Forgot your password?
typodupeerror
Security The Military United States

Computer Spies Breach $300B Fighter-Jet Project 330

Posted by CmdrTaco
from the we're-still-number-one-at-this dept.
suraj.sun writes "Computer spies have broken into the Pentagon's $300 billion Joint Strike Fighter project — the Defense Department's costliest weapons program ever — according to current and former government officials familiar with the attacks. Similar incidents have also breached the Air Force's air-traffic-control system in recent months, these people say. In the case of the fighter-jet program, the intruders were able to copy and siphon off several terabytes of data related to design and electronics systems, officials say, potentially making it easier to defend against the craft."
This discussion has been archived. No new comments can be posted.

Computer Spies Breach $300B Fighter-Jet Project

Comments Filter:
  • by elrous0 (869638) * on Tuesday April 21, 2009 @09:27AM (#27659205)
    Yeah--good luck with polishing THAT turd, China.
    • by reporter (666905) on Tuesday April 21, 2009 @10:28AM (#27660167) Homepage
      Do not underestimate the cleverness of American-intelligence procedures.

      Note that Chinese intruders succeeded in numerous attempts at downloading information related to the F-35 jet fighter. After the 1st such attempt, American intelligence would have become aware of the incident.

      If you were a smart intelligence officer, what would you do after the 1st attempt?

      You would not publicly announce the breach of security. Rather, you would plant false data into the same computer which was compromised. When the Chinese hacker returns to it to download even more information, then he would get gigabytes of fake data.

      The aim is for the Chinese military to develop countermeasures against F-35 performance characteristics that does not exist. When the actual F-35 is deployed, it will defeat those countermeasures and deliver its nuclear payload to Beijing -- on time and on target.

    • Re: (Score:3, Insightful)

      by joocemann (1273720)

      Yeah--good luck with polishing THAT turd, China.

      Speaking of polishing turds. Is anyone else a bit appalled at the fact that we're spending 300 BILLION dollars on a fighter jet project? Come the **** on... We can already kick everyone on the planet's ass with amazing efficiency... Why more?

      Lets check the KDR

      ~100k Iraqis vs ~4k US ... That's 25:1! And that's a very conservative estimate for Iraqi death.

      It's not like we're ever going to war with a sophisticated Army anyway, they're all on our side!

      300 billion dollars on new jets... I wish I had the $10

  • by Anonymous Coward on Tuesday April 21, 2009 @09:28AM (#27659211)

    I thought I was downloading the latest Windows 7 beta candidate
    boy is my face red.

    (ob: what's that knock on my door, I'll be *NO CARRIER*)

  • by Kayden (1406747) on Tuesday April 21, 2009 @09:28AM (#27659217)
    What kind of connection do you need to have to get away with several terabytes of data before someone notices? Users on my network get pissy when someone downloads a few dozen megs.
    • by Spazztastic (814296) <(spazztastic) (at) (gmail.com)> on Tuesday April 21, 2009 @09:30AM (#27659259)

      What kind of connection do you need to have to get away with several terabytes of data before someone notices? Users on my network get pissy when someone downloads a few dozen megs.

      Probably because they aren't on some residential asynchronous connection. I imagine them to be on at least something near a SONET [wikipedia.org] connection.

    • by Opportunist (166417) on Tuesday April 21, 2009 @09:30AM (#27659265)

      (cue spy mike in the cafeteria a few days ago)

      "Bob, is it me or is the network reeeeally slow again t'day?"
      "Yeah, wonder what the goons in IT are pissin' with today. Wish they'd tell us that before they start rewiring everything."

    • Re: (Score:2, Funny)

      by aliquis (678370)

      As a Swedish pirate [thepiratebay.org] with a fast cheap Internet connection [slashdot.org] all I can say is:

      Future Gripen upgrade is imminent, take that Norway [airliners.net]! :D

      Welcome to the future [wikipedia.org].

