Slashdot Mirror

← Back to Stories (view on slashdot.org)

China Hacked a Navy Contractor and Secured a Trove of Highly Sensitive Data on Submarine Warfare (washingtonpost.com)

Posted by msmash on from the breaking-news dept.

Ellen Nakashima and Paul Sonne, reporting for The Washington Post: Chinese government hackers have compromised the computers of a Navy contractor, stealing massive amounts of highly sensitive data related to undersea warfare -- including secret plans to develop a supersonic anti-ship missile for use on U.S. submarines by 2020, according to American officials. The breaches occurred in January and February, the officials said, speaking on the condition of anonymity to discuss an ongoing investigation. The hackers targeted a contractor who works for the Naval Undersea Warfare Center, a military organization headquartered in Newport, R.I., that conducts research and development for submarines and underwater weaponry. The officials did not identify the contractor. Taken were 614 gigabytes of material relating to a closely held project known as Sea Dragon, as well as signals and sensor data, submarine radio room information relating to cryptographic systems, and the Navy submarine development unit's electronic warfare library. The Washington Post agreed to withhold certain details about the compromised missile project at the request of the Navy, which argued that their release could harm national security.

9 of 112 comments (clear)

  1. Heard this before by eneville · · Score: 3, Informative

    ... it was in the book 'The Cuckoo's Egg'.

    --
    Why UNIX?
  2. Could harm national security? by Viol8 · · Score: 3, Informative

    I think that horse has bolted and is grazing happily in a field right now.

    You'd think a defense contractor would know not to store top secret information on internet accessible machines but I guess there's stupid in every organisation.

  3. Here Come The Chinese Knockoff Submarines! by OpenSourceAllTheWay · · Score: 3, Interesting

    Ever seen a knockoff sneaker with Niiikee printed on it that you can wear for 2 weeks before it comes apart? Or an AyePhone X with a 800 x 460 pixel screen and Android running on it? Or a Chinese knockoff of a Ford SUV that crumbles to dust when it hits an obstacle at a mere 30MPH? Well... heeeeere comes the submarine equivalent of that: The engine makes enough noise to be detected from a continent away. The sub can dive to about 150 feet before the hull cracks and everybody on board dies. And when they try to launch missiles from the sub, the missiles launch vertically down, exploding the sea floor... aaand the knockoff submarine as well. Tom Clancy could have written a novel about this: The Hunt For Red Shrimp.

  4. NSA, traitors to the USA by Anonymous Coward · · Score: 4, Insightful

    Just to remember. There was a time, long ago, when lots of security features were being developed and the NSA and other US security agencies intervened to make that more difficult.

    • Export restrictions on security features so that all software had to be developed in an insecure version, with maybe a bit of time spent on a secure version.
    • Backdoors so that everything was inherently insecure and overcomplicated.
    • Failing to tell companies about vulnerabilities so they continued to develop insecure software.
    • Failing to tell the public about insecurities so they continued to be unable to choose the more secure software.
    • Arresting the ethical and uninterested hackers so nobody made the public care about security.
    • Most of all, failing to insist that the software developed for government was secure so that nobody bothered.
    • Interfering with the popularity of projects like FreeS/WAN instead of making them mandatory.

    Now, when Trump starts some needless, stupid war against China, many American servicemen's lives will be lost because the NSA failed to do it's basic job - secure the communications and information of the USA. Or more likely, worse, the Chinese will feel bold enough to close off free navigation through the south China sea and eventually be powerful enough to destroy the US economy.

    It's not that they weren't warned. They still did it and there are still traitors demanding backdoors in encryption.

  5. Seriously? by Zamphatta · · Score: 3, Insightful

    I have a hard time believing that in 2018, the gov't & its contractors, aren't locking down national security military secrets better than this. It's so close to unbelievable to me, that I have to wonder if this is misinformation left on a honeypot server. If the US gov't is really this loose with their classified information at this point in history....

    1. Re:Seriously? by DatbeDank · · Score: 3, Interesting

      I have a hard time believing that in 2018, the gov't & its contractors, aren't locking down national security military secrets better than this. It's so close to unbelievable to me, that I have to wonder if this is misinformation left on a honeypot server. If the US gov't is really this loose with their classified information at this point in history....

      I tell myself the same thing.
      I'm almost willing to bet this is a honeypot operation and the leaked data is otherwise useless or better yet has faults built in that we can manipulate.

      If not, there better be extreme punishments involved for the contractor in question and it should be through the military court system.

      And how in the hell do they not notice 614 f*cking GIGABYTES of data being transferred? Their sysadmin just sat there and thought, "Derp derp, I wonder who is transferring so much data to IP addresses based in the far east?"

  6. "sensitive" not the same as "classified" by david.emery · · Score: 4, Informative

    The rules for protecting Sensitive data are less stringent than for actually Classified data. (And just because some reporter uses the word 'secret', I'm not convinced from this article that the material was actually classified.)

    If classified data was actually placed on a machine that was not properly secured, multiple people should go directly to jail. If this was a breach of a contractor system with 'FOUO' sensitive (but not classified) data, then there's a much higher bar for 'go to jail.' That being said, I'd fully expect there to be substantial consequences against the contractor, up to being kicked off and forbidden to bid on subsequent contracts.

  7. doesn't pass the smell test by Thud457 · · Score: 3, Insightful

    "614 gigabytes" " in January and February"

    So they were exfiltrating 10 Gigabytes a day from the contractor's network and nobody noticed?!!

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

    1. Re:doesn't pass the smell test by CrimsonAvenger · · Score: 3, Interesting

      The part that struck me as ludicrous was the "secret plans to develop a supersonic anti-ship missile for use on U.S. submarines by 2020".

      You can't get a new stove approved for submarine use in two years, much less develop and certify a new missile....

      --

      "I do not agree with what you say, but I will defend to the death your right to say it"