China Hacked a Navy Contractor and Secured a Trove of Highly Sensitive Data on Submarine Warfare (washingtonpost.com)

← Back to Stories (view on slashdot.org)

China Hacked a Navy Contractor and Secured a Trove of Highly Sensitive Data on Submarine Warfare (washingtonpost.com)

Posted by msmash on Friday June 8, 2018 @07:22AM from the breaking-news dept.

Ellen Nakashima and Paul Sonne, reporting for The Washington Post: Chinese government hackers have compromised the computers of a Navy contractor, stealing massive amounts of highly sensitive data related to undersea warfare -- including secret plans to develop a supersonic anti-ship missile for use on U.S. submarines by 2020, according to American officials. The breaches occurred in January and February, the officials said, speaking on the condition of anonymity to discuss an ongoing investigation. The hackers targeted a contractor who works for the Naval Undersea Warfare Center, a military organization headquartered in Newport, R.I., that conducts research and development for submarines and underwater weaponry. The officials did not identify the contractor. Taken were 614 gigabytes of material relating to a closely held project known as Sea Dragon, as well as signals and sensor data, submarine radio room information relating to cryptographic systems, and the Navy submarine development unit's electronic warfare library. The Washington Post agreed to withhold certain details about the compromised missile project at the request of the Navy, which argued that their release could harm national security.

51 of 112 comments (clear)

Min score:

Reason:

Sort:

Heard this before by eneville · 2018-06-08 07:24 · Score: 3, Informative

... it was in the book 'The Cuckoo's Egg'.

--
Why UNIX?
1. Re:Heard this before by Hussman32 · 2018-06-08 07:28 · Score: 1
  
  I was about to post this, but you were first.
  
  --
  "Who are you?" "No one of consequence." "I must know." "Get used to disappointment."
Could harm national security? by Viol8 · 2018-06-08 07:33 · Score: 3, Informative

I think that horse has bolted and is grazing happily in a field right now.
You'd think a defense contractor would know not to store top secret information on internet accessible machines but I guess there's stupid in every organisation.
1. Re:Could harm national security? by iggymanz · 2018-06-08 07:40 · Score: 2
  
  Yeah they were probably internet attached using Windows 7 Pro instead of the much more secure Windows 10 Enterprise
2. Re:Could harm national security? by Anonymous Coward · 2018-06-08 08:00 · Score: 1
  
  Hey! They used store it behind a Cisco firewall. That's safe, right? right?
3. Re:Could harm national security? by PPH · 2018-06-08 08:07 · Score: 1
  
  You'd think a defense contractor would know
  They have a really good example.
  
  --
  Have gnu, will travel.
4. Re:Could harm national security? by AHuxley · 2018-06-08 12:12 · Score: 1
  
  The FBI attempts to help this by sending 2 agents with accents to random contractors. One to witness the other.
  They make "offers" for "cash" to a contractor and wait to see what the contractors does.
  Report all details as told to?
  Accept the offer?
  So many contractors now. The few FBI agents with accents and the same security clearance level have so much work to do all over the USA.
  
  --
  Domestic spying is now "Benign Information Gathering"
5. Re:Could harm national security? by mcswell · 2018-06-08 15:38 · Score: 1
  
  Top secret? I doubt it. The WaPo article that the /. post links to says "The data stolen was of a highly sensitive nature despite being housed on the contractor’s unclassified network. The officials said the material, when aggregated, could be considered classified..." So if the "officials" are telling the truth, there wasn't any classified material there.
  The "aggregated" statement is the notion that if you put enough of the right unclass material together, it becomes classified. I know a little about classification, and I've never understood that theory. At any rate, I would assume it might at best become Confidential, which is two steps below Top Secret.
  On the other hand, the WaPo article does say that the material "includ[ed] secret plans to develop a supersonic anti-ship missile". If by "secret" they mean "Secret" (i.e. the actual classification, as opposed to the idea that my vacation plans are secret), then the article contradicts itself.
6. Re:Could harm national security? by John_3000 · 2018-06-09 03:53 · Score: 1
  
  "The Washington Post agreed to withhold certain details about the compromised missile project at the request of the Navy, which argued that their release could harm national security."
  So letting Americans know what the Chinese know is a threat. That's hard for me to understand.
7. Re:Could harm national security? by mcswell · 2018-06-09 03:59 · Score: 1
  