    • Re: (Score:3, Interesting)

      by AHuxley (892839)
      Same as you needed in 1989.
      A few lines of code and a modem.
      Its not about downloading "terabytes" in realtime.
      You shift it onto other networks and collect it later.
      You got in on other networks, other networks can carry your data out.
      A few more or less 'terabytes' on many networks is a nights spam.
      Nobody is looking. When they do, your data is safe in its new home.
    • Re: (Score:2, Interesting)

      by xystren (522982)

      So "someone" had downloaded a few terabytes... Has anyone thought about what if some of the design/code has been changed? I would view that as a major threat also. Imagine a bug in the fire control systems that would prevent a weapon from firing when a certain signal is received? Or a limiter that would impact maneuverability during combat situation? We see this sort of thing with malware/spyware/adware all the time. Is it that inconceivable to see it in this kind of situation? What if the data breech is t

    • Re: (Score:2, Funny)

      by pmarini (989354)
      does it mean that the FBI, NSA and Big Brother AT&T also have a copy of these thanks to wholesale wiretapping?
    • by CopaceticOpus (965603) on Tuesday April 21, 2009 @11:32AM (#27661211)

      Try switching to Comcast(TM)! Their advanced security features would have detected this breach and put a stop to it after only a mere 250G was transferred. It's Comcastic(TM)!

      (I just hope the spies didn't discover the fighter's only weakness, a small thermal exhaust port...)

  • Why? (Score:5, Insightful)

    by rotide (1015173) on Tuesday April 21, 2009 @09:28AM (#27659225)
    Why are these sensitive systems connected to the public internet. Either directly or indirectly, whose bright idea was it? If you need a computer in the lab connected to the internet, fine, just keep the infrastructure seperate.
    • Re:Why? (Score:5, Funny)

      by Spazztastic (814296) <(spazztastic) (at) (gmail.com)> on Tuesday April 21, 2009 @09:32AM (#27659281)

      Why are these sensitive systems connected to the public internet. Either directly or indirectly, whose bright idea was it? If you need a computer in the lab connected to the internet, fine, just keep the infrastructure seperate.

      You see, they weren't actually. They were on a private network but they were able to siphon off data by hanging a bucket off of the network cable and cutting a hole in it. The bits fell into the bucket, and the rest is history...

    • Re: (Score:2, Interesting)

      by Opportunist (166417)

      Because

      a) it is easier.
      b) it is cheaper.
      c) some bigwig from marketing/management "needed it".
      d) the el cheapo admins couldn't figure out how to firewall it (or just didn't want to bother because, hey, government job, nobody gets fired just for being lazy).
      e) all of the above.

    • Re:Why? (Score:4, Interesting)

      by Thanshin (1188877) on Tuesday April 21, 2009 @09:35AM (#27659347)

      If you need a computer in the lab connected to the internet, fine, just keep the infrastructure seperate.

      You live in the past. Haven't you heard of the new airborne virii?

      They're technically called. "I work in a lab and don't know shit about computers so I regularly download all info into my personal portable".

    • Re:Why? (Score:5, Interesting)

      by QuantumRiff (120817) on Tuesday April 21, 2009 @09:39AM (#27659421)

      the secret data wasn't on the internet, according to the article. It was not compromised. Only "sensitive" data was compromised. So while they might be able to infer information about the fighter, and its capabilities, they don't have the design and code for it.

    • by bconway (63464)

      They weren't. Unfortunately, some simpleton decided it was easier to plug his laptop into the secure network without first disabling his Wifi connection to the public network. "Oops."

      • by lawaetf1 (613291)

        Which assumes there is a open wifi connection in the area. That alone is unacceptable for any building/office that houses even "sensitive" data. 802.11b/g/n should all be jammed as well as the walls/windows lined with RF blocking mesh.

        The guys running the .mil networks are a bit like union folk -- not actively seeking to make things worse but not staying up late to keep the holes plugged either. They'll have some laughably lopsided security approach -- pressurized conduit piping for CAT5 but servers runn

    • by gentlemen_loser (817960) on Tuesday April 21, 2009 @09:59AM (#27659729) Homepage
      Systems containing classified data are NEVER connected to the internet. Any classified data that was siphoned off was left their either maliciously or through stupidity by someone on the inside. In either case, if this really did happen, the person should be tried for treason. Not only are these other networks locked down from the internet, they are also locked down physically - kept away from windows, often in a vault and physical access is tightly controlled.

      Any other data that was acquired was probably crap. I strongly suspect that this is another case of fear mongering by an organization trying to get additional funding.

