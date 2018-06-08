China Hacked a Navy Contractor and Secured a Trove of Highly Sensitive Data on Submarine Warfare (washingtonpost.com) 34
Ellen Nakashima and Paul Sonne, reporting for The Washington Post: Chinese government hackers have compromised the computers of a Navy contractor, stealing massive amounts of highly sensitive data related to undersea warfare -- including secret plans to develop a supersonic anti-ship missile for use on U.S. submarines by 2020, according to American officials. The breaches occurred in January and February, the officials said, speaking on the condition of anonymity to discuss an ongoing investigation. The hackers targeted a contractor who works for the Naval Undersea Warfare Center, a military organization headquartered in Newport, R.I., that conducts research and development for submarines and underwater weaponry. The officials did not identify the contractor. Taken were 614 gigabytes of material relating to a closely held project known as Sea Dragon, as well as signals and sensor data, submarine radio room information relating to cryptographic systems, and the Navy submarine development unit's electronic warfare library. The Washington Post agreed to withhold certain details about the compromised missile project at the request of the Navy, which argued that their release could harm national security.
... it was in the book 'The Cuckoo's Egg'.
I was about to post this, but you were first.
Could harm national security? (Score:2)
I think that horse has bolted and is grazing happily in a field right now.
You'd think a defense contractor would know not to store top secret information on internet accessible machines but I guess there's stupid in every organisation.
Yeah they were probably internet attached using Windows 7 Pro instead of the much more secure Windows 10 Enterprise
Hey! They used store it behind a Cisco firewall. That's safe, right? right?
You'd think a defense contractor would know
They have a really good example [fedscoop.com].
Here Come The Chinese Knockoff Submarines! (Score:1)
an AyePhone X
Aren't those made in Scotland?
I'm sure that the Chinese government has the same standards of quality as the factories that churn out cheap knock-offs of consumer products, amirite?
Sea "Dragon"? honeypot? (Score:2)
Just to remember. There was a time, long ago, when lots of security features were being developed and the NSA and other US security agencies intervened to make that more difficult.
Seriously? (Score:2)
Prove to me it wasn't intentional espionage. There's a million ways for a mole to plausibly leak sensitive information without the mole being discovered.
I have a hard time believing that in 2018, the gov't & its contractors, aren't locking down national security military secrets better than this. It's so close to unbelievable to me, that I have to wonder if this is misinformation left on a honeypot server. If the US gov't is really this loose with their classified information at this point in history....
I tell myself the same thing.
I'm almost willing to bet this is a honeypot operation and the leaked data is otherwise useless or better yet has faults built in that we can manipulate.
If not, there better be extreme punishments involved for the contractor in question and it should be through the military court system.
And how in the hell do they not notice 614 f*cking GIGABYTES of data being transferred? Their sysadmin just sat there and thought, "Derp derp, I wonder who is transferring so much data to IP addr
It's far easier to break a man's morals than encryption keys.
The rules for protecting Sensitive data are less stringent than for actually Classified data. (And just because some reporter uses the word 'secret', I'm not convinced from this article that the material was actually classified.)
If classified data was actually placed on a machine that was not properly secured, multiple people should go directly to jail. If this was a breach of a contractor system with 'FOUO' sensitive (but not classified) data, then there's a much higher bar for 'go to jail.' That being said, I'd fully expect there to be substantial consequences against the contractor, up to being kicked off and forbidden to bid on subsequent contracts.
So they were exfiltrating 10 Gigabytes a day from the contractor's network and nobody noticed?!!