Security, what security?
So the Chinese gained access to secret information and then the Media gained access to a report about the Chinese gaining access.
FFS.
Chinese spies have allegedly hacked into the designs of many of the United States' advanced weapons systems and platforms, including those for F/A-18 Hornet fighter jets, the Patriot missile system and Black Hawk helicopters. According to the Washington Post, a "confidential section" of a report prepared for the Pentagon seen …
That's what it sounds like to me.
Just like the run up to anything else the USA do. This time the WMD's are digital.
Or maybe their security really _is_ that shit that the Chinese get a bunch of secret stuff then a newspaper gets the subsequent secret guff on it.
When someone tells you something a lot, always question how they stand to benefit from you believing them - we're hearing too much about China attacking the USA, then this charade
I do not understand what all the fuss is about. As one who personally witnessed all the Scud attacks on Riyadh in the first Gulf War I can confirm that they failed to destroy any Scuds. The US government reports about the Patriots intercepted most of the Scuds may have some semblance of truth but they failed to acknowledge that even though they managed to intercept some Scuds they certainly did not destroy them or stop them from causing damage or casualties. The legend that the Patriot Missiles were somehow a super weapon is a complete myth.
> Chinese spies have allegedly hacked into the designs of many of the United States' advanced weapons systems and platforms
Great! So we'll soon be able to buy these from the usual websites of chinese goods. Presumably at a tiny fraction of what the americans would charge and delivered in wrappers that say "Gift. Value $5" on the customs declaration.
I don't know why China bother to be honest, all they need do is put a camera or microphone in front of any top military and industry sources and they will give them all the details anyway. Far easier
Unless this is all a load of crap disinformation, one more "+1 to the total Chinese hacking Uncle Sam stories"
Seems bit convenient that a report is "leaked" about the current USA bug bear,
Admittedly I've been out of the defence business for 15 years, but back then we knew enough to have physically separate systems and networks for really sensitive stuff. Anything classified above Confidential certainly wouldn't have been on a machine connected to a public network. There are masses of design material and other stuff classified below which could be compromised, but wouldn't reveal much about the weapon system's capability. Without some detail to justify the claims this sounds like another US government Red Peril story.
"Admittedly I've been out of the defence business for 15 years, but back then we knew enough to have physically separate systems and networks for really sensitive stuff. "
This. I find it hard to believe that people are plugging this shit into the Web...
...Unless we're talking private contractors, in which case no piece of security stupidity is beyond belief.
I'm not in it, but my roomie is. From what I hear, if you're actually working for the government they are still physically separate, and a royal PITA to use. Vendor handling is a whole other issue. Might be the same, might not.
The roomie is not entirely sure exactly how effective the system is though. To save costs you try to send as much non-critical information through non-secure channels as possible. At one point someone was recommending a change in which bits got classified so that scientist types could better publish papers in their field and get some of the recognition they deserve (insert 'best mind on this topic in the world but can't tell world about it' story here). Problem was, if the system was implemented and you had the non-secure information from pre-change plus the non-secure information post-change you had all bits needed to make the supposedly secret thing from non-secure information. Not sure how that problem was resolved.
Also, they seem to still be classifying too much information. So bits of it are bound to leak and you hope the bits that do are only ones that if you were doing proper classification wouldn't have been classified (except for disinformation purposes) in the first place.
Overall the impression I get is the system is not unlike the "mind reading" devices from the sf story where all they really were was random explosion devices meant to keep the rubes afraid.
Don't disagree, except that much technical work nowadays is heavily dependent on Internet connectivity
Say your team is coding the F35's helmet's software (a significant bit of that kit and one that is currently a big issue).
Do you want your engineers NOT to be able to lookup C++ syntax references? What about Googling up "runtime error R6025"? If they have to do that on a separate workstation, what's that gonna do to productivity?
Not at all saying that you are wrong or that's it's not common sense. Just that, well, most of us rely on open connectivity and it's easy enough to point the finger.
Sounds like they need systems that can segment a workstation between normal and restricted access.
Maybe something like similar to the BlackBerry Balance gizmo, where the OS enforces separation between work/personal matters? Or a VM that allows internet access from an otherwise locked down workstation?
Maybe also a DoD edict for contractors that either forbids Windows on sensitive workstations or allows full DoD access to check that Windows is sufficiently hardened on them? And no Adobe software.
I suspect Windows will still be necessary due to CAD and other software availability.
"sensitive design information for aircraft and ships was also illicitly accessed, including: the V-22 Osprey tiltrotor transport aircraft; the US Navy's new Littoral Combat Ship, designed to patrol close to shore; and the F-35 Joint Strike Fighter"
And when the PLA Generals looked at the secret plans for those money-pits, they must have been ROFL like the robots in the Cadbury's Smash ads. "Look, the imperialists are sabotaging themselves more effectively than we ever could!"
"Leaking" (cough) such information seems to serve but one purpose these days. I can't see any other reason why this leaks, unless as evidence that the "Chinese" (or fill in your own enemy du jour) don't exactly have to work hard to obtain information that should be kept on an isolated network..
"Anything with confidential data on it, simply uplug the blooming NIC cable"
You're all so misguided. Everyone knows that the US military run Windows for Warships, Windows for Warmongerers and Windows for the Terminally Incompetent. Equally everyone knows that Micro$not needs to update at least once a month, virus checkers every two minutes and flash twice a week 'to stay secure' so you *must* necessarily be connected to the internet to mitigate security threats from ... errr ... the internet ... Then, if you were no longer secure when sending the plans for the F18 by email, who knows what might happen ...