      The alternative, which is almost too scary for me to consider, is that we have changed our practices and now leave sensitive information critical to our defense on unprotected systems.
      • by sunking2 (521698) on Tuesday April 21, 2009 @10:27AM (#27660153)

        I think to a great extent your perception of what the security around a lot of the F-35 program is a bit over zealous. F-35 is an ITAR program, which mainly means can't be worked on my foreign nationals. All the data is secured, but primarily its not on its own network. My guess is this data probably came out of a hack or someone who got access to something like a DOORS or Team Center server and just started grabbing stuff. Now granted, some things are greater protected than others. But I can say we work extensively on flight controls and other things of importance and security is there as more a nuisance than anything else.

        Keep in mind F35 is not a black project. Those get their own network, machines locked behind big doors, big approval list to install programs, etc. F35 is such a large project with so many subcontractors that this doesn't surprise me one bit. Security is largly there to pass an audit, and that's about it.

        This whole piece of largely fear mongering to get money approved to create some more bureucracy. Chances are nothing of importance was even gotten as the F35 will be exported to so many countries anyway.

      • Check out the DoD's guidelines for securing classified data:
        http://nsi.org/Library/Govt/Nispom.html [nsi.org]

        Especially pertinent here is Transmission policy for different types of classified data
        http://nsi.org/Library/Govt/Nispom.html#link5 [nsi.org]
        and network security
        http://nsi.org/Library/Govt/Nispom.html#link8 [nsi.org]

        Not exactly scintillating reading, but them's the rules.
    • by e-scetic (1003976)

      Why are these sensitive systems connected to the public internet.

      They don't have to be connected to the public internet. Maybe they used some form of vampire tap. [wikipedia.org]

      Someone working on the project who has access to the long cable runs between computers could simply attach this thing at any number of hidden junctions. Even if it weren't hidden, the majority of people walking past it wouldn't even know what it is, it looks like regular equipment.

      It does mean that for it to work there would have to be moles on

  • Sloppy espionage ? (Score:5, Insightful)

    by Davemania (580154) on Tuesday April 21, 2009 @09:33AM (#27659307) Journal
    Not to downplay this event but I really wonder why we don't hear much about espionage from western countries ? Are they better at it (rather than using malware or commonly avaliable tools) ? I am sure the Chinese etc have equally vulnerable systems.
    • Not to downplay this event but I really wonder why we don't hear much about espionage from western countries ? Are they better at it (rather than using malware or commonly avaliable tools) ? I am sure the Chinese etc have equally vulnerable systems.

      They're the only ones who get caught.

    • Re: (Score:3, Funny)

      by oldspewey (1303305)
      Of course the US routinely penetrates Chinese systems in order to steal military secrets ... and in response we have developed an absolutely airtight national defence against the Mig-19 and all its variants.
      • Re: (Score:3, Funny)

        The MIG-23 is a awesome jet, but if we wanted any secrets from it, all we had to do was buy one for $20,000 and a case of vodka during the breakup of the Soviet Union.
    • Well, I could be oversimplifying it, but lets take the following scenario... I sit down at my home in the US, run some scripts, hack a Chinese government computer, brag to my friends, etc... Someone from China's government calls someone here in the US, they track my ass, throw me in a detainment cell for an indefinite period of time for being a "terrorist".

      Now, I sit down in my home in China, run some scripts, hack a US government computer, brag to my friends, etc.... Someone from the US government calls..
      • by Thanshin (1188877) on Tuesday April 21, 2009 @09:52AM (#27659635)

        Now, I sit down in my home in China, run some scripts, hack a US government computer, brag to my friends, etc.... Someone from the US government calls... wait a minute, no they didn't. No one even cared. But lets pretend they did care and they called some official in China and told them what was going on... *LAUGHTER AND LOTS OF POINTING* from the Chinese side.

        I sit down in my home in Spain, run some scripts, hack a US government computer, brag to my friends, etc.... Someone from the spanish government takes a sip from his third coffee of the morning while vaguely rememorating the last time he did some work, many years before. Then, he decides it's a perfect day to go home before noon and leaves.

        • by AHuxley (892839)
          Someone from the US government calls and passes a tip about an ETA operation.
          Someone from the Spanish government takes a sip from his third coffee of the morning
          while vaguely rememorating the last time he did some work, many years before in GAL (Anti-terrorist Liberation Groups).
          Then, he decides it's a perfect day to go home before noon and leaves.
        • Damnit, that sounds like a job for me!!.