  For better or worse, I think that's standard procedure in cases like this. Maybe they meant they didn't want the Russians, Koreans and Iranians to get a hold of the information too.
  Some on this /. page have suggested this might have been a honey pot, with misleading information. I have no idea, but that would be comforting :-).
8. Re:Could harm national security? by iggymanz · 2018-06-10 06:09 · Score: 1
  
  yeah the only issue with those cisco firewall is the breathing of the NSA I hear when on my cisco phone, but yeah they are tight as a drum for security.
Here Come The Chinese Knockoff Submarines! by OpenSourceAllTheWay · 2018-06-08 07:36 · Score: 3, Interesting

Ever seen a knockoff sneaker with Niiikee printed on it that you can wear for 2 weeks before it comes apart? Or an AyePhone X with a 800 x 460 pixel screen and Android running on it? Or a Chinese knockoff of a Ford SUV that crumbles to dust when it hits an obstacle at a mere 30MPH? Well... heeeeere comes the submarine equivalent of that: The engine makes enough noise to be detected from a continent away. The sub can dive to about 150 feet before the hull cracks and everybody on board dies. And when they try to launch missiles from the sub, the missiles launch vertically down, exploding the sea floor... aaand the knockoff submarine as well. Tom Clancy could have written a novel about this: The Hunt For Red Shrimp.
1. Re:Here Come The Chinese Knockoff Submarines! by The+Grim+Reefer · 2018-06-08 07:43 · Score: 1
  
  an AyePhone X
  Aren't those made in Scotland?
2. Re:Here Come The Chinese Knockoff Submarines! by null+etc. · 2018-06-08 07:55 · Score: 1
  
  I'm sure that the Chinese government has the same standards of quality as the factories that churn out cheap knock-offs of consumer products, amirite?
Re: It would be news if they didn't try by Anonymous Coward · 2018-06-08 07:39 · Score: 1

This isnt new and hasnt been stopped regardless of who POTUS may be. The US just takes the hit without ever retaliating.
Sea "Dragon"? honeypot? by RhettLivingston · 2018-06-08 07:40 · Score: 1

Is it just a coincidence that data on Sea "Dragon" is being reported as stolen by China? If you were to bait a hook for a Chinese hacker, might you consider adding "Dragon" to the bait?
1. Re:Sea "Dragon"? honeypot? by i286NiNJA · 2018-06-08 10:26 · Score: 1
  
  Lol no.
Sorry guys by TheDarkMaster · 2018-06-08 07:42 · Score: 1

I needed to do this to get plans detailed enough to be able to finally build 1/32 scale models of yours (cool) secret projects, but I promise not to do it again ok?

--
Religion: The greatest weapon of mass destruction of all time
NSA, traitors to the USA by Anonymous Coward · 2018-06-08 07:46 · Score: 4, Insightful
Just to remember. There was a time, long ago, when lots of security features were being developed and the NSA and other US security agencies intervened to make that more difficult.
- Export restrictions on security features so that all software had to be developed in an insecure version, with maybe a bit of time spent on a secure version.
- Backdoors so that everything was inherently insecure and overcomplicated.
- Failing to tell companies about vulnerabilities so they continued to develop insecure software.
- Failing to tell the public about insecurities so they continued to be unable to choose the more secure software.
- Arresting the ethical and uninterested hackers so nobody made the public care about security.
- Most of all, failing to insist that the software developed for government was secure so that nobody bothered.
- Interfering with the popularity of projects like FreeS/WAN instead of making them mandatory.
Now, when Trump starts some needless, stupid war against China, many American servicemen's lives will be lost because the NSA failed to do it's basic job - secure the communications and information of the USA. Or more likely, worse, the Chinese will feel bold enough to close off free navigation through the south China sea and eventually be powerful enough to destroy the US economy.
It's not that they weren't warned. They still did it and there are still traitors demanding backdoors in encryption.
Seriously? by Zamphatta · 2018-06-08 07:48 · Score: 3, Insightful

I have a hard time believing that in 2018, the gov't & its contractors, aren't locking down national security military secrets better than this. It's so close to unbelievable to me, that I have to wonder if this is misinformation left on a honeypot server. If the US gov't is really this loose with their classified information at this point in history....
1. Re:Seriously? by null+etc. · 2018-06-08 07:56 · Score: 2
  
  Prove to me it wasn't intentional espionage. There's a million ways for a mole to plausibly leak sensitive information without the mole being discovered.
2. Re:Seriously? by DatbeDank · 2018-06-08 07:58 · Score: 3, Interesting
  
