Computer Spies Breach $300B Fighter-Jet Project

suraj.sun writes "Computer spies have broken into the Pentagon's $300 billion Joint Strike Fighter project — the Defense Department's costliest weapons program ever — according to current and former government officials familiar with the attacks. Similar incidents have also breached the Air Force's air-traffic-control system in recent months, these people say. In the case of the fighter-jet program, the intruders were able to copy and siphon off several terabytes of data related to design and electronics systems, officials say, potentially making it easier to defend against the craft."

A project for our worst enemies

[elrous0]

Yeah--good luck with polishing THAT turd, China.

Oops, sorry...that was me

I thought I was downloading the latest Windows 7 beta candidate
boy is my face red.

(ob: what's that knock on my door, I'll be *NO CARRIER*)

Re:Oops, sorry...that was me

[Arthur+Grumbine]

Note to self - do not end *NO CARRIER* joke with a closing parenthesis

Only a few terabytes?

[Kayden]

What kind of connection do you need to have to get away with several terabytes of data before someone notices? Users on my network get pissy when someone downloads a few dozen megs.

Re:Only a few terabytes?

[Spazztastic]

What kind of connection do you need to have to get away with several terabytes of data before someone notices? Users on my network get pissy when someone downloads a few dozen megs.

Probably because they aren't on some residential asynchronous connection. I imagine them to be on at least something near a SONET connection.

Re:Only a few terabytes?

[Opportunist]

(cue spy mike in the cafeteria a few days ago)

"Bob, is it me or is the network reeeeally slow again t'day?"
"Yeah, wonder what the goons in IT are pissin' with today. Wish they'd tell us that before they start rewiring everything."

Re:Only a few terabytes?

[TheRaven64]

They probably trickled it out over a long period. The more interesting question is how long ago the DoD noticed the breach and started providing doctored information. In the Soviet era, it was common to use this kind of thing for misinformation. Once a project has been compromised, you feed plausible-looking but wrong information down the leaking conduit for as long as possible. There was an interesting example of this posted on Wikileaks a year or so ago, of an American nuclear bomb design obtained from the Russians, which contained a few minor and difficult-to-find design flaws that would have prevented the bomb from actually working if it had been built along those lines.

Re:Only a few terabytes?

[Shakrai]

There was an interesting example of this posted on Wikileaks a year or so ago, of an American nuclear bomb design obtained from the Russians, which contained a few minor and difficult-to-find design flaws that would have prevented the bomb from actually working if it had been built along those lines.

So THAT'S why my nuclear bomb didn't work ;)

Re:Only a few terabytes?

[Loki_1929]

If it was a Plutonium weapon, they likely hid flaws in the implosion timing and geometry designs.

If it was a Uranium "gun" design, your weapon failed because you're an idiot. I mean seriously, a couple first-year engineering students with access to Wikipedia and a few thousand bucks can build those. Weaponizing the ore is the toughest part, and that's not difficult (just dangerous to your health).

Re:Only a few terabytes?

[Thiez]

> you feed plausible-looking but wrong information down the leaking conduit for as long as possible.

I assume it would be quite tricky to generate even a few gigabytes of plausible-looking 'data related to design and electronics systems' even if you had a whole day to prepare, and we are talking about multiple terabytes here, and while you are busy preparing the wrong information, the spies are still downloading the correct stuff. So unless you live in a movie where stuff that normally takes days can be done in 5 minutes when our protagonists start randomly pushing buttons on their keyboard with pretty pictures appearing on the screen accompanied by uninformative beeping sounds, it would probably be best to simply terminate the connection and start improving your security, look for backdoors that might have been installed, and so forth.

Re:Only a few terabytes?

They also did that during the Reagan administration with a software package designed to run the valves on a natural gas pipeline.

http://www.msnbc.msn.com/id/4394002

The software was modified to run just fine for a while, but then go haywire. The end result was "...the most monumental non-nuclear explosion and fire ever seen from space...".

This occurred in 1982. I'm sure they're still doing exactly the same thing today.

Re:Only a few terabytes?

