Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Military Aware Only Belatedly of Chinese Attacks Against Transport Contractor

Posted by timothy on from the oh-did-that-happen? dept.

itwbennett writes The Senate Armed Service Committee released on Wednesday an unclassified version of a report (PDF) commissioned last year to investigate cyberattacks against contractors for the U.S. Transportation Command (TRANSCOM). The report alleges that the Chinese military successfully stole emails, documents, login credentials and more from contractors, but few of those incidents were ever reported to TRANSCOM. During a one-year period starting in June 2012, TRANSCOM contractors endured more than 50 intrusions, 20 of which were successful in planting malware. TRANSCOM learned of only two of the incidents. The FBI, however, was aware of 10 of the attacks.

13 comments

  1. real computer systems? by iggymanz · · Score: 0, Troll

    were these merely successful attacks against Windows machines, or were the systems running a real operating system?

    1. Re: real computer systems? by amiga3D · · Score: 4, Insightful

      It hardly matters. What matters is that as usual the agencies responsible for catching this stuff are too busy spying on Americans to do their real job. 9/11 came and went and they didn't learn a thing. Incompetent as ever.

    2. Re:real computer systems? by Himmy32 · · Score: 2

      Of course, if everyone was running my favorite OS, we wouldn't have any security vulnerabilities. It of course has to do with the OS and not that the users have enough rights to run unknown code from an email.

    3. Re: real computer systems? by iggymanz · · Score: 1

      oh, but for 9/11 those agencies really were watching the perps to see what they would do. And we all saw what they did.

    4. Re: real computer systems? by ThatsNotPudding · · Score: 2

      9/11 came and went and they didn't learn a thing. Incompetent as ever.

      Far more pointedly: the Boston Marathon came and went. So either they let it happen to gain even more power [adjusts tinfoil hat], or all the 'post 9/11' security is total, absolute bullshit, with everything to do with career advancement then an early retirement to a payment in kind consulting gig, and nothing at all to do with the Fath^H^H^H^H Homeland.

    5. Re: real computer systems? by GameboyRMH · · Score: 1

      The latter is closer, but I think they were so busy setting up their giant McCarthytron and trying to catch the first signs of the coming Western Spring that they forgot to look for *actual terrorists.* Dzokhar Tsarnaev did the digital equivalent of setting up giant neon signs saying "TERRORIST HERE!" and the NSA didn't notice.

      The FBI was probably too busy grooming pissed off young Muslims into "terrorists" they could arrest and parade in front of the media.

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
    6. Re: real computer systems? by Anonymous Coward · · Score: 0

      as usual the agencies responsible for catching this stuff are too busy spying on Americans to do their real job.

      Juxtaposing this with TFS, I'm trying really hard to decide whom you're accusing of what.
      Is the problem that the contractors didn't report the incidents to TRANSCOM, that the FBI didn't report the 10 they knew about to TRANSCOM, or that TRANSCOM didn't do something that they should have that is "their real job"?

  2. Time to ping flood those commies!! by Obscene_CNN · · Score: 2

    Time to ping flood those commies back to dial up!!

    --
    I don't want to do a sig now
  3. How about some punishments on the contractors? by Anonymous Coward · · Score: 1

    Where I live, it is a criminal offense (misdemeanor), to leave a vehicle running with the keys in the ignition if it it is stolen in a bad neighborhood.

    China is China. Do you blame a coyote for snatching a chunk of raw meat left on the ground for a few hours unattended? What needs done is to have all contracts by the companies that have had this problem [1] either pulled, or at least rewritten with stiff penalties (criminal and civil) if there are breaches, especially ones that are not reported. Real penalties, not just stuff that can be dropped in bankruptcy. At least as legally sticking as student loans are.

    Maybe TRANNSEC needs to go back to doing things in-house and stop dealing with the absolute lowest bidder. A government employee knows that if they hose things up, they will face serious consequences. A contractor might face a brief unemployment stint, or (in my experience), they will get replaced by another H-1B, even in government.

    [1]: It is one thing not to bother with basic security because security is viewed as having no ROI, even basic protection [2], it is another thing to not report violations.

    [2]: This isn't rocket science. Turning on Windows AppLocker would have stopped this hacking attempt in its tracks. Even turning on the requirement that all executables be signed would go far.

  4. Time to get it on! by AndyKron · · Score: 1

    It sounds like China is hurting the USA more than countries in the Middle East are, so when does the bombing start in China?

    1. Re:Time to get it on! by Anonymous Coward · · Score: 0

      It sounds like China is hurting the USA more than countries in the Middle East are, so when does the bombing start in China?

      As soon as we buy back all those T-Bills.

  5. Punishment Tricky by Etherwalk · · Score: 1

    The problem with punishing companies with bad security is that it discourages self-reporting. We *want* companies to report and rectify the problems.

    What we should do is penalize it, but not if it is promptly reported.

    1. Re:Punishment Tricky by Swave+An+deBwoner · · Score: 1

      TRANSCOM learned of only two of the incidents.

      Apparently they didn't know that they were compromised.

      Hooray for privatization of government functions.