          Think I can get away with not learning Spanish first?

          You, mister hacker sir, I know what you are doing. I need you to give me copies of all your Pr0n to keep me... um... occupied and quiet.

    • by CHK6 (583097) on Tuesday April 21, 2009 @09:40AM (#27659427)
      It probably stems from a few reasons.

      1) a foreign country doesn't want to loose face and admit to losing sensitive data.

      2) losing such data in a foreign country would mean death for those that were ment to prevent the theft. So they don;t report it.

      3) The computer network holding the sensitive data is not connected in anyway to a national or intercontinental network. Thus the need for old fashion spies with feet on the ground.

      4) Just as you said, Western techniques are so good, foreign governments don't have a clue.
      • Re: (Score:3, Funny)

        by m50d (797211)
        1) a foreign country doesn't want to loose face

        Yeah, they'd end up looking rather slack-jawed.

      • by cgenman (325138)

        5) It's not really *shocking news* to western news outlets when we do it? [xinhuanet.com]

        6) We're a bit less subtle about it. We've already admitted to Echelon [wikipedia.org], extensive wiretapping [npr.org] at the carrier level, etc. We've also got Gitmo, prisoner torture, and two wars going for us. Simple spying barely registers.

    • by Kozz (7764)

      Not to downplay this event but I really wonder why we don't hear much about espionage from western countries ? Are they better at it (rather than using malware or commonly avaliable tools) ? I am sure the Chinese etc have equally vulnerable systems.

      Perhaps it's not that western countries are better at it, but that their victims (choose your non-western country) don't have the skills/resources to detect said spying?

    • 1) Because we are the west

      2) For this particular espionage, we are the most vunerable/biggesst target. We spend more on weapons development than the rest of the world combined.

    • by Talisman (39902)

      Everyone gets hacked.

      We're just more open about it.

      You really think the Chinese or Russian or Iranian or North Korean governments would admit publicly to getting hacked?

    • by Xest (935314)

      It's probably because most of our enemies are using kit we sold them in the first place.

      That or they're flying around in what are effectively lumps of turd that we can't learn anything from anyway.

    • by Halo1 (136547)

      Not to downplay this event but I really wonder why we don't hear much about espionage from western countries ? Are they better at it (rather than using malware or commonly avaliable tools) ? I am sure the Chinese etc have equally vulnerable systems.

      Western countries spy (also on each other) using stuff like ECHELON, mainly for industrial spionage purposes, and this fact is well-documented and public knowledge. See e.g. the European Parliament's ECHELON report [europa.eu] (search for "Published cases").

  • counterinteligence (Score:3, Interesting)

    by deathguppie (768263) on Tuesday April 21, 2009 @09:34AM (#27659325)

    There is just as good a chance that the information stolen is bad information, as there is that it is good information. Now the Chinese/Russian spies need to determine what is and isn't good information from what they stole

  • by dtml-try MyNick (453562) <litheran@PASCALgmail.com minus language> on Tuesday April 21, 2009 @09:38AM (#27659387)

    2009, the year of the open source Jet Fighter.

    • Re:Open source. (Score:5, Informative)

      by TheRaven64 (641858) on Tuesday April 21, 2009 @09:52AM (#27659629) Journal
      Actually it won't, and this is one of the reasons a few countries pulled out of the JSF project. The DoD is refusing to release source code for the weapons-control systems and their partners did not want to be flying expensive fighters when they had not been able to audit the code that controlled the weapons and had no idea if the USA had added a remote kill switch (the key for which had then been stolen by enemy-of-the-day and used to disable the fighters).
      • Re:Open source. (Score:4, Interesting)

        by Anonymous Coward on Tuesday April 21, 2009 @11:51AM (#27661585)

        It's not the DoD, it's the Department of State. Stupid ITAR. I have to deal with it, because I (used to) manufacture a small amount of small arms ammunition (largely specialty loads for uncommon, or almost extinct cartridges, you might say) for consumption ONLY in the US. Not only do you have to register fingerprints, bodily fluids and your first born son with the BATF to get the license to manufacture ammo for sale, you have to pay the DoS about 1700 a year, to register as a manufacturer.

