Computer Spies Breach $300B Fighter-Jet Project 330
suraj.sun writes "Computer spies have broken into the Pentagon's $300 billion Joint Strike Fighter project — the Defense Department's costliest weapons program ever — according to current and former government officials familiar with the attacks. Similar incidents have also breached the Air Force's air-traffic-control system in recent months, these people say. In the case of the fighter-jet program, the intruders were able to copy and siphon off several terabytes of data related to design and electronics systems, officials say, potentially making it easier to defend against the craft."
A project for our worst enemies (Score:5, Insightful)
Why? (Score:5, Insightful)
Sloppy espionage ? (Score:5, Insightful)
Re:Only a few terabytes? (Score:1, Insightful)
Even if they're on an OC-192, (~10 Gbps) somebody should have noticed. A single terabyte would take some 13 minutes assuming they achieved full line speed. That's a lot of time for their systems to not be paying attention.
Besides, the connection is likely a lot smaller than that. It's not like the DoD wants to send anyone massive quantities to data on a regular basis.
If I'd spent 300 billion on a project (Score:3, Insightful)
If I'd spent 300 billion on a project that didn't deliver the goods, I might be tempted to stage an internet break in which would force the projects cancellation, saving face for all concerned.
Speaking of, how much money has been wasted on the missile defence shield? 4 years ago, they were saying 50 billion. Today I think it's up to 115 billion. And of course, it still doesn't work. (And most likely never will.)
Will we see a "break in" on that research any time soon?
Comment removed (Score:5, Insightful)
Open Air Policy (Score:5, Insightful)
Again reinforcing the need to return to the "Open Air Policy" that any secret or top secret network must have a "nothing but open air" between the secure system and unsecure system. Prior to the 90s many secure networks had a single cable, usually with a manual breaker, that would be enable only as a specific scheduled time, and the end point on the unsecure side was a single terminal (2 NICs, 1 to unsecure network on one subnet, then the secure network on another) where both network cards were phsyically impossible to operate at the same time (the reason for 2 NICs is the secure NIC is an encrypted card)
Seriously, you should never be able to tget from A -> B -> C where A is a public network and C is a secret or top secret network.
Hell last weekend I was at a shop where the DEV network was self contained and the only way they got code builds was compiled on the DEV network (12th floor) then sneaker-net'ed to the testing environment via optical disk (8th floor).
P.S.F.F The office on the 9th floor still has token ring... WTF who still uses Token Ring? Seriously? I mean it's friggin Token Ring... I remember working on Norwest Mortgage's (bought by Wells Fargo) token ring to ethernet conversion, what 12 years ago now... Jebus Rice that was a long time ago now it seems...
Comment removed (Score:2, Insightful)
didn't deliver the goods? (Score:4, Insightful)
The F-35 is barely out of R&D. It hasn't had a chance to "not deliver" yet.
Re:Only a few terabytes? (Score:5, Insightful)
> you feed plausible-looking but wrong information down the leaking conduit for as long as possible.
I assume it would be quite tricky to generate even a few gigabytes of plausible-looking 'data related to design and electronics systems' even if you had a whole day to prepare, and we are talking about multiple terabytes here, and while you are busy preparing the wrong information, the spies are still downloading the correct stuff. So unless you live in a movie where stuff that normally takes days can be done in 5 minutes when our protagonists start randomly pushing buttons on their keyboard with pretty pictures appearing on the screen accompanied by uninformative beeping sounds, it would probably be best to simply terminate the connection and start improving your security, look for backdoors that might have been installed, and so forth.
Re:Only a few terabytes? (Score:5, Insightful)
The more interesting question is why the DoD has sensitive information hooked up to the net in any way. The only way of ensuring net based attacks are unsuccessful is by disconnecting from the net. Sure you still have to ensure that the people using the terminals are on the up and up, but that's a lot easier than keeping a large network full of sekrit goberment stuff secure.
I'm always amazed that this sort of information would be stored and used on internet connected computers, it just seems like asking for trouble. Historically the DoD has done a pretty incompetent job of securing its systems, which really makes one wonder how many of these advancements are now in the works in foreign states.
Re:Do not underestimate Western-security procedure (Score:2, Insightful)
They're still people just like everyone else, with human limitations of attention, intelligence, resources, time...
The most likely scenario is that 98% of the info they grabbed is the real stuff. Maaaybe they seeded some wrong values into the schemata to try to minefield attempts to construct them, but the overall structure and general design were successfully stolen. They can't spend a ton of time putting in fake info because this is important information they're stealing while they work on inserting fakes, and even doctored designs can provide insight.
They don't have fake backups standing by because who has the time and resources to simultaneously produce real work and fake work in parallel(and from the same limited body of personnel with sufficient clearance?)
Re:Do not underestimate Western-security procedure (Score:5, Insightful)
Re:Do not underestimate Western-security procedure (Score:3, Insightful)
> "smart American intelligence officer" - in
> Georgia (country), Iraq (red zone) or 'near'
> Pakistan or Latin America.
> The rest are in the private sector.
They are civilians, not "private sector". Who their employer contracts to makes the difference. Civilian psyops specialists have always been a prominent part of theory and field work. The psyops 'bible' was written by a civilian: Dr. Paul "E.E. 'Doc' Smith" Linebarger.
As for the military intelligence people, what was said about planting false data about the plane applies to the external appearance of the intelligence community. You don't want the enemy to know how many troops you have and what their capabilities are. The same goes for your intelligence capabilities.
While the media reports various intelligence shortcomings and fuckups, and congress investigates same whether they happened or not, some of the smartest people you'll never meet are running around inside the Pentagon's various intelligence offices, and in and out of offices that same entirely different things on the door. Some of them are running an intelligence agency operating within the US, including field operations, that rivals the CIA in quantity and quality of results. Of course this can't be true because the US military is not allowed to conduct operations against US civilians without a federal decree of martial law, right?
Re:bad day for the airforce (Score:3, Insightful)
Re:Do not underestimate Western-security procedure (Score:2, Insightful)
When the actual F-35 is deployed, it will defeat those countermeasures and deliver its nuclear payload to Beijing -- on time and on target.
Why do you want to deliver a nuclear payload to Beijing or anywhere?
Is it your answer to the security problems?
I would say that a better way (better for the humankind) is to improve the safety of sensitive information and the defense, instead of looking where and how to send a nuke.
Do not say it is not what you meant, because it is exactly what you meant.
Re:Do not underestimate Western-security procedure (Score:3, Insightful)
"Why build one when you can build two for twice the price?"
Re:Open Air Policy (Score:1, Insightful)
Do not overestimate Western-security procedure (Score:3, Insightful)
Re:Only a few terabytes? (Score:2, Insightful)
Re:bad day for the airforce (Score:3, Insightful)
the marines, the army, the navy: they all have their own fighter wings
Didn't the Air Force start out as the Army Air Force, and then break off as its own military branch?
Re:A project for our worst enemies (Score:3, Insightful)
Yeah--good luck with polishing THAT turd, China.
Speaking of polishing turds. Is anyone else a bit appalled at the fact that we're spending 300 BILLION dollars on a fighter jet project? Come the **** on... We can already kick everyone on the planet's ass with amazing efficiency... Why more?
Lets check the KDR
~100k Iraqis vs ~4k US ... That's 25:1! And that's a very conservative estimate for Iraqi death.
It's not like we're ever going to war with a sophisticated Army anyway, they're all on our side!
300 billion dollars on new jets... I wish I had the $1000/citizen in tax dollars spent on something worthwhile.