[hedwards]

The more interesting question is why the DoD has sensitive information hooked up to the net in any way. The only way of ensuring net based attacks are unsuccessful is by disconnecting from the net. Sure you still have to ensure that the people using the terminals are on the up and up, but that's a lot easier than keeping a large network full of sekrit goberment stuff secure.

I'm always amazed that this sort of information would be stored and used on internet connected computers, it just seems like asking for trouble. Historically the DoD has done a pretty incompetent job of securing its systems, which really makes one wonder how many of these advancements are now in the works in foreign states.

Re:Only a few terabytes?

[JCSoRocks]

Yeah, that's what happens when you have a, "shiny bomb-casing filled with used pinball machine parts."

Re:Only a few terabytes?

[StoatBringer]

Clearly, you simply need to connect the red wire to th
+++NO CARRIER+++

Re:Only a few terabytes?

[CopaceticOpus]

Try switching to Comcast(TM)! Their advanced security features would have detected this breach and put a stop to it after only a mere 250G was transferred. It's Comcastic(TM)!

(I just hope the spies didn't discover the fighter's only weakness, a small thermal exhaust port...)

Re:Only a few terabytes?

[StikyPad]

Turns out we already discussed that 5 years ago. http://slashdot.org/comments.pl?sid=98957&threshold=1&commentsort=0&mode=thread&pid=8438763

The evidence seemed to point to the story being BS.

Why?

[rotide]

Why are these sensitive systems connected to the public internet. Either directly or indirectly, whose bright idea was it? If you need a computer in the lab connected to the internet, fine, just keep the infrastructure seperate.

Re:Why?

[Spazztastic]

Why are these sensitive systems connected to the public internet. Either directly or indirectly, whose bright idea was it? If you need a computer in the lab connected to the internet, fine, just keep the infrastructure seperate.

You see, they weren't actually. They were on a private network but they were able to siphon off data by hanging a bucket off of the network cable and cutting a hole in it. The bits fell into the bucket, and the rest is history...

Re:Why?

[Thanshin]

If you need a computer in the lab connected to the internet, fine, just keep the infrastructure seperate.

You live in the past. Haven't you heard of the new airborne virii?

They're technically called. "I work in a lab and don't know shit about computers so I regularly download all info into my personal portable".

Re:Why?

[Kotoku]

Wait..I'm confused. The Internet is a series of buckets? What if the siphon tube gets clogged?

Re:Why?

[Spazztastic]

No, it's a series of tubes that can be siphoned off into a bucket. Look, kid, you're asking questions that are way above your head here...

Re:Why?

[QuantumRiff]

the secret data wasn't on the internet, according to the article. It was not compromised. Only "sensitive" data was compromised. So while they might be able to infer information about the fighter, and its capabilities, they don't have the design and code for it.

Sloppy espionage ?

[Davemania]

Not to downplay this event but I really wonder why we don't hear much about espionage from western countries ? Are they better at it (rather than using malware or commonly avaliable tools) ? I am sure the Chinese etc have equally vulnerable systems.

Re:Sloppy espionage ?

[Thanshin]

Now, I sit down in my home in China, run some scripts, hack a US government computer, brag to my friends, etc.... Someone from the US government calls... wait a minute, no they didn't. No one even cared. But lets pretend they did care and they called some official in China and told them what was going on... *LAUGHTER AND LOTS OF POINTING* from the Chinese side.

I sit down in my home in Spain, run some scripts, hack a US government computer, brag to my friends, etc.... Someone from the spanish government takes a sip from his third coffee of the morning while vaguely rememorating the last time he did some work, many years before. Then, he decides it's a perfect day to go home before noon and leaves.

Re:Sloppy espionage ?

[m50d]

1) a foreign country doesn't want to loose face

Yeah, they'd end up looking rather slack-jawed.

Open source.

[dtml-try+MyNick]

2009, the year of the open source Jet Fighter.

Re:Open source.

[TheRaven64]

Actually it won't, and this is one of the reasons a few countries pulled out of the JSF project. The DoD is refusing to release source code for the weapons-control systems and their partners did not want to be flying expensive fighters when they had not been able to audit the code that controlled the weapons and had no idea if the USA had added a remote kill switch (the key for which had then been stolen by enemy-of-the-day and used to disable the fighters).

