Posted: 4/20/2009 10:43:59 PM EDT
|
Computer Spies Breach Fighter-Jet Project Tuesday , April 21, 2009 WASHINGTON — Computer spies have broken into the Pentagon's $300 billion Joint Strike Fighter project — the Defense Department's costliest weapons program ever — according to current and former government officials familiar with the attacks. Similar incidents have also breached the Air Force's air-traffic-control system in recent months, these people say. In the case of the fighter-jet program, the intruders were able to copy and siphon off several terabytes of data related to design and electronics systems, officials say, potentially making it easier to defend against the craft. The latest intrusions provide new evidence that a battle is heating up between the U.S. and potential adversaries over the data networks that tie the world together. The revelations follow a recent Wall Street Journal report that computers used to control the U.S. electrical-distribution system, as well as other infrastructure, have also been infiltrated by spies abroad. Attacks like these — or U.S. awareness of them — appear to have escalated in the past six months, said one former official briefed on the matter. "There's never been anything like it," this person said, adding that other military and civilian agencies as well as private companies are affected. "It's everything that keeps this country going." Many details couldn't be learned, including the specific identity of the attackers, and the scope of the damage to the U.S. defense program, either in financial or security terms. In addition, while the spies were able to download sizable amounts of data related to the jet-fighter, they weren't able to access the most sensitive material, which is stored on computers not connected to the Internet. Former U.S. officials say the attacks appear to have originated in China. However it can be extremely difficult to determine the true origin because it is easy to mask identities online. Way to go Lockheed. 
|
|
I work on a project with one prime contractor, two main secondary contractors, foreign companies, and the government. None of our systems are connected. I use three separate computer systems/networks, plus a couple different Citrix accounts, etc. Hell, half of my job is shuffling data between them and preparing ITAR crap. I don't know anything about how they set up security for these systems but, with the way we have to do things, I think you'd have to screw up pretty big (maybe intentionally) to provide inappropriate access. I could only imagine a program like the F-35 has many more separate systems. Nobody wants to open themselves up to espionage, whether it be from foreign espionage or even domestic corporate espionage.
I really hope they just weaseled their way into a fake JSF system. |
'Spies target weapons project involving BAE Systems in America'Last updated 11:10, Tuesday, 21 April 2009 Spies are reported to have stolen designs and electronic systems plans from a weapons project involving BAE Systems in the United States. The computer spies repeatedly hacked into the Pentagon's costliest weapons program, the $300bn Joint Strike Fighter project, according to The Wall Street Journal. The newspaper said that although the spies could not get hold of the most sensitive data, which is kept on computers which are not connected to the internet, it quoted government officials as saying the intruders were able to copy and siphon data. It is feared that the information which has been obtained would help a foreign power to develop systems which would make the armaments less effective. The paper claimed the intruders entered through vulnerabilities in the networks of contractors involved in building the fighter jet. Lockheed Martin Corp is the lead contractor. Northrop Grumman Corp and BAE Systems PLC also have major roles in the project. Lockheed Martin and BAE declined to comment and Northrop referred questions to Lockheed, the paper said. The Journal said Pentagon officials were tight-lipped, but the paper said the Air Force had begun an investigation. The paper said former US officials suggested the attacks seemed to have originated in China, although it noted it was difficult to determine the origin because of the ease of hiding identities online. The Chinese Embassy said China "opposes and forbids all forms of cyber crimes," the Journal said. http://www.nwemail.co.uk/home/spies_target_weapons_project_involving_bae_systems_in_america_1_543703 China denies claims it hacked into Pentagon computersCyber |
|
Quoted: As already stated you have many subcontractors building parts and they need access to drawings and specs. I don't know what the rules are regarding hard copies but my guess is that some of them are available through "secure" networks via the Internet so that manufactures can be hundreds to thousands of miles apart and still see the same thing.what the hell is that stuff doing on a "connected" network? Never would have been allowed when I was working on that program. The Chinese are copiers. When I worked with semi-conductors they copied one of our systems which resulted in massive fail when they attempted to turn on their reversed engineered version of our machine. Several people died but that's OK...there are many Chinese. |
|
Quoted:
Why isn't the sensitive info kept in a company wide intranet that doesn't have links to the www? Doesn't matter. The breaches occur when the spies (or idiot employees) carry information in a laptop or storage device, which is then compromised. If I were king for a day, I would place a hiring freeze on any military engineering or contracting jobs that involve foreign-born American citizens. I would fire all foreign-born employees currently working on sensitive militay projects, and I would triple the number of armed guards, random searches, and individual surveillance at installations which work on those projects. Anyone convicted of compromising security in any manner would get an automatic life sentence without possibility of parole, and anyone convicted of spying would be executed. When the F is our government going to stop pussy-footing around and begin taking this stuff seriously? |
|
Quoted:
Not interesting to anybody?  Well it is to people like us who understand that the hardware don't mean shit, it's the source code that is the 'Crown Jewels'. The rest of them will still sleep happily in their beds convinced that 'stealth' will confer invincibility on all future US fighters even if the 'other side' have all the design peramiters and systems code. Russia will pay the ChiComs a mountain of cash for that code. |
|
Quoted:
Why isn't the sensitive info kept in a company wide intranet that doesn't have links to the www? Problem is, you've only got to get one lazy fool inside the system who copies anything and everything to a hard disk rather that mess about with logging on and stuff and the whole system goes to shit. |
|
Quoted: Quoted: Why isn't the sensitive info kept in a company wide intranet that doesn't have links to the www? Doesn't matter. The breaches occur when the spies (or idiot employees) carry information in a laptop or storage device, which is then compromised. If I were king for a day, I would place a hiring freeze on any military engineering or contracting jobs that involve foreign-born American citizens. I would fire all foreign-born employees currently working on sensitive militay projects, and I would triple the number of armed guards, random searches, and individual surveillance at installations which work on those projects. Anyone convicted of compromising security in any manner would get an automatic life sentence without possibility of parole, and anyone convicted of spying would be executed. When the F is our government going to stop pussy-footing around and begin taking this stuff seriously? THIS. |
|
Quoted:
Quoted:
Quoted:
Why isn't the sensitive info kept in a company wide intranet that doesn't have links to the www? Doesn't matter. The breaches occur when the spies (or idiot employees) carry information in a laptop or storage device, which is then compromised. If I were king for a day, I would place a hiring freeze on any military engineering or contracting jobs that involve foreign-born American citizens. I would fire all foreign-born employees currently working on sensitive militay projects, and I would triple the number of armed guards, random searches, and individual surveillance at installations which work on those projects. Anyone convicted of compromising security in any manner would get an automatic life sentence without possibility of parole, and anyone convicted of spying would be executed. When the F is our government going to stop pussy-footing around and begin taking this stuff seriously? THIS. Amen, information security is national security. We need to step up to the plate and get up to speed on information security and cyber warfare. |
|
Quoted:
Data at rest needs to be encrypted with real/proper encrypted. Wonder if this has anything related to the DoD ban on thumb drives. Yep… Were I work, no removables in the secure area, all the PC's have their CD drives and external ports removed and/or blanked off. Thumb drives verboten in general. |
|
Quoted:
Quoted:
Why isn't the sensitive info kept in a company wide intranet that doesn't have links to the www? Programs are so huge that you need to have connectivity between the prime contractor and the subs. Therefore it can't be completely isolated. Wrong. Sort of. The company wide networked stuff is unclassified, and hopefully it's behind a substantial firewall. The sensitive and proprietary stuff is on isolated small networks with no electronic connection to the rest of the world, except for the information that gets carried out on media by people. The story underlying the theft of BAE information worries me more than most stories of this type. |
|
Quoted:
Quoted:
Quoted:
Why isn't the sensitive info kept in a company wide intranet that doesn't have links to the www? Programs are so huge that you need to have connectivity between the prime contractor and the subs. Therefore it can't be completely isolated. Wrong. Sort of. The company wide networked stuff is unclassified, and hopefully it's behind a substantial firewall. The sensitive and proprietary stuff is on isolated small networks with no electronic connection to the rest of the world, except for the information that gets carried out on media by people. THIS… Every big info leak we get is always down to the same problem… people storing classified stuff off the secure servers on their laptops to save themselves time. |
|
i am betting the information was on some external sharepoint site sitting in a DMZ for access between BAE, NGC, and LM... that's the weakest link in this co-development stuff between multiple contractors...
