Computer Spies Breach $300B Fighter-Jet Project 330
suraj.sun writes "Computer spies have broken into the Pentagon's $300 billion Joint Strike Fighter project — the Defense Department's costliest weapons program ever — according to current and former government officials familiar with the attacks. Similar incidents have also breached the Air Force's air-traffic-control system in recent months, these people say. In the case of the fighter-jet program, the intruders were able to copy and siphon off several terabytes of data related to design and electronics systems, officials say, potentially making it easier to defend against the craft."
Re:Open source. (Score:5, Informative)
I call bullshit, maybe (Score:5, Informative)
Any other data that was acquired was probably crap. I strongly suspect that this is another case of fear mongering by an organization trying to get additional funding.
The alternative, which is almost too scary for me to consider, is that we have changed our practices and now leave sensitive information critical to our defense on unprotected systems.
Re:Only a few terabytes? (Score:3, Informative)
Re:I call bullshit, maybe (Score:4, Informative)
I think to a great extent your perception of what the security around a lot of the F-35 program is a bit over zealous. F-35 is an ITAR program, which mainly means can't be worked on my foreign nationals. All the data is secured, but primarily its not on its own network. My guess is this data probably came out of a hack or someone who got access to something like a DOORS or Team Center server and just started grabbing stuff. Now granted, some things are greater protected than others. But I can say we work extensively on flight controls and other things of importance and security is there as more a nuisance than anything else.
Keep in mind F35 is not a black project. Those get their own network, machines locked behind big doors, big approval list to install programs, etc. F35 is such a large project with so many subcontractors that this doesn't surprise me one bit. Security is largly there to pass an audit, and that's about it.
This whole piece of largely fear mongering to get money approved to create some more bureucracy. Chances are nothing of importance was even gotten as the F35 will be exported to so many countries anyway.
Re:Do not underestimate Western-security procedure (Score:4, Informative)
The rest are in the private sector.
What you have left watching some of your servers can be seen thanks to Gary McKinnon.
http://en.wikipedia.org/wiki/Gary_McKinnon [wikipedia.org]
Counterfeit Cisco Gear Perhaps? (Score:4, Informative)
Feds Seize $78M of Bogus Chinese Cisco Gear
http://slashdot.org/article.pl?sid=08/02/29/1642221 [slashdot.org]
and
FBI Says Military Had Counterfeit Cisco Routers
http://it.slashdot.org/article.pl?sid=08/05/09/164201&from=rss [slashdot.org]
Lets see, extra chips on a piece of equipment that handles all the network traffic, which would include NFS and a variety of other plain text protocols (why would someone use encryption on a "secure" network). Add to that a sprinkling of Teredo
http://en.wikipedia.org/wiki/Teredo_tunneling [wikipedia.org]
And looks to me like it's very likely that someone could steal whatever they wanted.
Good thing all our corporate suppliers are bound by contracts that would totally be enforced by this foreign government who's providing the bogus equipment. Didn't think about that, did you, stupid corporate outsourcing asshat.
-Runz
Re:didn't deliver the goods? (Score:2, Informative)
Barely out of R&D? On the contrary, the F-35 has been under development since 2001, and it's had multiple test flights since 2006.
It's expected to be rolled out in 2 years.
As for it's not delivering, I seem to remember hearing of a study by RAND which raised concerns over its effectiveness in fighting multiple Russian craft.
You can read about it here :
http://img246.imageshack.us/img246/9283/jsfnews3pu5.jpg [imageshack.us]
Re:Do not underestimate Western-security procedure (Score:3, Informative)
Fake data? Bah. I'd much rather we plant bad information that will cause the most monumental non-nuclear explosion and fire ever seen from space [slashdot.org].
Re:Do not underestimate Western-security procedure (Score:1, Informative)
An F-35 would not be carrying a nuclear payload over China in the event of nuclear war. Delivery would be by other means, probably an SLBM.
Government Regs on How to Transmit Classified Data (Score:3, Informative)
http://nsi.org/Library/Govt/Nispom.html [nsi.org]
Especially pertinent here is Transmission policy for different types of classified data
http://nsi.org/Library/Govt/Nispom.html#link5 [nsi.org]
and network security
http://nsi.org/Library/Govt/Nispom.html#link8 [nsi.org]
Not exactly scintillating reading, but them's the rules.
Re:Do not underestimate Western-security procedure (Score:3, Informative)
"When the actual F-35 is deployed, it will defeat those countermeasures and deliver its nuclear payload to Beijing -- on time and on target."
Nice try. The F-35 is not a nuclear delivery system but a light tactical fighter-bomber.
Re:Only a few terabytes? (Score:4, Informative)
Turns out we already discussed that 5 years ago. http://slashdot.org/comments.pl?sid=98957&threshold=1&commentsort=0&mode=thread&pid=8438763 [slashdot.org]
The evidence seemed to point to the story being BS.