  I have a hard time believing that in 2018, the gov't & its contractors, aren't locking down national security military secrets better than this. It's so close to unbelievable to me, that I have to wonder if this is misinformation left on a honeypot server. If the US gov't is really this loose with their classified information at this point in history....
  I tell myself the same thing.
  I'm almost willing to bet this is a honeypot operation and the leaked data is otherwise useless or better yet has faults built in that we can manipulate.
  If not, there better be extreme punishments involved for the contractor in question and it should be through the military court system.
  And how in the hell do they not notice 614 f*cking GIGABYTES of data being transferred? Their sysadmin just sat there and thought, "Derp derp, I wonder who is transferring so much data to IP addresses based in the far east?"
3. Re:Seriously? by Zamphatta · 2018-06-10 01:36 · Score: 1
  
  Not saying it definitely wasn't and can't say it definitely was, since none of us have all the information about the situation. I'm just saying that from my view, the gov't would have to be incredibly negligent with their most important secrets for this stuff to just be taken like this, and that really seems incredibly unlikely. After all, anyone who knows a little about security knows they should keep highly sensitive stuff like this heavily encrypted, offline, & with physical access very very limited. I'm sure the gov't & their contractors have good security experts working for them, considering the value of the secrets they're holding.
4. Re:Seriously? by Zamphatta · 2018-06-10 01:37 · Score: 1
  
  Excellent point!
5. Re:Seriously? by CaffeinatedBacon · 2018-06-11 19:06 · Score: 1
  
  Totally believable, 2038 the whole world uses insta-pay, but Americans still write cheques and can't spell it.
"sensitive" not the same as "classified" by david.emery · 2018-06-08 07:56 · Score: 4, Informative

The rules for protecting Sensitive data are less stringent than for actually Classified data. (And just because some reporter uses the word 'secret', I'm not convinced from this article that the material was actually classified.)
If classified data was actually placed on a machine that was not properly secured, multiple people should go directly to jail. If this was a breach of a contractor system with 'FOUO' sensitive (but not classified) data, then there's a much higher bar for 'go to jail.' That being said, I'd fully expect there to be substantial consequences against the contractor, up to being kicked off and forbidden to bid on subsequent contracts.
1. Re:"sensitive" not the same as "classified" by rworne · 2018-06-08 08:34 · Score: 2
  
  An article I read called the data "sensitive", which in itself does not mean anything.
  What I gleaned is that the data was unclassified, but when aggregated together, classified information can be gleaned from it.
  You seem to have the idea, but for the sake of others here, this is an example that is not a car analogy:
  Materials A & B, processes C, C', & C'' and product D are all unclassified
  Which process you use affects the end quality/effectiveness/cost of D.
  So we have a list of studies on A and B on the server, with D being the desired result. Some process studies over C, C' and C'' and a bill from accounts payable for purchasing equipment to manufacture unspecified items via process C that coincide with the lifecycle of the contract to manufacture D. With all that together, we know what limitations are on D and can work on effective countermeasures.
  This is what the stink is about.
  
  --
  I tried every decent and legal way I could think of to resolve the issue w/the business before I rented the chicken suit
2. Re:"sensitive" not the same as "classified" by david.emery · 2018-06-08 08:47 · Score: 2
  
  And that's a real issue with technical data like this. On the one hand, there's the risk of aggregation that yields classified results. That would in theory make the system holding -all that data (or a set of systems that can be 'joined' to yield the result) classified. On the other hand, there's the problem in deciding just how much aggregation yields a classified result, and then the consequences of -making that decision-. Working in a classified environment is hard (costly and very inconvenient), there's a definite incentive to avoid that if you can. (Also, the consequences if the data on your computer is decided post-facto to be classified, e.g. because of this aggregation or because it was previously mis-assessed, is a REAL PAIN IN THE ASS. They take your computer away, and you do good it get anything back from it by the time they're done assessing and then sanitizing it. Fortunately, never happened to me, but happened to co-workers.)
3. Re:"sensitive" not the same as "classified" by Kjella · 2018-06-08 12:12 · Score: 1
  
  And the alternative is...? I seem to remember a case I read once but somebody (given the time frame, probably the Russians) was collecting data on overtime pizza delivered to intelligence agencies. And I can sorta understand that, every time they discovered something big you'd have people working around the clock to figure it out. I can understand why you'd want to keep that a secret, on the other hand it's really hard for accounting and everyone else to pretend it didn't happen.
  