this is only going to get worse before it gets better, and no single DoD contractor is to blame. C2 systems are being actively targeted by hackers originating somewhere in the eastern hemisphere... your first guesses are most likely 100% correct... |
|
Quoted:
Quoted:
Quoted:
Quoted:
Why isn't the sensitive info kept in a company wide intranet that doesn't have links to the www? Programs are so huge that you need to have connectivity between the prime contractor and the subs. Therefore it can't be completely isolated. Wrong. Sort of. The company wide networked stuff is unclassified, and hopefully it's behind a substantial firewall. The sensitive and proprietary stuff is on isolated small networks with no electronic connection to the rest of the world, except for the information that gets carried out on media by people. THIS… Every big info leak we get is always down to the same problem… people storing classified stuff off the secure servers on their laptops to save themselves time. who the fuck is your IS security manager? they should be fired. Are you talking USG/DoD Classified? or sensitive to your company? typically classified data is stored on physically separate networks with no Internet connection, the biggest problem is proprietary/for official use only stuff that people tend to safeguard much less... the DoD has been really trying to drill it into contractor's brains that proprietary/FOUO/export/ITAR controlled information is just as important as the classified data... people still don't fucking get it... people still think information assurance is simply an "annoyance" and it should just go away... unfortunately some of those people are in management positions... it fucking sucks |
|
Quoted:
Quoted:
Quoted:
Quoted:
Quoted:
Why isn't the sensitive info kept in a company wide intranet that doesn't have links to the www? Programs are so huge that you need to have connectivity between the prime contractor and the subs. Therefore it can't be completely isolated. Wrong. Sort of. The company wide networked stuff is unclassified, and hopefully it's behind a substantial firewall. The sensitive and proprietary stuff is on isolated small networks with no electronic connection to the rest of the world, except for the information that gets carried out on media by people. THIS… Every big info leak we get is always down to the same problem… people storing classified stuff off the secure servers on their laptops to save themselves time. who the fuck is your IS security manager? they should be fired. Are you talking USG/DoD Classified? or sensitive to your company? typically classified data is stored on physically separate networks with no Internet connection, the biggest problem is proprietary/for official use only stuff that people tend to safeguard much less... the DoD has been really trying to drill it into contractor's brains that proprietary/FOUO/export/ITAR controlled information is just as important as the classified data... people still don't fucking get it... people still think information assurance is simply an "annoyance" and it should just go away... unfortunately some of those people are in management positions... it fucking sucks I'm talking people like Very Senior Officers and project managers who can't be arsed with all that 'IT nonsence' as the often call it and put the entire war plans or highly classified technical data onto their laptop so them can run through it while sitting in front of the TV that night. Then some nimrod hotfoots it away with his laptop on the commute home or his little Princess uses Daddies laptop to share some files with her friend using P2P… Weak link here? You want to be the junior NCO or admin clerk who tells an Admiral or Company Director he can't do stuff? |
|
Quoted:
Quoted:
Quoted:
Quoted:
Quoted:
Why isn't the sensitive info kept in a company wide intranet that doesn't have links to the www? Programs are so huge that you need to have connectivity between the prime contractor and the subs. Therefore it can't be completely isolated. Wrong. Sort of. The company wide networked stuff is unclassified, and hopefully it's behind a substantial firewall. The sensitive and proprietary stuff is on isolated small networks with no electronic connection to the rest of the world, except for the information that gets carried out on media by people. THIS… Every big info leak we get is always down to the same problem… people storing classified stuff off the secure servers on their laptops to save themselves time. who the fuck is your IS security manager? they should be fired. Are you talking USG/DoD Classified? or sensitive to your company? typically classified data is stored on physically separate networks with no Internet connection, the biggest problem is proprietary/for official use only stuff that people tend to safeguard much less... the DoD has been really trying to drill it into contractor's brains that proprietary/FOUO/export/ITAR controlled information is just as important as the classified data... people still don't fucking get it... people still think information assurance is simply an "annoyance" and it should just go away... unfortunately some of those people are in management