Computer Spies Breach $300B Fighter-Jet Project

suraj.sun writes "Computer spies have broken into the Pentagon's $300 billion Joint Strike Fighter project — the Defense Department's costliest weapons program ever — according to current and former government officials familiar with the attacks. Similar incidents have also breached the Air Force's air-traffic-control system in recent months, these people say. In the case of the fighter-jet program, the intruders were able to copy and siphon off several terabytes of data related to design and electronics systems, officials say, potentially making it easier to defend against the craft."

Oops, sorry...that was me

I thought I was downloading the latest Windows 7 beta candidate
boy is my face red.

(ob: what's that knock on my door, I'll be *NO CARRIER*)

Re:Oops, sorry...that was me

[Arthur+Grumbine]

Note to self - do not end *NO CARRIER* joke with a closing parenthesis

Only a few terabytes?

[Kayden]

What kind of connection do you need to have to get away with several terabytes of data before someone notices? Users on my network get pissy when someone downloads a few dozen megs.

Re:Only a few terabytes?

[TheRaven64]

They probably trickled it out over a long period. The more interesting question is how long ago the DoD noticed the breach and started providing doctored information. In the Soviet era, it was common to use this kind of thing for misinformation. Once a project has been compromised, you feed plausible-looking but wrong information down the leaking conduit for as long as possible. There was an interesting example of this posted on Wikileaks a year or so ago, of an American nuclear bomb design obtained from the Russians, which contained a few minor and difficult-to-find design flaws that would have prevented the bomb from actually working if it had been built along those lines.

Re:Only a few terabytes?

[Shakrai]

There was an interesting example of this posted on Wikileaks a year or so ago, of an American nuclear bomb design obtained from the Russians, which contained a few minor and difficult-to-find design flaws that would have prevented the bomb from actually working if it had been built along those lines.

So THAT'S why my nuclear bomb didn't work ;)

Re:Only a few terabytes?

They also did that during the Reagan administration with a software package designed to run the valves on a natural gas pipeline.

http://www.msnbc.msn.com/id/4394002

The software was modified to run just fine for a while, but then go haywire. The end result was "...the most monumental non-nuclear explosion and fire ever seen from space...".

This occurred in 1982. I'm sure they're still doing exactly the same thing today.

Re:Only a few terabytes?

[hedwards]

The more interesting question is why the DoD has sensitive information hooked up to the net in any way. The only way of ensuring net based attacks are unsuccessful is by disconnecting from the net. Sure you still have to ensure that the people using the terminals are on the up and up, but that's a lot easier than keeping a large network full of sekrit goberment stuff secure.

I'm always amazed that this sort of information would be stored and used on internet connected computers, it just seems like asking for trouble. Historically the DoD has done a pretty incompetent job of securing its systems, which really makes one wonder how many of these advancements are now in the works in foreign states.

Why?

[rotide]

Why are these sensitive systems connected to the public internet. Either directly or indirectly, whose bright idea was it? If you need a computer in the lab connected to the internet, fine, just keep the infrastructure seperate.

Sloppy espionage ?

[Davemania]

Not to downplay this event but I really wonder why we don't hear much about espionage from western countries ? Are they better at it (rather than using malware or commonly avaliable tools) ? I am sure the Chinese etc have equally vulnerable systems.

Open source.

[dtml-try+MyNick]

2009, the year of the open source Jet Fighter.

I call bullshit, maybe

[gentlemen_loser]

Systems containing classified data are NEVER connected to the internet. Any classified data that was siphoned off was left their either maliciously or through stupidity by someone on the inside. In either case, if this really did happen, the person should be tried for treason. Not only are these other networks locked down from the internet, they are also locked down physically - kept away from windows, often in a vault and physical access is tightly controlled.

Any other data that was acquired was probably crap. I strongly suspect that this is another case of fear mongering by an organization trying to get additional funding.

The alternative, which is almost too scary for me to consider, is that we have changed our practices and now leave sensitive information critical to our defense on unprotected systems.

Do not underestimate Western-security procedures.

[reporter]

Do not underestimate the cleverness of American-intelligence procedures.

Note that Chinese intruders succeeded in numerous attempts at downloading information related to the F-35 jet fighter. After the 1st such attempt, American intelligence would have become aware of the incident.

If you were a smart intelligence officer, what would you do after the 1st attempt?

You would not publicly announce the breach of security. Rather, you would plant false data into the same computer which was compromised. When the Chinese hacker returns to it to download even more information, then he would get gigabytes of fake data.

The aim is for the Chinese military to develop countermeasures against F-35 performance characteristics that does not exist. When the actual F-35 is deployed, it will defeat those countermeasures and deliver its nuclear payload to Beijing -- on time and on target.

Re:Do not underestimate Western-security procedure

[us7892]

And, do not overestimate Western security procedures.