Slashdot Mirror

← Back to Stories (view on slashdot.org)

China Hacked a Navy Contractor and Secured a Trove of Highly Sensitive Data on Submarine Warfare (washingtonpost.com)

Posted by msmash on from the breaking-news dept.

Ellen Nakashima and Paul Sonne, reporting for The Washington Post: Chinese government hackers have compromised the computers of a Navy contractor, stealing massive amounts of highly sensitive data related to undersea warfare -- including secret plans to develop a supersonic anti-ship missile for use on U.S. submarines by 2020, according to American officials. The breaches occurred in January and February, the officials said, speaking on the condition of anonymity to discuss an ongoing investigation. The hackers targeted a contractor who works for the Naval Undersea Warfare Center, a military organization headquartered in Newport, R.I., that conducts research and development for submarines and underwater weaponry. The officials did not identify the contractor. Taken were 614 gigabytes of material relating to a closely held project known as Sea Dragon, as well as signals and sensor data, submarine radio room information relating to cryptographic systems, and the Navy submarine development unit's electronic warfare library. The Washington Post agreed to withhold certain details about the compromised missile project at the request of the Navy, which argued that their release could harm national security.

15 of 112 comments (clear)

  1. Heard this before by eneville · · Score: 3, Informative

    ... it was in the book 'The Cuckoo's Egg'.

    --
    Why UNIX?
  2. Could harm national security? by Viol8 · · Score: 3, Informative

    I think that horse has bolted and is grazing happily in a field right now.

    You'd think a defense contractor would know not to store top secret information on internet accessible machines but I guess there's stupid in every organisation.

    1. Re:Could harm national security? by iggymanz · · Score: 2

      Yeah they were probably internet attached using Windows 7 Pro instead of the much more secure Windows 10 Enterprise

  3. Here Come The Chinese Knockoff Submarines! by OpenSourceAllTheWay · · Score: 3, Interesting

    Ever seen a knockoff sneaker with Niiikee printed on it that you can wear for 2 weeks before it comes apart? Or an AyePhone X with a 800 x 460 pixel screen and Android running on it? Or a Chinese knockoff of a Ford SUV that crumbles to dust when it hits an obstacle at a mere 30MPH? Well... heeeeere comes the submarine equivalent of that: The engine makes enough noise to be detected from a continent away. The sub can dive to about 150 feet before the hull cracks and everybody on board dies. And when they try to launch missiles from the sub, the missiles launch vertically down, exploding the sea floor... aaand the knockoff submarine as well. Tom Clancy could have written a novel about this: The Hunt For Red Shrimp.

  4. NSA, traitors to the USA by Anonymous Coward · · Score: 4, Insightful

    Just to remember. There was a time, long ago, when lots of security features were being developed and the NSA and other US security agencies intervened to make that more difficult.

    • Export restrictions on security features so that all software had to be developed in an insecure version, with maybe a bit of time spent on a secure version.
    • Backdoors so that everything was inherently insecure and overcomplicated.
    • Failing to tell companies about vulnerabilities so they continued to develop insecure software.
    • Failing to tell the public about insecurities so they continued to be unable to choose the more secure software.
    • Arresting the ethical and uninterested hackers so nobody made the public care about security.
    • Most of all, failing to insist that the software developed for government was secure so that nobody bothered.
    • Interfering with the popularity of projects like FreeS/WAN instead of making them mandatory.

    Now, when Trump starts some needless, stupid war against China, many American servicemen's lives will be lost because the NSA failed to do it's basic job - secure the communications and information of the USA. Or more likely, worse, the Chinese will feel bold enough to close off free navigation through the south China sea and eventually be powerful enough to destroy the US economy.

    It's not that they weren't warned. They still did it and there are still traitors demanding backdoors in encryption.

  5. Seriously? by Zamphatta · · Score: 3, Insightful

    I have a hard time believing that in 2018, the gov't & its contractors, aren't locking down national security military secrets better than this. It's so close to unbelievable to me, that I have to wonder if this is misinformation left on a honeypot server. If the US gov't is really this loose with their classified information at this point in history....

