Network News

X My Profile
View More Activity

Cyber Spies Breach Pentagon's Fighter Jet Project

Cyber spies have broken into the Pentagon's $300 billion Joint Strike Fighter project - the defense department's costliest weapons program ever, according to the lead item in today's Wall Street Journal.

From the story:

Similar incidents have also breached the Air Force's air-traffic-control system in recent months, these people say. In the case of the fighter-jet program, the intruders were able to copy and siphon off several terabytes of data related to design and electronics systems, officials say, potentially making it easier to defend against the craft.

Attacks like these -- or U.S. awareness of them -- appear to have escalated in the past six months, said one former official briefed on the matter. "There's never been anything like it," this person said, adding that other military and civilian agencies as well as private companies are affected. "It's everything that keeps this country going.

The disclosure is the latest tale of cyber espionage told by unnamed current and former government officials. Last week, a Journal story quoting an anonymous official saying Chinese and Russian hackers had infiltrated the U.S. electrical grid electrified the news media and blogosphere, even though the piece was otherwise bereft of verifiable details.

In commenting on last week's revelations, blogger Kevin Poulsen suggests that the conclusion we are to reach from these events is obvious:

"Chinese Superhackers Are Our Superiors. No, wait. That's not it. I know ... Only the intelligence agencies are equipped to protect us from foreign cyber attacks."

Indeed, the timing of these stories is hard to ignore. The National Security Agency is engaged in a bid to assume control over government-wide cybersecurity efforts.

As it stands, no single entity is in charge of protecting the dot-mil space, and responsibility for the security of civilian government networks has been left to the Department of Homeland Security. Last month, a top cyber security official at DHS resigned his post, citing what he called the NSA's tightening grip on government cyber security matters.

A major DHS project to monitor federal networks for signs of cyber intrusions - dubbed "Einstein" - has by most accounts failed, despite many years and tens of millions of taxpayer dollars spent on the program. Critics of DHS said the department failed on Einstein because it lacks the supercomputing power that it takes to simultaneously hoover up huge amounts of Internet data flows and analyze them in real time. The only agency with the experience and ability to do this is the NSA, several current and former government officials told a Washington Post reporter recently.

"Last year, then-Director of National Intelligence Mike McConnell wrote Gates a letter recommending the establishment of a national cyber command, led by the NSA director," my colleague Ellen Nakashima wrote last week. "Among his missions would be that of supporting DHS in protecting the civilian networks through the cyber plan."

Meanwhile, lawmakers on Capitol Hill say they will continue investigating reports that the NSA had swept up the communications of Americans while targeting foreign groups and individuals, Nakashima writes.

Last Friday, the Obama administration wrapped up its 60-day review of the previous administration's Comprehensive National Cybersecurity Initiative. A White House spokesman said in a statement that the administration will begin discussing the results "after the president has had an opportunity to carefully review the group's effort." A hint of what's in store may come this week: Melissa Hathaway, the National Security Council official who has been leading that group, is expected to deliver the keynote address Wednesday at the RSA Security conference in San Francisco.

By Brian Krebs  |  April 21, 2009; 12:07 PM ET
Categories:  From the Bunker , U.S. Government  | Tags: cybr spies, dhs, joint strike fighter, nsa, wsj  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: World's First Mac Botnet? Not Quite.
Next: Time for an Internet A-Team?


This begs the question, after having seen stories like this over the years: just what system(s) are being hacked that the NSA, Pentagon, armed forces, etc. use (*nix, windows, other)? Or is this just too "un-PC" of a question (pun intended)? ;)

Posted by: bluebox | April 21, 2009 12:40 PM | Report abuse

So the NSA, a military agency, is making a bid for control of national cybersecurity, and it's evidence that it should have that control is the lax cybersecurity of the Air Force, whose security is the responsibility of the NSA.

"We can't do the job we've got now, so give us even more work!"

Have I got that right?

Posted by: wiredog | April 21, 2009 12:54 PM | Report abuse

$300B for yet another fighter ! WTF ?! We're trillions in debt due to the Depression of 2008. Cancelling this program would take a big dent out of that, and besides, there's no nation that competes with our LAST gen of fighters let alone a future gen!

Posted by: Eludium-Q36 | April 21, 2009 1:42 PM | Report abuse

I agree that the timing of the two articles, both at the WSJ, is suspicious. Your reading of the events is that they suggest only an intelligence agency could protect us. In the former case, information was withheld that might have enabled other organizations to better secure their infrastructure. In this case, it's been the DoD or the Intel community primarily responsible for the safety of the information. Those organizations clearly failed if sensitive military information was obtained by a foreign government. To me, this suggest that a different approach is necessary -- one that's more open and provides the national infrastructure with real security rather than obscurity.

Posted by: mwollenweber | April 21, 2009 2:10 PM | Report abuse

In the early 1960's, DoD and CIA told Congress that the Soviets had 100's of operational ICBMs when they (DoD and CIA) knew that the real number was closer to 25. Congress responded by appropriating funds to deploy 100's of Minuteman missiles. So, there's precedent.

But I would also ask, "Were the 'several terabytes' of data encrypted?" If not, let's get DHS, NSA, or whomever to do some basic security work. Otherwise, it's like monitoring your front walk with a camera but not locking the door.

Posted by: 51fordf2 | April 21, 2009 3:58 PM | Report abuse

Hey we might as well get use to this. Spies will have all kinds of rights - as terrorists do. Privacy, secrecy for Americans is now gone. Protection for the majority of Americans is out of line coz it may "offend" someone.

It will be nothing compared to Obama putting all of our medical records online when he gets his national healthcare plan.

Posted by: debmries | April 21, 2009 4:54 PM | Report abuse

Starting in 2003 we gave away our dominance in software technology to other nations. The policy of China was to subsidize tens of thousands of students studying in the computer sciences. In 2003 American companies subsidized this policy of China by shipping over American jobs so that Chinese students could gain the necessary and hard to obtain experience of working on real systems.

Now very few American students are enrolled in the computer sciences departments of America to provide the expertize necessary for threats to American computer systems, while the Chinese have tens of thousands that can obtain all of the benefits of software technology.

It should be no surprise that other nations are seeing an advantage in their ability to illegally access American computer systems.

Posted by: bsallamack | April 21, 2009 5:04 PM | Report abuse

This is not just another fighter; this is "THE" fighter with the very top-of-the-line, cutting edge, technology. It holds all of our technology secrets, and now, much is lost. Think of the value, to any very large, growing country, with an intense interest in military technology. A very top of the line, aircraft design, that can probably even be improved on.

Posted by: buzzm1 | April 21, 2009 5:24 PM | Report abuse

Working in cyber security, I have to ask the questions:

Why is such material on a system connected to the internet? Classisied information or "highly sensitive" information should not be on systems with internet access.

Why was the information not encrypted so it wouldn't be a problem even if one did get it?

Why are the computers in use not protected with available software to limit the amount of material downloaded?

This is just poor cyber security. But it does keep America scared and willing to invest more money in government protection schemes and willing to give up more of its freedoms and values in exchange for percieved security.

Posted by: TLN2 | April 22, 2009 10:24 AM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company