Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
China Security The Military United States

Chinese Hackers Breach US Navy Contractors (wsj.com) 61

Chinese hackers are breaching Navy contractors to steal everything from ship-maintenance data to missile plans, triggering a top-to-bottom review of cyber vulnerabilities, WSJ reported Friday, citing officials and experts. From the report: A series of incidents in the past 18 months has pointed out the service's weaknesses, highlighting what some officials have described as some of the most debilitating cyber campaigns linked to Beijing. Cyberattacks affect all branches of the armed forces but contractors for the Navy and the Air Force are viewed as choice targets for hackers seeking advanced military technology, officials said. Navy contractors have suffered especially troubling breaches over the past year, one U.S. official said. The data allegedly stolen from Navy contractors and subcontractors often is highly sensitive, classified information about advanced military technology, according to U.S. officials and security researchers. The victims have included large contractors as well as small ones, some of which are seen as lacking the resources to invest in securing their networks. One major breach of a Navy contractor, reported in June, involved the theft of secret plans to build a supersonic anti-ship missile planned for use by American submarines, according to officials.
This discussion has been archived. No new comments can be posted.

Chinese Hackers Breach US Navy Contractors

Comments Filter:
  • by lionchild ( 581331 ) on Friday December 14, 2018 @11:50AM (#57803768) Journal

    Clearly, contract requirements should also now include proof of engagement in best practices of network and data security.

    • by CaptainDork ( 3678879 ) on Friday December 14, 2018 @12:32PM (#57803994)

      That will not fix the problem.

      Nothing will.

      IT has been recommending best practices for decades and top brass shrug it off.

      A fucking document will not plug the fucking hole. The military contractors are as hardened as Equifax and Yahoo!, right? What's a document going to do?

      When contractors included security as an option in their bids, the Feds said it was too much - get costs under control.

      • by Anonymous Coward

        As long as security is seen as a costly "option" then decision makers will routinely choose the cheaper option. Until security violations start having real consequences for the decision makers who choose to be exposed to them, things will not change.

        • This is precisely the cure --- litigation --- and in this case it's the feds.

          Look at Snowden. He's a contractor who walks in and out with the fucking keys to the store. How much has the government learned since then? Apparently, not much. Contractors are not committed military personnel, though that does open the door to criticize the Manning deal where "need to know," was replaced by, "must have Lady Gaga CD."

          Companies are hacked daily and they don't know about it until the data shows up for sale on the Da

    • what about an code red for the ceo/vp/board? or maybe an treason trial with death on the table?

    • This already exists and is managed by the Defense Security Service (DSS) and is mandated by an Executive Order:

      https://www.dss.mil/isp/index.... [dss.mil]
      https://www.archives.gov/isoo/... [archives.gov]

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      Since December 31, 2017, contract requirements do require showing engagement in best practices of network and data security.

      https://www.nist.gov/mep/cyber... [nist.gov]

  • by Lucas123 ( 935744 ) on Friday December 14, 2018 @11:59AM (#57803816) Homepage

    "One major breach of a Navy contractor, reported in June, involved the theft of secret plans to build a supersonic anti-ship missile planned for use by American submarines, according to officials."

    When contractors are held criminally responsible for their poor security resulting in military secrets being stolen by our enemies, then maybe they'll get serious about plugging the holes.

    • Maybe they should be charged with espionage?
    • by Ken McE ( 599217 ) <kenmce@@@spamcop...net> on Friday December 14, 2018 @12:16PM (#57803900)

      When contractors are held criminally responsible for their poor security resulting in military secrets being stolen by our enemies, then maybe they'll get serious about plugging the holes.

      If you hold them responsible for being the victim of a crime, they'll stop reporting crimes.

    • "stolen" or sold? A lot of product is moved that way. You put a box out in the middle of the desert (or a small port in Libya), someone comes and picks it up, sometimes in grand fashion with lots of pyrotechnics. Makes the deniability even more plausible.

    • You missed it by that much.

      Contractors are not responsible. They present proposals and the military line-item veto pieces and parts and security is the first to go.

      Contractors cover their asses and have incriminating evidence that will show that security costs were cut to meet budget restrictions.