  --
  Live today, because you never know what tomorrow brings
4. Re:"sensitive" not the same as "classified" by david.emery · 2018-06-08 12:24 · Score: 1
  
  We had discussions in my (nuclear-capable) National Guard artillery unit (during the Cold War, when every artillery unit trained for that mission) whether the Chaplain's Visitation Schedule should be classified, because it might reveal the location of the firing batteries.
Comment removed by account_deleted · 2018-06-08 07:59 · Score: 1

Comment removed based on user account deletion
doesn't pass the smell test by Thud457 · 2018-06-08 08:01 · Score: 3, Insightful

"614 gigabytes" " in January and February"

So they were exfiltrating 10 Gigabytes a day from the contractor's network and nobody noticed?!!

--
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
1. Re:doesn't pass the smell test by CrimsonAvenger · 2018-06-08 08:32 · Score: 3, Interesting
  
  The part that struck me as ludicrous was the "secret plans to develop a supersonic anti-ship missile for use on U.S. submarines by 2020".
  You can't get a new stove approved for submarine use in two years, much less develop and certify a new missile....
  
  --
  
  "I do not agree with what you say, but I will defend to the death your right to say it"
2. Re:doesn't pass the smell test by HornWumpus · 2018-06-08 08:40 · Score: 2
  
  The USA has had torpedo tube launched anti-ship missiles for decades.
  Ours pop out of the water, the Russians create a bubble in front of theirs and haul ass in the water. Ours can turn.
  
  --
  John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
3. Re:doesn't pass the smell test by CrimsonAvenger · 2018-06-08 09:56 · Score: 1
  
  The USA has had torpedo tube launched anti-ship missiles for decades.
  
  Yeppers. And the process for developing & approving a new one takes longer than two years. MUCH longer than two years.
  
  --
  
  "I do not agree with what you say, but I will defend to the death your right to say it"
4. Re:doesn't pass the smell test by HornWumpus · 2018-06-08 11:10 · Score: 1
  
  Updated blocks on the other hand...development of an updated version in four years isn't insane. Especially as we don't know how far along the development is.
  
  --
  John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
5. Re:doesn't pass the smell test by John+Jorsett · 2018-06-08 13:15 · Score: 1
  
  The part that struck me as ludicrous was the "secret plans to develop a supersonic anti-ship missile for use on U.S. submarines by 2020".
  You can't get a new stove approved for submarine use in two years, much less develop and certify a new missile....
  If there was 617 GB of data sitting there to be pilfered, they must have been working on it a good while.
6. Re:doesn't pass the smell test by RespekMyAthorati · 2018-06-09 12:54 · Score: 1
  
  So they were exfiltrating 10 Gigabytes a day from the contractor's network and nobody noticed?!!
  No problem: sneak one 256 Gig microSD card per day for 3 days.
  Maybe stuck it up his ass.
Re:It would be news if they didn't try by Anonymous Coward · 2018-06-08 08:05 · Score: 1

Your Trump ButtHurt is so bad, you'll need an ass transplant in 2024
don't wory they will get pardoned for $$$ by kiviQr · 2018-06-08 08:22 · Score: 2

just line up and pay $1bln you will go back to doing business as usual
Blind Man's Bluff by Hussman32 · 2018-06-08 08:39 · Score: 1

If you want to know a lot about development of nuclear submarines and assorted espionage (mostly Russia/US though), look up Blind Man's Bluff on Amazon. Great book.

--
"Who are you?" "No one of consequence." "I must know." "Get used to disappointment."
what does Apple do? by k6mfw · 2018-06-08 09:07 · Score: 1

I mean we read stories all the time where military secrets are stolen all the time and yet it seems like Apple's biggest secrets are never leaked. Maybe they are and maybe most of us can't recognize these, just me asking. Trump has advantage that if any of his secrets are stolen (probably of bankrupt value) or disclosed he can simply shout "fake news" and it's end of discussion.

--
mfwright@batnet.com
1. Re:what does Apple do? by 8086 · 2018-06-08 20:44 · Score: 1
  
  I've looked at Apple's biggest secrets and there really aren't any bigger secrets in there than just good engineering and good UI design.
Uhhhh by HangingChad · 2018-06-08 09:48 · Score: 1

The Washington Post agreed to withhold certain details about the compromised missile project at the request of the Navy, which argued that their release could harm national security.
Yeah, it might get out to the Chinese.

