Computer Spies Breach $300B Fighter-Jet Project

← Back to Stories (view on slashdot.org)

Computer Spies Breach $300B Fighter-Jet Project

Posted by CmdrTaco on Tuesday April 21, 2009 @01:25AM from the we're-still-number-one-at-this dept.

suraj.sun writes "Computer spies have broken into the Pentagon's $300 billion Joint Strike Fighter project — the Defense Department's costliest weapons program ever — according to current and former government officials familiar with the attacks. Similar incidents have also breached the Air Force's air-traffic-control system in recent months, these people say. In the case of the fighter-jet program, the intruders were able to copy and siphon off several terabytes of data related to design and electronics systems, officials say, potentially making it easier to defend against the craft."

19 of 330 comments (clear)

Min score:

Reason:

Sort:

Only a few terabytes? by Kayden · 2009-04-21 01:28 · Score: 5, Interesting

What kind of connection do you need to have to get away with several terabytes of data before someone notices? Users on my network get pissy when someone downloads a few dozen megs.
1. Re:Only a few terabytes? by Spazztastic · 2009-04-21 01:30 · Score: 3, Interesting
  
  What kind of connection do you need to have to get away with several terabytes of data before someone notices? Users on my network get pissy when someone downloads a few dozen megs.
  Probably because they aren't on some residential asynchronous connection. I imagine them to be on at least something near a SONET connection.
  
  --
  Posts not to be taken literally. Almost everything is sarcasm.
2. Re:Only a few terabytes? by TheRaven64 · 2009-04-21 01:48 · Score: 5, Interesting
  
  They probably trickled it out over a long period. The more interesting question is how long ago the DoD noticed the breach and started providing doctored information. In the Soviet era, it was common to use this kind of thing for misinformation. Once a project has been compromised, you feed plausible-looking but wrong information down the leaking conduit for as long as possible. There was an interesting example of this posted on Wikileaks a year or so ago, of an American nuclear bomb design obtained from the Russians, which contained a few minor and difficult-to-find design flaws that would have prevented the bomb from actually working if it had been built along those lines.
  
  --
  I am TheRaven on Soylent News
3. Re:Only a few terabytes? by AHuxley · 2009-04-21 01:52 · Score: 2, Interesting
  
  Same as you needed in 1989.
  A few lines of code and a modem.
  Its not about downloading "terabytes" in realtime.
  You shift it onto other networks and collect it later.
  You got in on other networks, other networks can carry your data out.
  A few more or less 'terabytes' on many networks is a nights spam.
  Nobody is looking. When they do, your data is safe in its new home.
  
  --
  Domestic spying is now "Benign Information Gathering"
4. Re:Only a few terabytes? by Loki_1929 · 2009-04-21 02:08 · Score: 3, Interesting
  
  If it was a Plutonium weapon, they likely hid flaws in the implosion timing and geometry designs.
  If it was a Uranium "gun" design, your weapon failed because you're an idiot. I mean seriously, a couple first-year engineering students with access to Wikipedia and a few thousand bucks can build those. Weaponizing the ore is the toughest part, and that's not difficult (just dangerous to your health).
  
  --
  -- "Government is the great fiction through which everybody endeavors to live at the expense of everybody else."
5. Re:Only a few terabytes? by Anonymous Coward · 2009-04-21 02:09 · Score: 2, Interesting
  
  It's not like the DoD wants to send anyone massive quantities to data on a regular basis.
  (Corrected) It's not like the DoD wants to send non-intel agencies massive quantities to data on a regular basis.
  
  Given that agencies are supposed to work together now, I imagine there is a bit more data transfer between agencies today. I'd also imagine that these are only done over secure connections so anything accessible by the public wouldn't get to a critical network by the fact that they aren't connected.
  
  From the article:
  
  The intruders entered through vulnerabilities in the networks of two or three contractors helping to build the high-tech fighter jet, according to people who have been briefed on the matter.
  Given this statement though, it sounds as if the problem was improper network security at the (sub)contractor locations. If not a secure network issue, then improper access due to an authorized users making unauthorized attacks (i.e. spy).
  
  Mij
6. Re:Only a few terabytes? by Anonymous Coward · 2009-04-21 02:09 · Score: 5, Interesting
  
  They also did that during the Reagan administration with a software package designed to run the valves on a natural gas pipeline.
  http://www.msnbc.msn.com/id/4394002
  The software was modified to run just fine for a while, but then go haywire. The end result was "...the most monumental non-nuclear explosion and fire ever seen from space...".
  This occurred in 1982. I'm sure they're still doing exactly the same thing today.
7. Re:Only a few terabytes? by xystren · 2009-04-21 02:17 · Score: 2, Interesting
  
  So "someone" had downloaded a few terabytes... Has anyone thought about what if some of the design/code has been changed? I would view that as a major threat also. Imagine a bug in the fire control systems that would prevent a weapon from firing when a certain signal is received? Or a limiter that would impact maneuverability during combat situation? We see this sort of thing with malware/spyware/adware all the time. Is it that inconceivable to see it in this kind of situation? What if the data breech is the red herring?
  I personally think this aspect has been missed with the whole DATA BREECH drama. Not saying the data breech isn't important, I'm would also be concerned about the integrity of the data accessed. There seems to be only the concern for reverse engineering of the data, no one seems to be concerned about modification of the data.
  Just my thoughts,
  Xyst
8. Re:Only a few terabytes? by Maximum+Prophet · 2009-04-21 04:46 · Score: 2, Interesting
  
  During the cold war, the US got wind that the Soviets were stealing natural gas pipeline control software, so they let them steal a version that had a logic bomb in it. When it blew up, it caused the largest non-nuclear explosion ever seen from space. http://www.msnbc.msn.com/id/4394002
  Anyone who uses the stolen data is a fool. Good counter-spies have bad data available for immediate use.
  