        I didn't know about ITAR upfront, and after updating their policies, and only really began learning about it after the BATF reported me to the DoS after several years of putting along, manufacturing about 6000 rounds a year and having fun--it didn't pay a whole lot, but it was a part time business that was actually growing. The back fees put me out, and I had to rescind my 06 FFL for making ammo to avoid going bankrupt.

        The premise is, it's supposed to keep our military secrets from falling into enemy hands, but it has such a broad scope that it effects tons of people who don't work on anything remotely sensitive--and good luck trying to get an exemption. It might not be so bad, but it effects lots of people doing no exporting whatsoever, and it also affects academics doing research in fields which are not always so obviously related to armaments... It only adds insult to injury, to see that all of this registration bullshit fails so completely in protecting the REAL secrets. Though, I'm not surprised to learn that it was a government office which was compromised.

        It's all the more more frustrating to know that they won't learn a fucking thing from this. If only the pentagon were forced to pay a multi-million dollar fee to the DoS, like a private corporation would.

  • by VShael (62735) on Tuesday April 21, 2009 @09:42AM (#27659459) Journal

    If I'd spent 300 billion on a project that didn't deliver the goods, I might be tempted to stage an internet break in which would force the projects cancellation, saving face for all concerned.

    Speaking of, how much money has been wasted on the missile defence shield? 4 years ago, they were saying 50 billion. Today I think it's up to 115 billion. And of course, it still doesn't work. (And most likely never will.)

    Will we see a "break in" on that research any time soon?

  • Bang for my buck (Score:3, Interesting)

    by KneelBeforeZod (1527235) on Tuesday April 21, 2009 @09:42AM (#27659461)
    300 Billion taxpayer dollars?!? Do they transform into giant robots?
    • Re: (Score:2, Insightful)

      by Absolut187 (816431)

      Hey, at least we didn't waste that money on education or something stupid like that..

    • by Kamokazi (1080091)

      Well, it's $300B, but it's not all US Taxpayer money (most of it is). The second biggest backer is the UK, and it's also being funded by Australia, Denmark, Italy, Netherlands, Norway, and Turkey. That's why it's called the JOINT Strike Fighter...we are developing it jointly with other nations.

      It's been disigned to be quite versatile with several variants. The most unique thing being Vertical Take-Off and Landing (VTOL) capability, as it is intended to replace the Harrier in the UK. It also has stealth

  • this is the second (Score:5, Insightful)

    by nimbius (983462) on Tuesday April 21, 2009 @09:46AM (#27659517) Homepage
    article blaming china for hacking in the past 6 months. the US must always have an enemy it seems.

    first they say "many details couldnt be learned" such as origin, then the article does an about face and implies it came from china...are we just blaming the new kid for everything!?

    could this "breech" have been some misinterpretation of say, a backup job being run? the US Navy has a history of this http://en.wikipedia.org/wiki/Iran_Air_Flight_655 [wikipedia.org]
  • Open Air Policy (Score:5, Insightful)

    by kenp2002 (545495) on Tuesday April 21, 2009 @09:48AM (#27659561) Homepage Journal

    Again reinforcing the need to return to the "Open Air Policy" that any secret or top secret network must have a "nothing but open air" between the secure system and unsecure system. Prior to the 90s many secure networks had a single cable, usually with a manual breaker, that would be enable only as a specific scheduled time, and the end point on the unsecure side was a single terminal (2 NICs, 1 to unsecure network on one subnet, then the secure network on another) where both network cards were phsyically impossible to operate at the same time (the reason for 2 NICs is the secure NIC is an encrypted card)

    Seriously, you should never be able to tget from A -> B -> C where A is a public network and C is a secret or top secret network.

    Hell last weekend I was at a shop where the DEV network was self contained and the only way they got code builds was compiled on the DEV network (12th floor) then sneaker-net'ed to the testing environment via optical disk (8th floor).

    P.S.F.F The office on the 9th floor still has token ring... WTF who still uses Token Ring? Seriously? I mean it's friggin Token Ring... I remember working on Norwest Mortgage's (bought by Wells Fargo) token ring to ethernet conversion, what 12 years ago now... Jebus Rice that was a long time ago now it seems...

  • ...that not every network needs to be connected to the Internet. It sounds like an almost absurd idea, I know.