    • by EvilSS ( 557649 )
      Nah, that won't work. They will just pony up a scapegoat from the company to take the fall. Want to really hurt them? Ban the company, and the executives (so they can't just roll a new corp out under a new name) from government contracts for 5 years for the first incident, 10 years second, forever third. No appeals, no exceptions.
  • by OneHundredAndTen ( 1523865 ) on Friday December 14, 2018 @12:11PM (#57803866)
    Contractors using Windows. After all, the Navy seems to be married to Windows, even when it cripples its battleships.
    • Most of the military uses Windows in one capacity or another. It's horrifying, but true. I just hope really hard they never "upgrade" the USAF Missileers off the ancient IBM systems they use to M$ anything. We'd all get self-nuked about 15 minutes later. Wouldn't even be Skynet either, just a BSOD.
  • by Seven Spirals ( 4924941 ) on Friday December 14, 2018 @12:19PM (#57803922)
    I worked for years as a security analyst mainly just developing exploits and pen-test frameworks. I have to say that I'm now completely disillusioned with IT security and it now bores me to tears. The Chinese and/or other state actors have stolen soooooo fucking much from us. The F35, hypersonic missiles, complete lists of government agents/employees from the OMB, the list is very very long. You partisans will probably all assume I am a Trump-lover but I don't like him. I do, however, have to admit that he seems to at least be able to talk about Chinese IP theft unlike 99% of other politicians who just seem so sprung on the globalism gravy train they can't see that these people are behaving like *enemies*. Love or hate Trump, we gotta address this problem. My preference would be to emulate the Skunkworks and be super militant about physical security and just crucify a few people for bringing in USB sticks and smart phones in to flaunt the rules. I'd also force people to stop using computers for things they didn't need them for and just put the data/research at greater risk. Computers don't solve all problems with equal effectiveness, despite some people wanting to use them everywhere. However, I'd also take action against China. I bet if you started de-coupling all their domains from DNS root servers you'd get their attention. If they broke off and formed "Chinanet" then that'd be just fine - fewer hacks on our servers from their dirtbag inhabitants and government. When I geoip block China on my firewalls hack attempts go down by about 90%. They are rarely smart enough to use on-shore machines to hack from (it happens, but rarely, I found some Chinese hosting asshole in LA that had a nest of them once).
    • by Anonymous Coward

      F-22 also. They managed to steal a treasure trove of data related to that.

      And sensitive data about submarine sensor performance a few years back.

      It's been happening for decades. Clearly, we do not give a shit, or we would be doing something effective about it, rather than hand-waving and cries of how we're "complying with best security blah blah".

      Which means it is really OK for China to do this. They can only do it if we allow them, and we have been allowing them. They win, we lose. If we don't want to

  • by Anonymous Coward

    The solution to internet insecurity is simple: stop prioritizing convenience over security. We don't leave the door to our house unlocked because remembering to take the key with you is too inconvenient.

  • Personnel... (Score:5, Interesting)

    by mi ( 197448 ) <slashdot-2017q4@virtual-estates.net> on Friday December 14, 2018 @01:00PM (#57804186) Homepage Journal

    It is a well-known fact [businessinsider.com], that ethnic Chinese [wired.com] abroad spy for China en-masse. Some willingly, some — under coercion [rfa.org].

    One immediate step a country could take is to treat them with increased suspicion, which in the US is both against the laws and the morals — targeting expats from a particular country is denounced (and even prosecuted) as "racial profiling" — a trait Chinese society itself does not poses [observer.com].

    Until we overcome this weakness against Chinese — the way we are overcoming it with the Russians, for example, our highest-tech research will remain at risk.

  • We don't need contractor names but It would be nice to learn from other people's mistakes.

  • by Anonymous Coward

    Seed networks with many bogus strategies, projects, blueprints. Many of these could even be AI-generated. Then see whether they can separate the wheat from the chaff. Sound like the basis for a DARPA proposal from some AI academics.

  • My opinion is this is worse than Snowden.
  • Comment removed based on user account deletion
  • Can u say something about a https://mrecorder.com/ [mrecorder.com] mobile recorder on Android? How does it work with other applications?

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...