Re:Open source.

It's not the DoD, it's the Department of State. Stupid ITAR. I have to deal with it, because I (used to) manufacture a small amount of small arms ammunition (largely specialty loads for uncommon, or almost extinct cartridges, you might say) for consumption ONLY in the US. Not only do you have to register fingerprints, bodily fluids and your first born son with the BATF to get the license to manufacture ammo for sale, you have to pay the DoS about 1700 a year, to register as a manufacturer.

I didn't know about ITAR upfront, and after updating their policies, and only really began learning about it after the BATF reported me to the DoS after several years of putting along, manufacturing about 6000 rounds a year and having fun--it didn't pay a whole lot, but it was a part time business that was actually growing. The back fees put me out, and I had to rescind my 06 FFL for making ammo to avoid going bankrupt.

The premise is, it's supposed to keep our military secrets from falling into enemy hands, but it has such a broad scope that it effects tons of people who don't work on anything remotely sensitive--and good luck trying to get an exemption. It might not be so bad, but it effects lots of people doing no exporting whatsoever, and it also affects academics doing research in fields which are not always so obviously related to armaments... It only adds insult to injury, to see that all of this registration bullshit fails so completely in protecting the REAL secrets. Though, I'm not surprised to learn that it was a government office which was compromised.

It's all the more more frustrating to know that they won't learn a fucking thing from this. If only the pentagon were forced to pay a multi-million dollar fee to the DoS, like a private corporation would.

Comment removed

[account_deleted]

Comment removed based on user account deletion

If I'd spent 300 billion on a project

[VShael]

If I'd spent 300 billion on a project that didn't deliver the goods, I might be tempted to stage an internet break in which would force the projects cancellation, saving face for all concerned.

Speaking of, how much money has been wasted on the missile defence shield? 4 years ago, they were saying 50 billion. Today I think it's up to 115 billion. And of course, it still doesn't work. (And most likely never will.)

Will we see a "break in" on that research any time soon?

Bang for my buck

[KneelBeforeZod]

300 Billion taxpayer dollars?!? Do they transform into giant robots?

this is the second

[nimbius]

article blaming china for hacking in the past 6 months. the US must always have an enemy it seems.

first they say "many details couldnt be learned" such as origin, then the article does an about face and implies it came from china...are we just blaming the new kid for everything!?

could this "breech" have been some misinterpretation of say, a backup job being run? the US Navy has a history of this http://en.wikipedia.org/wiki/Iran_Air_Flight_655

Open Air Policy

[kenp2002]

Again reinforcing the need to return to the "Open Air Policy" that any secret or top secret network must have a "nothing but open air" between the secure system and unsecure system. Prior to the 90s many secure networks had a single cable, usually with a manual breaker, that would be enable only as a specific scheduled time, and the end point on the unsecure side was a single terminal (2 NICs, 1 to unsecure network on one subnet, then the secure network on another) where both network cards were phsyically impossible to operate at the same time (the reason for 2 NICs is the secure NIC is an encrypted card)

Seriously, you should never be able to tget from A -> B -> C where A is a public network and C is a secret or top secret network.

Hell last weekend I was at a shop where the DEV network was self contained and the only way they got code builds was compiled on the DEV network (12th floor) then sneaker-net'ed to the testing environment via optical disk (8th floor).

P.S.F.F The office on the 9th floor still has token ring... WTF who still uses Token Ring? Seriously? I mean it's friggin Token Ring... I remember working on Norwest Mortgage's (bought by Wells Fargo) token ring to ethernet conversion, what 12 years ago now... Jebus Rice that was a long time ago now it seems...

didn't deliver the goods?

[wiredog]

The F-35 is barely out of R&D. It hasn't had a chance to "not deliver" yet.

I call bullshit, maybe

[gentlemen_loser]

Systems containing classified data are NEVER connected to the internet. Any classified data that was siphoned off was left their either maliciously or through stupidity by someone on the inside. In either case, if this really did happen, the person should be tried for treason. Not only are these other networks locked down from the internet, they are also locked down physically - kept away from windows, often in a vault and physical access is tightly controlled.