"You're all so misguided. Everyone knows that the US military run Windows for Warships, Windows for Warmongerers and Windows for the Terminally Incompetent. Equally everyone knows that Micro$not needs to update at least once a month, virus checkers every two minutes and flash twice a week 'to stay secure' so you *must* necessarily be connected to the internet to mitigate security threats from ... errr ... the internet ... Then, if you were no longer secure when sending the plans for the F18 by email, who knows what might happen ..."
I had to glace to the side to see if Eadon wrote that.
"Actually most of it is likely to be spear phishing attacks, most likely on fuckwitted 'consultants' or 'contractors'. Not particularly complicated, but effective when you play the percentages. The big question is how some of these external companies get away with such slack security."
----
Having worked on both sides of that coin; the fuckwittery is by no means confined to contractors - in fact the consequences for a contractor doing something stupid (financial penalties on contract, getting fired, reputational damage etc) are worse than some idiot MOD graduate emailing himself restricted documents to his Hotmail account and getting a slap on the wrist.
At least in this case China had to do some hacking to get this information In the past, our enemy states know about western weaponry because we've sold it to them (best example I guess being the military hardware that was routed to the Afghans back when they were the good guys because they weren't commie Soviets).
I'm reminded of a line from Drop The Dead Donkey during the 1990/91 Gulf War - when an MoD official said that assessments of Iraqi military hardware didn't come from intelligence reports; "we just looked at copies of the invoices"
To be fair I think they stole that one from Bill Hicks: “You know we armed Iraq. I wondered about that too, you know during the Persian Gulf war those intelligence reports would come out: "Iraq: incredible weapons - incredible weapons." How do you know that? "Uh, well...we looked at the receipts."”
Generally speaking, export variants of Western weapon systems are downgraded, such as having less powerful engines, or not having the latest avionics and weapon system capabilities.
This has even affected the UK. I understand that some of the VTOL technology in the F35B is so secret that the design details cannot leave the US. Which is strange, as we gave most of it to the Yanks in the first place!
The list of technology designs being reported as stolen is a bit strange however, because F/A 18, Patriot and Blackhawk, must all be regarded as mature technologies now, and aren't particularly bleeding edge.
It's not like the Yanks have never fed bollocks designs/data to an enemy's intelligence network. Besides, everybody's spying on everybody else except the Faroese who are too busy shooing away a $1.5m Greenpeace boat that probably cost more than their entire fishing fleet.
Separated systems are of course still standard for classified documents - but that doesn't stop people doing something stupid.
I've seen 'Sales' presentations downloaded from the internet on current in-service weapon systems that talk about performance data with all the interesting bits redacted using little black boxes. All well and good, until you go into Powerpoint and move the box out the way revealing all the data... It's the thought that counts I suppose.
...the US Navy's new Littoral Combat Ship, designed to patrol close to shore...
Which? The Freedom class or the Independence class?
There is currently a political pissing contest here in the U.S. called sequester where across the board cuts were made to nearly every sector of government. If you want to claw back some of that money you have to prove the issue is of significant national concern. Seeing as how nobody is dropping bombs on us they've had to show a new bad guy. The Chinese have been spying on us for years and everyone had phasers set to apathy. Now we're winding down wars and the military wants to keep their funds flowing.
It's all shit really.
Probably true. It's so hard to know though - it could range from totally true to totally made up and we would never know.
I am a firm believer in most people being incompetent, especially the ones that get promoted, so it would not surprise me if the chinese had done the dirty deed and the network was wide open.
"Chinese spies have allegedly hacked into the designs of many of the United States' advanced weapons systems and platforms"
Who's idea was keeping all their secret designs and blueprints on the Internet? Besides which Patriot never actually worked as was demonstrated in Gulf War 11. It's just an excuse to extract even more revenue from central gov.
Yet another contribution towards the almost daily media narrative against the East, no doubt designed to garner public support for an increase in cyber-defence spending, together with 'essential' legislation to further limit our privacy and freedom.
Whether there is a factual underpinning to the whole East vs West cyber-saga, I have no idea, but at best these constant 'leaks' are gross political opportunism of the highest order.
I think its interesting that the US had these plans *stolen/leaked* by the *Evil Commies/Outsourcing department* and now we can wait to a load of *Copies/knockoffs* that the US Government can *buy back/purchase as part of a current pre-signed trade agreement*, this will also help to continue the UK’s *cost-saving/mindlessly gutting* of the defence budget.
My question is why does a computer containing sensitive information have any contract with the Internet, ether direct or indirect? Is is necessary for the people using these computers to have the ability to log on to Facebook? Computers containing top secret information should be totally isolated from the internet period. No sharing USB drives, no connecting to a network that has computers connected to the internet. If the Chinese can do this, so can millions of hackers world wide. Someone should be fired for this stupidity!
1. Nations spy upon one another. Less of the holier than thou please. Does the CIA not have assets doing the same in China? If not, that would be a truly epic fail.
2. Bigging up an adversary's skills is standard issue political fare. See [Gap, Missile]. So what.
3. Don't make this private-vs-public sector. Some contractors are great, some are terrible, and so are the agencies they work for. Remember that young Mr Manning was able to download oddles of classified info onto a USB stick. Despite (a) being a lowly private (b) under disciplinary procedures (c) the areas not being anything to do with his day job. That isn't a comment on the correctness of his actions, but I find the real scandal of that case the fact that the ideas of need-to-know and compartmentalized information have been so completely thrown in the trash.