashdot Mirror
Computer Spies Breach $300B Fighter-Jet Project
suraj.sun writes "Computer spies have broken into the Pentagon's $300 billion Joint Strike Fighter project — the Defense Department's costliest weapons program ever — according to current and former government officials familiar with the attacks. Similar incidents have also breached the Air Force's air-traffic-control system in recent months, these people say. In the case of the fighter-jet program, the intruders were able to copy and siphon off several terabytes of data related to design and electronics systems, officials say, potentially making it easier to defend against the craft."
Yeah--good luck with polishing THAT turd, China.
SJW: Someone who has run out of real oppression, and has to fake it.
Why are these sensitive systems connected to the public internet. Either directly or indirectly, whose bright idea was it? If you need a computer in the lab connected to the internet, fine, just keep the infrastructure seperate.
Not to downplay this event but I really wonder why we don't hear much about espionage from western countries ? Are they better at it (rather than using malware or commonly avaliable tools) ? I am sure the Chinese etc have equally vulnerable systems.
Even if they're on an OC-192, (~10 Gbps) somebody should have noticed. A single terabyte would take some 13 minutes assuming they achieved full line speed. That's a lot of time for their systems to not be paying attention.
Besides, the connection is likely a lot smaller than that. It's not like the DoD wants to send anyone massive quantities to data on a regular basis.
If I'd spent 300 billion on a project that didn't deliver the goods, I might be tempted to stage an internet break in which would force the projects cancellation, saving face for all concerned.
Speaking of, how much money has been wasted on the missile defence shield? 4 years ago, they were saying 50 billion. Today I think it's up to 115 billion. And of course, it still doesn't work. (And most likely never will.)
Will we see a "break in" on that research any time soon?
article blaming china for hacking in the past 6 months. the US must always have an enemy it seems.
first they say "many details couldnt be learned" such as origin, then the article does an about face and implies it came from china...are we just blaming the new kid for everything!?
could this "breech" have been some misinterpretation of say, a backup job being run? the US Navy has a history of this http://en.wikipedia.org/wiki/Iran_Air_Flight_655
Good people go to bed earlier.
Again reinforcing the need to return to the "Open Air Policy" that any secret or top secret network must have a "nothing but open air" between the secure system and unsecure system. Prior to the 90s many secure networks had a single cable, usually with a manual breaker, that would be enable only as a specific scheduled time, and the end point on the unsecure side was a single terminal (2 NICs, 1 to unsecure network on one subnet, then the secure network on another) where both network cards were phsyically impossible to operate at the same time (the reason for 2 NICs is the secure NIC is an encrypted card)
Seriously, you should never be able to tget from A -> B -> C where A is a public network and C is a secret or top secret network.
Hell last weekend I was at a shop where the DEV network was self contained and the only way they got code builds was compiled on the DEV network (12th floor) then sneaker-net'ed to the testing environment via optical disk (8th floor).
P.S.F.F The office on the 9th floor still has token ring... WTF who still uses Token Ring? Seriously? I mean it's friggin Token Ring... I remember working on Norwest Mortgage's (bought by Wells Fargo) token ring to ethernet conversion, what 12 years ago now... Jebus Rice that was a long time ago now it seems...
-=[ Who Is John Galt? ]=-
Comment removed based on user account deletion
The F-35 is barely out of R&D. It hasn't had a chance to "not deliver" yet.
Best Slashdot Co
> you feed plausible-looking but wrong information down the leaking conduit for as long as possible.
I assume it would be quite tricky to generate even a few gigabytes of plausible-looking 'data related to design and electronics systems' even if you had a whole day to prepare, and we are talking about multiple terabytes here, and while you are busy preparing the wrong information, the spies are still downloading the correct stuff. So unless you live in a movie where stuff that normally takes days can be done in 5 minutes when our protagonists start randomly pushing buttons on their keyboard with pretty pictures appearing on the screen accompanied by uninformative beeping sounds, it would probably be best to simply terminate the connection and start improving your security, look for backdoors that might have been installed, and so forth.
The more interesting question is why the DoD has sensitive information hooked up to the net in any way. The only way of ensuring net based attacks are unsuccessful is by disconnecting from the net. Sure you still have to ensure that the people using the terminals are on the up and up, but that's a lot easier than keeping a large network full of sekrit goberment stuff secure.
I'm always amazed that this sort of information would be stored and used on internet connected computers, it just seems like asking for trouble. Historically the DoD has done a pretty incompetent job of securing its systems, which really makes one wonder how many of these advancements are now in the works in foreign states.
They're still people just like everyone else, with human limitations of attention, intelligence, resources, time...
The most likely scenario is that 98% of the info they grabbed is the real stuff. Maaaybe they seeded some wrong values into the schemata to try to minefield attempts to construct them, but the overall structure and general design were successfully stolen. They can't spend a ton of time putting in fake info because this is important information they're stealing while they work on inserting fakes, and even doctored designs can provide insight.
They don't have fake backups standing by because who has the time and resources to simultaneously produce real work and fake work in parallel(and from the same limited body of personnel with sufficient clearance?)
And, do not overestimate Western security procedures.
> "smart American intelligence officer" - in
> Georgia (country), Iraq (red zone) or 'near'
> Pakistan or Latin America.
> The rest are in the private sector.
They are civilians, not "private sector". Who their employer contracts to makes the difference. Civilian psyops specialists have always been a prominent part of theory and field work. The psyops 'bible' was written by a civilian: Dr. Paul "E.E. 'Doc' Smith" Linebarger.
As for the military intelligence people, what was said about planting false data about the plane applies to the external appearance of the intelligence community. You don't want the enemy to know how many troops you have and what their capabilities are. The same goes for your intelligence capabilities.
While the media reports various intelligence shortcomings and fuckups, and congress investigates same whether they happened or not, some of the smartest people you'll never meet are running around inside the Pentagon's various intelligence offices, and in and out of offices that same entirely different things on the door. Some of them are running an intelligence agency operating within the US, including field operations, that rivals the CIA in quantity and quality of results. Of course this can't be true because the US military is not allowed to conduct operations against US civilians without a federal decree of martial law, right?
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
I'll start believing the editors of the new york times are competent at military analysis shortly after I believe the editors at the new york times are competent at running a profitable newspaper
When the actual F-35 is deployed, it will defeat those countermeasures and deliver its nuclear payload to Beijing -- on time and on target.
Why do you want to deliver a nuclear payload to Beijing or anywhere?
Is it your answer to the security problems?
I would say that a better way (better for the humankind) is to improve the safety of sensitive information and the defense, instead of looking where and how to send a nuke.
Do not say it is not what you meant, because it is exactly what you meant.
"Why build one when you can build two for twice the price?"
*sigh* back to work...
You're fooling yourself. This could have been going on for years, and somebody just noticed because they installed an IDS upgrade, or turn on a new rule or something. The impression that the entire US government has their computer security ducks in a row is comforting, perhaps, but not really true.
If you mod me down, I shall become more powerful than you could possibly imagine.
I don't think you'd need to modify the whole archive of data to render it all useless. I'm sure a few carefully altered decimal points is all you'd need to turn a $300B jet into a $300B burning piece of scrap metal.
the marines, the army, the navy: they all have their own fighter wings
Didn't the Air Force start out as the Army Air Force, and then break off as its own military branch?