    1. Re:Seriously? by null+etc. · · Score: 2

      Prove to me it wasn't intentional espionage. There's a million ways for a mole to plausibly leak sensitive information without the mole being discovered.

    2. Re:Seriously? by DatbeDank · · Score: 3, Interesting

      I have a hard time believing that in 2018, the gov't & its contractors, aren't locking down national security military secrets better than this. It's so close to unbelievable to me, that I have to wonder if this is misinformation left on a honeypot server. If the US gov't is really this loose with their classified information at this point in history....

      I tell myself the same thing.
      I'm almost willing to bet this is a honeypot operation and the leaked data is otherwise useless or better yet has faults built in that we can manipulate.

      If not, there better be extreme punishments involved for the contractor in question and it should be through the military court system.

      And how in the hell do they not notice 614 f*cking GIGABYTES of data being transferred? Their sysadmin just sat there and thought, "Derp derp, I wonder who is transferring so much data to IP addresses based in the far east?"

  6. "sensitive" not the same as "classified" by david.emery · · Score: 4, Informative

    The rules for protecting Sensitive data are less stringent than for actually Classified data. (And just because some reporter uses the word 'secret', I'm not convinced from this article that the material was actually classified.)

    If classified data was actually placed on a machine that was not properly secured, multiple people should go directly to jail. If this was a breach of a contractor system with 'FOUO' sensitive (but not classified) data, then there's a much higher bar for 'go to jail.' That being said, I'd fully expect there to be substantial consequences against the contractor, up to being kicked off and forbidden to bid on subsequent contracts.

    1. Re:"sensitive" not the same as "classified" by rworne · · Score: 2

      An article I read called the data "sensitive", which in itself does not mean anything.

      What I gleaned is that the data was unclassified, but when aggregated together, classified information can be gleaned from it.

      You seem to have the idea, but for the sake of others here, this is an example that is not a car analogy:

      Materials A & B, processes C, C', & C'' and product D are all unclassified

      Which process you use affects the end quality/effectiveness/cost of D.

      So we have a list of studies on A and B on the server, with D being the desired result. Some process studies over C, C' and C'' and a bill from accounts payable for purchasing equipment to manufacture unspecified items via process C that coincide with the lifecycle of the contract to manufacture D. With all that together, we know what limitations are on D and can work on effective countermeasures.

      This is what the stink is about.

      --
      I tried every decent and legal way I could think of to resolve the issue w/the business before I rented the chicken suit
    2. Re:"sensitive" not the same as "classified" by david.emery · · Score: 2

      And that's a real issue with technical data like this. On the one hand, there's the risk of aggregation that yields classified results. That would in theory make the system holding -all that data (or a set of systems that can be 'joined' to yield the result) classified. On the other hand, there's the problem in deciding just how much aggregation yields a classified result, and then the consequences of -making that decision-. Working in a classified environment is hard (costly and very inconvenient), there's a definite incentive to avoid that if you can. (Also, the consequences if the data on your computer is decided post-facto to be classified, e.g. because of this aggregation or because it was previously mis-assessed, is a REAL PAIN IN THE ASS. They take your computer away, and you do good it get anything back from it by the time they're done assessing and then sanitizing it. Fortunately, never happened to me, but happened to co-workers.)

  7. doesn't pass the smell test by Thud457 · · Score: 3, Insightful

    "614 gigabytes" " in January and February"

    So they were exfiltrating 10 Gigabytes a day from the contractor's network and nobody noticed?!!

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

    1. Re:doesn't pass the smell test by CrimsonAvenger · · Score: 3, Interesting

      The part that struck me as ludicrous was the "secret plans to develop a supersonic anti-ship missile for use on U.S. submarines by 2020".

      You can't get a new stove approved for submarine use in two years, much less develop and certify a new missile....

      --

      "I do not agree with what you say, but I will defend to the death your right to say it"
    2. Re:doesn't pass the smell test by HornWumpus · · Score: 2

      The USA has had torpedo tube launched anti-ship missiles for decades.

      Ours pop out of the water, the Russians create a bubble in front of theirs and haul ass in the water. Ours can turn.

      --
      John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
  8. don't wory they will get pardoned for $$$ by kiviQr · · Score: 2

    just line up and pay $1bln you will go back to doing business as usual