Any other data that was acquired was probably crap. I strongly suspect that this is another case of fear mongering by an organization trying to get additional funding.

The alternative, which is almost too scary for me to consider, is that we have changed our practices and now leave sensitive information critical to our defense on unprotected systems.

Re:I call bullshit, maybe

[sunking2]

I think to a great extent your perception of what the security around a lot of the F-35 program is a bit over zealous. F-35 is an ITAR program, which mainly means can't be worked on my foreign nationals. All the data is secured, but primarily its not on its own network. My guess is this data probably came out of a hack or someone who got access to something like a DOORS or Team Center server and just started grabbing stuff. Now granted, some things are greater protected than others. But I can say we work extensively on flight controls and other things of importance and security is there as more a nuisance than anything else.

Keep in mind F35 is not a black project. Those get their own network, machines locked behind big doors, big approval list to install programs, etc. F35 is such a large project with so many subcontractors that this doesn't surprise me one bit. Security is largly there to pass an audit, and that's about it.

This whole piece of largely fear mongering to get money approved to create some more bureucracy. Chances are nothing of importance was even gotten as the F35 will be exported to so many countries anyway.

Not even Jack Bauer can prevent leaks

[patro]

It doesn't matter if the data is on the Internet. No matter how well you protect your data there always are rogue agents on the roster who have access to everything and can operate undetected for a long period of time.

I'm not kidding. I have my sources. I watch 24 after all.

Do not underestimate Western-security procedures.

[reporter]

Do not underestimate the cleverness of American-intelligence procedures.

Note that Chinese intruders succeeded in numerous attempts at downloading information related to the F-35 jet fighter. After the 1st such attempt, American intelligence would have become aware of the incident.

If you were a smart intelligence officer, what would you do after the 1st attempt?

You would not publicly announce the breach of security. Rather, you would plant false data into the same computer which was compromised. When the Chinese hacker returns to it to download even more information, then he would get gigabytes of fake data.

The aim is for the Chinese military to develop countermeasures against F-35 performance characteristics that does not exist. When the actual F-35 is deployed, it will defeat those countermeasures and deliver its nuclear payload to Beijing -- on time and on target.

Re:Do not underestimate Western-security procedure

[AHuxley]

"smart American intelligence officer" - in Georgia (country), Iraq (red zone) or 'near' Pakistan or Latin America.
The rest are in the private sector.
What you have left watching some of your servers can be seen thanks to Gary McKinnon.
http://en.wikipedia.org/wiki/Gary_McKinnon

Counterfeit Cisco Gear Perhaps?

[RunzWithScissors]

You may remember that /. ran the following several stories:
Feds Seize $78M of Bogus Chinese Cisco Gear
http://slashdot.org/article.pl?sid=08/02/29/1642221
and
FBI Says Military Had Counterfeit Cisco Routers
http://it.slashdot.org/article.pl?sid=08/05/09/164201&from=rss

Lets see, extra chips on a piece of equipment that handles all the network traffic, which would include NFS and a variety of other plain text protocols (why would someone use encryption on a "secure" network). Add to that a sprinkling of Teredo
http://en.wikipedia.org/wiki/Teredo_tunneling

And looks to me like it's very likely that someone could steal whatever they wanted.

Good thing all our corporate suppliers are bound by contracts that would totally be enforced by this foreign government who's providing the bogus equipment. Didn't think about that, did you, stupid corporate outsourcing asshat.

-Runz

Re:Do not underestimate Western-security procedure

[us7892]

And, do not overestimate Western security procedures.

Government Regs on How to Transmit Classified Data

[eric02138]

Check out the DoD's guidelines for securing classified data:
http://nsi.org/Library/Govt/Nispom.html

Especially pertinent here is Transmission policy for different types of classified data
http://nsi.org/Library/Govt/Nispom.html#link5
and network security
http://nsi.org/Library/Govt/Nispom.html#link8

Not exactly scintillating reading, but them's the rules.