back to article Revealed: The military radar system swiped from aerospace biz, leaked online by Clop ransomware gang

A CAD drawing of a radar antenna stolen and leaked online by criminals is of a military radar system produced by defense contractor Leonardo and fitted to a number of US and UAE aircraft, The Register has learned. The purloined blueprint was dumped on the dark web by the Clop ransomware'n'extortion gang as part of the …

  1. heyrick Silver badge

    and urged customers to migrate to a newer product "built on an entirely different code base."

    That doesn't mean it's safer, it means it has different bugs.

    1. Warm Braw

      The EoL announcement is rather odd.

      It explicitly states that the product remains supported, though licences cannot be renewed after April 30, 2021 and yet also says For the past three years, Accellion has been attempting to move its existing FTA customers over to our modern and more secure platform, kiteworks®.

      Which raises interesting questions about what "support" means if they're actively trying to move customers to something "more secure" - and indeed why their customer resisted their entreaties.

      The EoL is blamed on the end of support for Centos 6 on which the product is based rather than any specific problems with the FTA code.

      1. Roland6 Silver badge

        There is a surprising amount of information available on Accellions website - just search for "FTA"

        Interestingly, it seems fewer than 50 customers are running FTA.

        I like this observation, based on their recent experience:

        " In 2021, every software security provider must not only demonstrate secure software architecture but must also be proficient at cyberwarfare."

  2. NeilPost

    “Known vulnerability”, “20 year old legacy File Transfer app”.

    FFS.

    1. David Gosnell

      FFS or FTP?

    2. Roland6 Silver badge

      From the article it was a "Accellion file-transfer appliance" that was breeched. I suspect from the rest of the paragraph, Bombardier failed to maintain (apply security updates) or upgrade the appliance.

      This is a real problem, I suspect many people install appliances and simply run them until they fail. For example, when was the last time you checked for firmware updates to your home router? I also wonder how many ISP's actually maintain their routers ie. how many people are still running a 10 year old ISP supplied router which hasn't had any over-the-wire updates for some years...

      1. MrBanana

        "how many people are still running a 10 year old ISP supplied router which hasn't had any over-the-wire updates for some years."

        I would hazard a guess to all of them. My recent experience of EE, Virgin and Vodafone is that you can't apply firmware updates at all, ISP supplied or otherwise [*]. The exception being the updates that get forced on you without asking, and invariably have "solved" a problem by simply removing the function that they couldn't be bothered to fix or make secure.

        [* At least not without having to solder some header pins onto the board to get access to the serial port and cock about with telnet/ftp. ]

        1. Anonymous Coward
          Anonymous Coward

          Hah! Is that an oblique reference to the BT / PlusNet HomeHub 5 type A? Once unlocked and reflashed with a suitable Linux kernel (which does require some soldering annoyingly), that makes a phenomenally capable single board computer which costs peanuts. Dual core MIPS with plenty of ram and disk space (ample space and horsepower for a full Python 3 install), three 2.4GHz radios, two 5GHz radios and USB2.

          1. Roland6 Silver badge

            >Hah! Is that an oblique reference to the...

            Yes, it was also an oblique reference to all those who reflash their own kit; reflash and you take on the update responsibility.

      2. heyrick Silver badge

        "when was the last time you checked for firmware updates to your home router?"

        Never. It does it automatically itself.

        "I also wonder how many ISP's actually maintain their routers"

        Now that's an entirely different (and pertinent) question. Given my experience (Orange France), they seem to actively support the last two or three models, but the updates are not very frequent. They seem to like to roll out updates in early August. You can tell because stuff that used to work is suddenly broken until (a few weeks later) they push out an update that works. Must be the summer trainee doing the testing...

        1. Tom Chiverton 1 Silver badge

          See also Zen and their Fritzbox which is totally stock.

      3. NonSSL-Login

        Too often

        UK ISP's often send firmware updates to their routers. Sometimes a few times a week when they get it wrong the first times.

        Often around midnight to 2am they would update and reboot, causing a smart device in the bedroom to flash brightly to tell me it had no wifi access and causing some random wifi lights not to reconnect.

        Removing ISP's routers out the equation solves 99/100 problems

      4. mathew42
        Flame

        How many 2 year old consumer routers have had firmware updates?

  3. Doctor Syntax Silver badge

    At some point somebody is going to make a carefully worded offer for the "arrest" of one of these outfits which doesn't quite say "dead or alive" but which would be sufficiently carelessly worded to oblige them to pay up under the first alternative.

    1. Anonymous Coward
      Anonymous Coward

      When you turn from simple cyber crime to stealing and publishing military secrets you could well find yourself listed as an enemy combatant, so becoming a target for the CIA.

      Some lines it's intelligent you do not cross.

  4. LogicGate Silver badge

    Not impressed

    So far, it sounds to me like they got their hands on external CAD data, data which is sufficiently detailed (useful for fit check etc) that it can be requested only after signing a NDA , but not sufficiently detailed to enable reverse engineering. There may be more undisclosed data, but this may just as well be criminals tring their best to inflate the percieved value of what they stole.

    1. Anonymous Coward
      Anonymous Coward

      Re: Not impressed

      You would be surprised how much info can be gleaned from something as mundane as a chunk of asphalt, a spent casing, …or an engineering drawing.

      1. Anonymous Coward
        Anonymous Coward

        Re: Not impressed

        While true, given the data is from 2010 its likely any government or commercial entity that is interested in doing so has already seen these drawings and gleaned everything there is to glean.

        1. Roland6 Silver badge

          Re: Not impressed

          >given the data is from 2010

          The drawing was dated 2010, suspect the reason why it was in the FTA was because it is being used for a current project...

    2. Roland6 Silver badge

      Re: Not impressed

      Not that is all they have made public, what we don't know is how long they had access to the FTA. Given the reasons why you would deploy an FTA style solution, there will be plenty of 'interesting' information passing through the hub...

  5. Martin Summers

    There's really little point paying up for the promise of your data not being released. In these situations, you'd be very foolish to rely on the word of an 'honest' thief, and it's not likely you can sue them is it. Accept your data is now public, learn and move on. At least you will have the satisfaction that you didn't pay anything to fund them, and that they will be pissed off as a result.

  6. Pascal Monett Silver badge

    So, the thieves published designs of 10-year-old tech

    Okay, they might well have accessed more recent designs but, on the other hand, I doubt they have the technical ability to choose designs that are old before revealing more recent ones.

    Of course, the creation date of the files might render that argument moot.

    If they only got their hands on decade-old tech, maybe it doesn't matter so much ? It has surely been replaced by more recent tech. Sure, it's still a bad thing for the companies involved and their customers, but it might make it easier to decide not to pay them - which, ideally, should never happen.

    Obviously, even 10-year-old tech designs could be very interesting for some third parties, so yeah, it's still a bad thing. This is military hardware though, those thieves might want to start looking over their shoulders in the future. The CIA can reach pretty far when it wants to.

  7. Anonymous Coward
    Anonymous Coward

    It was going great until

    When they are found, they get to go for a 1970's Argentine government style flight to see the ocean.

    Messing with the big war boys has never ended well for anyone. Even common criminals should know better.

  8. MJB7

    Honest thief

    There are benefits to being an honest thief: your next victim is more likely to pay up. Or more precisely, there are disadvantages to being dishonest: your next victim is _less_ likely to pay up. As they now appear to have a brand, there is some value associated with that brand.

  9. William Higinbotham

    Sales Ad opportunity

    If I was in sales, I would ask the company to put up a honeypot copy of their website with what looks like sensitive information, but to actually be cleverly created advertisements to be uploaded to the dark web:-)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like