  --
  All ideas^H^H^H^H^Hprocesses in this post are Patent Pending. (as well as the process of patenting all postings)
Re:Why? by Opportunist · 2009-04-21 01:33 · Score: 1, Interesting

Because
a) it is easier.
b) it is cheaper.
c) some bigwig from marketing/management "needed it".
d) the el cheapo admins couldn't figure out how to firewall it (or just didn't want to bother because, hey, government job, nobody gets fired just for being lazy).
e) all of the above.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
counterinteligence by deathguppie · 2009-04-21 01:34 · Score: 2, Interesting

There is just as good a chance that the information stolen is bad information, as there is that it is good information. Now the Chinese/Russian spies need to determine what is and isn't good information from what they stole

--
once more into the breach
Re:Why? by Thanshin · 2009-04-21 01:35 · Score: 3, Interesting

If you need a computer in the lab connected to the internet, fine, just keep the infrastructure seperate.
You live in the past. Haven't you heard of the new airborne virii?
They're technically called. "I work in a lab and don't know shit about computers so I regularly download all info into my personal portable".
Re:Why? by QuantumRiff · 2009-04-21 01:39 · Score: 4, Interesting

the secret data wasn't on the internet, according to the article. It was not compromised. Only "sensitive" data was compromised. So while they might be able to infer information about the fighter, and its capabilities, they don't have the design and code for it.

--

What are we going to do tonight Brain?
Comment removed by account_deleted · 2009-04-21 01:40 · Score: 4, Interesting

Comment removed based on user account deletion
Bang for my buck by KneelBeforeZod · 2009-04-21 01:42 · Score: 3, Interesting

300 Billion taxpayer dollars?!? Do they transform into giant robots?
Do not underestimate Western-security procedures. by reporter · 2009-04-21 02:28 · Score: 5, Interesting

Do not underestimate the cleverness of American-intelligence procedures.
Note that Chinese intruders succeeded in numerous attempts at downloading information related to the F-35 jet fighter. After the 1st such attempt, American intelligence would have become aware of the incident.
If you were a smart intelligence officer, what would you do after the 1st attempt?
You would not publicly announce the breach of security. Rather, you would plant false data into the same computer which was compromised. When the Chinese hacker returns to it to download even more information, then he would get gigabytes of fake data.
The aim is for the Chinese military to develop countermeasures against F-35 performance characteristics that does not exist. When the actual F-35 is deployed, it will defeat those countermeasures and deliver its nuclear payload to Beijing -- on time and on target.
7.5 million lines of computer code by viralMeme · 2009-04-21 03:22 · Score: 2, Interesting

"The Joint Strike Fighter, also known as the F-35 Lightning II, is the costliest and most technically challenging weapons program the Pentagon has ever attempted. The plane, led by Lockheed Martin Corp., relies on 7.5 million lines of computer code, which the Government Accountability Office said is more than triple the amount used in the current top Air Force fighter"

Ohh, fuck .. Lockheed's F-22 Raptor Gets Zapped by International Date Line

I recall one where the pilot wondered what would happen if he pressed the 'gear up' lever while still on the ground. The gear retracted and the aircraft was severely damaged.
Re:Open source. by Anonymous Coward · 2009-04-21 03:51 · Score: 4, Interesting

It's not the DoD, it's the Department of State. Stupid ITAR. I have to deal with it, because I (used to) manufacture a small amount of small arms ammunition (largely specialty loads for uncommon, or almost extinct cartridges, you might say) for consumption ONLY in the US. Not only do you have to register fingerprints, bodily fluids and your first born son with the BATF to get the license to manufacture ammo for sale, you have to pay the DoS about 1700 a year, to register as a manufacturer.
I didn't know about ITAR upfront, and after updating their policies, and only really began learning about it after the BATF reported me to the DoS after several years of putting along, manufacturing about 6000 rounds a year and having fun--it didn't pay a whole lot, but it was a part time business that was actually growing. The back fees put me out, and I had to rescind my 06 FFL for making ammo to avoid going bankrupt.
The premise is, it's supposed to keep our military secrets from falling into enemy hands, but it has such a broad scope that it effects tons of people who don't work on anything remotely sensitive--and good luck trying to get an exemption. It might not be so bad, but it effects lots of people doing no exporting whatsoever, and it also affects academics doing research in fields which are not always so obviously related to armaments... It only adds insult to injury, to see that all of this registration bullshit fails so completely in protecting the REAL secrets. Though, I'm not surprised to learn that it was a government office which was compromised.
It's all the more more frustrating to know that they won't learn a fucking thing from this. If only the pentagon were forced to pay a multi-million dollar fee to the DoS, like a private corporation would.
That software was SOLD broken by Anonymous Coward · 2009-04-21 04:39 · Score: 1, Interesting

Not stolen