US Military Aware Only Belatedly of Chinese Attacks Against Transport Contractor

itwbennett writes The Senate Armed Service Committee released on Wednesday an unclassified version of a report (PDF) commissioned last year to investigate cyberattacks against contractors for the U.S. Transportation Command (TRANSCOM). The report alleges that the Chinese military successfully stole emails, documents, login credentials and more from contractors, but few of those incidents were ever reported to TRANSCOM. During a one-year period starting in June 2012, TRANSCOM contractors endured more than 50 intrusions, 20 of which were successful in planting malware. TRANSCOM learned of only two of the incidents. The FBI, however, was aware of 10 of the attacks.

real computer systems?

[iggymanz]

were these merely successful attacks against Windows machines, or were the systems running a real operating system?

Re: real computer systems?

[amiga3D]

It hardly matters. What matters is that as usual the agencies responsible for catching this stuff are too busy spying on Americans to do their real job. 9/11 came and went and they didn't learn a thing. Incompetent as ever.

Re:

[iggymanz]

oh, but for 9/11 those agencies really were watching the perps to see what they would do. And we all saw what they did.

Re:

[ThatsNotPudding]

9/11 came and went and they didn't learn a thing. Incompetent as ever.

Far more pointedly: the Boston Marathon came and went. So either they let it happen to gain even more power [adjusts tinfoil hat], or all the 'post 9/11' security is total, absolute bullshit, with everything to do with career advancement then an early retirement to a payment in kind consulting gig, and nothing at all to do with the Fath^H^H^H^H Homeland.

Re:

[GameboyRMH]

The latter is closer, but I think they were so busy setting up their giant McCarthytron and trying to catch the first signs of the coming Western Spring that they forgot to look for *actual terrorists.* Dzokhar Tsarnaev did the digital equivalent of setting up giant neon signs saying "TERRORIST HERE!" and the NSA didn't notice.

The FBI was probably too busy grooming pissed off young Muslims into "terrorists" they could arrest and parade in front of the media.

Re:

[Himmy32]

Of course, if everyone was running my favorite OS, we wouldn't have any security vulnerabilities. It of course has to do with the OS and not that the users have enough rights to run unknown code from an email.

Time to ping flood those commies!!

[Obscene_CNN]

Time to ping flood those commies back to dial up!!

How about some punishments on the contractors?

[Anonymous Coward]

Where I live, it is a criminal offense (misdemeanor), to leave a vehicle running with the keys in the ignition if it it is stolen in a bad neighborhood.

China is China. Do you blame a coyote for snatching a chunk of raw meat left on the ground for a few hours unattended? What needs done is to have all contracts by the companies that have had this problem [1] either pulled, or at least rewritten with stiff penalties (criminal and civil) if there are breaches, especially ones that are not reported. Real pen

Punishment Tricky

[Etherwalk]

The problem with punishing companies with bad security is that it discourages self-reporting. We *want* companies to report and rectify the problems.

What we should do is penalize it, but not if it is promptly reported.

Re:

[Swave An deBwoner]

TRANSCOM learned of only two of the incidents.

Apparently they didn't know that they were compromised.

Hooray for privatization of government functions.

Time to get it on!

[AndyKron]

It sounds like China is hurting the USA more than countries in the Middle East are, so when does the bombing start in China?