  • by British (51765) <british1500@gmail.com> on Tuesday April 21, 2009 @09:55AM (#27659663) Homepage Journal

    I know someone who was involved with this. They stored the project's blueprints on a video game cartridge. It could only be accessed if you played all the way through the end of the game. After that, the blueprints showed, wireframe graphics & all.

  • General Tagge: What of the Rebellion? If the Rebels have obtained a complete technical reading of [the Joint Strike Fighter], it is possible, however unlikely, they might find a weakness and exploit it.

    Darth Vader: The plans you refer to will soon be back in our hands.

    Admiral Motti: Any attack made by the Rebels against [the Joint Strike Fighter] would be a useless gesture, no matter what technical data they have obtained. [The Joint Strike Fighter] is now the ultimate power in the universe. I suggest we us

  • Every time info gets stolen. It's the reds, those commy bastards! Can we please move on its been 20 years. Honestly it could have been one or some of millions of people. Why are we pointing our finger at someone with out even anything pointing to them. There aren't even leads never mind proof. Come on /. I thought we were better than this...

    On second thought I didn't but still come onnnnnn...
    • Every time info gets stolen. It's the reds, those commy bastards! Can we please move on its been 20 years.

      First the Chinese are always busted with unsubtle spying operations like this, and the Chinese have aspirations of displacing the United States as a superpower. One could argue that the other block, the European Union, would be culpable but they are a JSF partner first, and have better spies anyway. If the Europeans, particularly the British, were spying on us, we just wouldn't know it.

      It could be th

  • The question is, will this delay Half-Life 2?

    Oh wait, wrong excuse.

  • However it can be extremely difficult to determine the true origin because it is easy to mask identities online.

    If the government acted like the RIAA some poor farmer in China with a 10 GB hard drive would already be in jail because it was clearly them who broke in to the network as the intruding IP address belonged to them.

    Sometimes it is nice to see a bit of common sense involved.

  • I'm pretty sure that doesn't hold a torch to the Manhattan project, which cost over $1B at the time. Adjust that for inflation, and it's about $1T.

  • It's shit like this that shakes my faith in government conspiracies and the existence of men in black.

  • The Obama administration is likely to soon propose creating a senior White House computer-security post to coordinate policy and a new military command that would take the lead in protecting key computer networks from intrusions, according to senior officials.

    So the solution is to create new high-level posts in the government. Somehow I am skeptical that this will quickly and thoroughly solve the problem.

  • by RunzWithScissors (567704) on Tuesday April 21, 2009 @10:54AM (#27660515)
    You may remember that /. ran the following several stories:
    Feds Seize $78M of Bogus Chinese Cisco Gear
    http://slashdot.org/article.pl?sid=08/02/29/1642221 [slashdot.org]
    and
    FBI Says Military Had Counterfeit Cisco Routers
    http://it.slashdot.org/article.pl?sid=08/05/09/164201&from=rss [slashdot.org]

    Lets see, extra chips on a piece of equipment that handles all the network traffic, which would include NFS and a variety of other plain text protocols (why would someone use encryption on a "secure" network). Add to that a sprinkling of Teredo
    http://en.wikipedia.org/wiki/Teredo_tunneling [wikipedia.org]

    And looks to me like it's very likely that someone could steal whatever they wanted.

    Good thing all our corporate suppliers are bound by contracts that would totally be enforced by this foreign government who's providing the bogus equipment. Didn't think about that, did you, stupid corporate outsourcing asshat.

    -Runz
  • by viralMeme (1461143) on Tuesday April 21, 2009 @11:22AM (#27661039)
    "The Joint Strike Fighter, also known as the F-35 Lightning II, is the costliest and most technically challenging weapons program the Pentagon has ever attempted. The plane, led by Lockheed Martin Corp., relies on 7.5 million lines of computer code, which the Government Accountability Office said is more than triple the amount used in the current top Air Force fighter"

    Ohh, fuck .. Lockheed's F-22 Raptor Gets Zapped by International Date Line [freerepublic.com]

    I recall one where the pilot wondered what would happen if he pressed the 'gear up' lever while still on the ground. The gear retracted and the aircraft was severely damaged.

"We learn from history that we learn nothing from history." -- George Bernard Shaw

Working...