positions... it fucking sucks They do get it here. I'm working in an open area right now. There should be no classified work, but all of it is proprietary. I'm still amazed that I can walk by a desk that is not occupied and the computer is running wide open. In a closed area, that will get you one or two warnings, then you're gone as well as your clearances. o Ctrl-Alt-Del o Select "Lock Computer" on the pop up message o Then go to the meeting or lunch. If you leave the area, log off and lock your crap up; you might not be able to return. Simple stuff. We have thumb drives sprinkled in our parking lots occasionally, even around the buildings where the BCA work is conducted. Now you're thinking, "No one is dumb enough to plug a strange thumb drive into a computer." You would be wrong, although I haven't heard of an incident lately. Don't lose your personal drives in the parking lot if you value the contents as they get crushed. |
|
Quoted:
We have thumb drives sprinkled in our parking lots occasionally, even around the buildings where the BCA work is conducted. Now you're thinking, "No one is dumb enough to plug a strange thumb drive into a computer." You would be wrong, although I haven't heard of an incident lately. Don't lose your personal drives in the parking lot if you value the contents as they get crushed. are you doing it to see who is dumb enough to try this? or is this espionage attempts? or do your employees have a habit of littering the parking lot with thumb drives? the DoD thumb drive ban is related... anyone with SIPR access can read the full briefing... just don't discuss it here... |
|
Quoted:
Quoted:
We have thumb drives sprinkled in our parking lots occasionally, even around the buildings where the BCA work is conducted. Now you're thinking, "No one is dumb enough to plug a strange thumb drive into a computer." You would be wrong, although I haven't heard of an incident lately. Don't lose your personal drives in the parking lot if you value the contents as they get crushed. are you doing it to see who is dumb enough to try this? or is this espionage attempts? or do your employees have a habit of littering the parking lot with thumb drives? the DoD thumb drive ban is related... anyone with SIPR access can read the full briefing... just don't discuss it here... Well, I'm not doing it, I'm too cheap to buy thumb drives for that. This tactic was in use well before the DoD ban took place, pretty much as soon as thumb drives became common and low cost. There's no need to bait a trap, either. "Sprinkling" is a little bit of overstatement; you're not going to see drives uniformly scattered around as if they fell from the clouds. But they are found often enough. Another potential problem to watch for is paper thin RFID tags inside new books. |
|
Quoted: Quoted: Quoted: Quoted: Quoted: Quoted: Why isn't the sensitive info kept in a company wide intranet that doesn't have links to the www? Programs are so huge that you need to have connectivity between the prime contractor and the subs. Therefore it can't be completely isolated. Wrong. Sort of. The company wide networked stuff is unclassified, and hopefully it's behind a substantial firewall. The sensitive and proprietary stuff is on isolated small networks with no electronic connection to the rest of the world, except for the information that gets carried out on media by people. THIS… Every big info leak we get is always down to the same problem… people storing classified stuff off the secure servers on their laptops to save themselves time. who the fuck is your IS security manager? they should be fired. Are you talking USG/DoD Classified? or sensitive to your company? typically classified data is stored on physically separate networks with no Internet connection, the biggest problem is proprietary/for official use only stuff that people tend to safeguard much less... the DoD has been really trying to drill it into contractor's brains that proprietary/FOUO/export/ITAR controlled information is just as important as the classified data... people still don't fucking get it... people still think information assurance is simply an "annoyance" and it should just go away... unfortunately some of those people are in management positions... it fucking sucks They do get it here. I'm working in an open area right now. There should be no classified work, but all of it is proprietary. I'm still amazed that I can walk by a desk that is not occupied and the computer is running wide open. In a closed area, that will get you one or two warnings, then you're gone as well as your clearances. o Ctrl-Alt-Del o Select "Lock Computer" on the pop up message o Then go to the meeting or lunch. If you leave the area, log off and lock your crap up; you might not be able to return. Simple stuff. We have thumb drives sprinkled in our parking lots occasionally, even around the buildings where the BCA work is conducted. Now you're thinking, "No one is dumb enough to plug a strange thumb drive into a computer." You would be wrong, although I haven't heard of an incident lately. Don't lose your personal drives in the parking lot if you value the contents as they get crushed. Windows key + L |