--
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Better call NCIS by Rick+Schumann · 2018-06-08 10:35 · Score: 1

Get Gibbs and his team on the case, track down them wily Chinese operatives pronto!

Really, is anyone even surprised at any of this shit anymore? Everything is hackable now, nothing is safe. Remember that at least half of us has had ALL of their financial data stolen from them in the Equifax breach, and by now there's probably a million copies of all of that floating around the world. Meanwhile dickheads in the EU and corporate assholes here in the States are more concerned about 'losing profits to piracy' and will completely ruin the Internet, turn it into a read-only 'service' (like Cable TV, just stupider) in order to accomplish that, and why the ever-loving fuck should they care that there are criminal and military assholes out there that will hack the shit out of our infrastructure (electricity generation, water, natural gas, water service, nuclear reactors, and so on), rob our banks blind, and steal every military and state secret we've got? Doesn't make them money to give a shit about any of that now does it?

Things have got to change.
1. Re:Better call NCIS by Tough+Love · 2018-06-08 11:27 · Score: 1
  
  Everything is hackable now, nothing is safe.
  Particularly if it is Windows.
  Things have got to change.
  Installing or using Windows in government should be a firing offence.
  
  --
  When all you have is a hammer, every problem starts to look like a thumb.
Windows by Tough+Love · 2018-06-08 11:24 · Score: 1

Go ahead, tell me it's not Windows. Basically, Microsoft threw an election to Trump and national security to China.

--
When all you have is a hammer, every problem starts to look like a thumb.
Well, there's yer problem by John+Jorsett · 2018-06-08 13:12 · Score: 1

FTFA: The data stolen was of a highly sensitive nature despite being housed on the contractor’s unclassified network.
You've got to assume that anything on a system that's attached to the internet is going to be compromised sooner or later.
Not unlikely. by Qbertino · 2018-06-09 02:06 · Score: 1

I know someone first hand who had been translating plans and manuals for cruise missles for a NATO partner country. That was 3 years before there was an official vote to decide wether these would be stationed or not. In the 80ies the peace movement launched large-scale protests agains the CMs, argueing that they could carry nukes. Which is nigh pointless in such a high precision weapon. Word had it that the peace protests where funded and organised by CIA blackops to make the CMs more scary and have the local gouvernment push through agressively to make them even more scary than they are. And to mislead the public and the enemy about their actual purpose.
So year, this could be a honeypot / smokescreen. Not unlikely.

--
We suffer more in our imagination than in reality. - Seneca
Re:Spoke to him (1 of my intellectual heros) by eneville · 2018-06-09 05:12 · Score: 1

P.S.=> Great read that book - imo, it ought to be required reading for security pros (can wipe logs all day, try it on a mirrored log AND a printer putting it out on paper the way Stoll did to trap East Germans & KGB w/ evidence they could NOT wipe)... apk
I agree, it should be required reading, or part of Sysadmin Employee Handbook.
You can make append only files, FWIW, which could be useful for logging in this way. Nothing stopping someone who gains root from rebuilding the FS though, just gives them another task and need to reboot the system. Printers run out of paper eventually.
Was a very awesome book, I should read it again.

--
Why UNIX?
Re:Nothing stops Root from resetting append by eneville · 2018-06-11 07:37 · Score: 1

Nothing stops Root from resetting append access only (I do it in the program I noted to Mr. Stoll himself during the File Open (as append, reset etc.)/Read-Write/Flush-Close cycle either really IF you think about it...
Same goes for diverting where the print goes. Difference is though, if both are attacked, you have some chance of grepping the logs, grepping print output takes a much longer as eyeballs don't work as fast. This assumes you can do something with it afterwards. On a laser, I'm not sure, but if you close the print fd file, I think it ejects the page. On line printers, this isn't as much an issue. If there is a large (page) buffer, then I think there's some chance that the lpd could be -9'd thus nothing gets written. Obvious when the admin gets in, but was damage done in the meanwhile? To be honest, I'm more bothered about dormant intrusions, those that are immediately obvious are less of a problem as you can deal with those.
My hints were towards https://man.openbsd.org/OpenBS...
I'd have more confidence in that than other methods. Granted you have to reboot to rotate, but it seems a fairly good compromise and has a lower carbon foot print than the paper method. There may also be times when the log buffer fills waiting for the printer to warm up and some connections may time out, though I've never checked this, would be mighty annoying if you cannot ssh to quiet machine because the log write hasn't returned.

--
Why UNIX?