Computer Spies Breach $300B Fighter-Jet Project

suraj.sun writes "Computer spies have broken into the Pentagon's $300 billion Joint Strike Fighter project — the Defense Department's costliest weapons program ever — according to current and former government officials familiar with the attacks. Similar incidents have also breached the Air Force's air-traffic-control system in recent months, these people say. In the case of the fighter-jet program, the intruders were able to copy and siphon off several terabytes of data related to design and electronics systems, officials say, potentially making it easier to defend against the craft."

A project for our worst enemies

[elrous0]

Yeah--good luck with polishing THAT turd, China.

Why?

[rotide]

Why are these sensitive systems connected to the public internet. Either directly or indirectly, whose bright idea was it? If you need a computer in the lab connected to the internet, fine, just keep the infrastructure seperate.

Sloppy espionage ?

[Davemania]

Not to downplay this event but I really wonder why we don't hear much about espionage from western countries ? Are they better at it (rather than using malware or commonly avaliable tools) ? I am sure the Chinese etc have equally vulnerable systems.

If I'd spent 300 billion on a project

[VShael]

If I'd spent 300 billion on a project that didn't deliver the goods, I might be tempted to stage an internet break in which would force the projects cancellation, saving face for all concerned.

Speaking of, how much money has been wasted on the missile defence shield? 4 years ago, they were saying 50 billion. Today I think it's up to 115 billion. And of course, it still doesn't work. (And most likely never will.)

Will we see a "break in" on that research any time soon?

this is the second

[nimbius]

article blaming china for hacking in the past 6 months. the US must always have an enemy it seems.

first they say "many details couldnt be learned" such as origin, then the article does an about face and implies it came from china...are we just blaming the new kid for everything!?

could this "breech" have been some misinterpretation of say, a backup job being run? the US Navy has a history of this http://en.wikipedia.org/wiki/Iran_Air_Flight_655

Open Air Policy

[kenp2002]

Again reinforcing the need to return to the "Open Air Policy" that any secret or top secret network must have a "nothing but open air" between the secure system and unsecure system. Prior to the 90s many secure networks had a single cable, usually with a manual breaker, that would be enable only as a specific scheduled time, and the end point on the unsecure side was a single terminal (2 NICs, 1 to unsecure network on one subnet, then the secure network on another) where both network cards were phsyically impossible to operate at the same time (the reason for 2 NICs is the secure NIC is an encrypted card)

Seriously, you should never be able to tget from A -> B -> C where A is a public network and C is a secret or top secret network.

Hell last weekend I was at a shop where the DEV network was self contained and the only way they got code builds was compiled on the DEV network (12th floor) then sneaker-net'ed to the testing environment via optical disk (8th floor).

P.S.F.F The office on the 9th floor still has token ring... WTF who still uses Token Ring? Seriously? I mean it's friggin Token Ring... I remember working on Norwest Mortgage's (bought by Wells Fargo) token ring to ethernet conversion, what 12 years ago now... Jebus Rice that was a long time ago now it seems...

didn't deliver the goods?

[wiredog]

The F-35 is barely out of R&D. It hasn't had a chance to "not deliver" yet.

Re:Only a few terabytes?

[Thiez]

> you feed plausible-looking but wrong information down the leaking conduit for as long as possible.

I assume it would be quite tricky to generate even a few gigabytes of plausible-looking 'data related to design and electronics systems' even if you had a whole day to prepare, and we are talking about multiple terabytes here, and while you are busy preparing the wrong information, the spies are still downloading the correct stuff. So unless you live in a movie where stuff that normally takes days can be done in 5 minutes when our protagonists start randomly pushing buttons on their keyboard with pretty pictures appearing on the screen accompanied by uninformative beeping sounds, it would probably be best to simply terminate the connection and start improving your security, look for backdoors that might have been installed, and so forth.

Re:Only a few terabytes?

[hedwards]

The more interesting question is why the DoD has sensitive information hooked up to the net in any way. The only way of ensuring net based attacks are unsuccessful is by disconnecting from the net. Sure you still have to ensure that the people using the terminals are on the up and up, but that's a lot easier than keeping a large network full of sekrit goberment stuff secure.

I'm always amazed that this sort of information would be stored and used on internet connected computers, it just seems like asking for trouble. Historically the DoD has done a pretty incompetent job of securing its systems, which really makes one wonder how many of these advancements are now in the works in foreign states.

Re:Do not underestimate Western-security procedure

[us7892]

And, do not overestimate Western security procedures.