http://online.wsj.com/article/SB124027491029837401.html

Computer Spies Breach Fighter-Jet Project

By SIOBHAN GORMAN, AUGUST COLE and YOCHI DREAZEN

WASHINGTON -- Computer spies have broken into the Pentagon's $300
billion Joint Strike Fighter project -- the Defense Department's
costliest weapons program ever -- according to current and former
government officials familiar with the attacks.

Similar incidents have also breached the Air Force's
air-traffic-control system in recent months, these people say. In the
case of the fighter-jet program, the intruders were able to copy and
siphon off several terabytes of data related to design and electronics
systems, officials say, potentially making it easier to defend against
the craft.

The latest intrusions provide new evidence that a battle is heating up
between the U.S. and potential adversaries over the data networks that
tie the world together. The revelations follow a recent Wall Street
Journal report that computers used to control the
U.S. electrical-distribution system, as well as other infrastructure,
have also been infiltrated by spies abroad.

Attacks like these -- or U.S. awareness of them -- appear to have
escalated in the past six months, said one former official briefed on
the matter. "There's never been anything like it," this person said,
adding that other military and civilian agencies as well as private
companies are affected. "It's everything that keeps this country
going."

Many details couldn't be learned, including the specific identity of
the attackers, and the scope of the damage to the U.S. defense
program, either in financial or security terms. In addition, while the
spies were able to download sizable amounts of data related to the
jet-fighter, they weren't able to access the most sensitive material,
which is stored on computers not connected to the Internet.

Former U.S. officials say the attacks appear to have originated in
China. However it can be extremely difficult to determine the true
origin because it is easy to mask identities online.

A Pentagon report issued last month said that the Chinese military has
made "steady progress" in developing online-warfare techniques. China
hopes its computer skills can help it compensate for an underdeveloped
military, the report said.

The Chinese Embassy said in a statement that China "opposes and
forbids all forms of cyber crimes." It called the Pentagon's report "a
product of the Cold War mentality" and said the allegations of cyber
espionage are "intentionally fabricated to fan up China threat
sensations."
Question of the Day

The U.S. has no single government or military office responsible for
cyber security. The Obama administration is likely to soon propose
creating a senior White House computer-security post to coordinate
policy and a new military command that would take the lead in
protecting key computer networks from intrusions, according to senior
officials.

The Bush administration planned to spend about $17 billion over
several years on a new online-security initiative and the Obama
administration has indicated it could expand on that. Spending on this
scale would represent a potential windfall for government agencies and
private contractors at a time of falling budgets. While specialists
broadly agree that the threat is growing, there is debate about how
much to spend in defending against attacks.

The Joint Strike Fighter, also known as the F-35 Lightning II, is the
costliest and most technically challenging weapons program the
Pentagon has ever attempted. The plane, led by Lockheed Martin Corp.,
relies on 7.5 million lines of computer code, which the Government
Accountability Office said is more than triple the amount used in the
current top Air Force fighter.

Six current and former officials familiar with the matter confirmed
that the fighter program had been repeatedly broken into. The Air
Force has launched an investigation.

Pentagon officials declined to comment directly on the Joint Strike
Fighter compromises. Pentagon systems "are probed daily," said Air
Force Lt. Col. Eric Butterbaugh, a Pentagon spokesman. "We
aggressively monitor our networks for intrusions and have appropriate
procedures to address these threats." U.S. counterintelligence chief
Joel Brenner, speaking earlier this month to a business audience in
Austin, Texas, warned that fighter-jet programs have been compromised.

Foreign allies are helping develop the aircraft, which opens up other
avenues of attack for spies online. At least one breach appears to
have occurred in Turkey and another country that is a U.S. ally,
according to people familiar with the matter.

Joint Strike Fighter test aircraft are already flying, and money to
build the jet is included in the Pentagon's budget for this year and
next.
[Means of Attack]

Computer systems involved with the program appear to have been
infiltrated at least as far back as 2007, according to people familiar
with the matter. Evidence of penetrations continued to be discovered
at least into 2008. The intruders appear to have been interested in
data about the design of the plane, its performance statistics and its
electronic systems, former officials said.

The intruders compromised the system responsible for diagnosing a
plane's maintenance problems during flight, according to officials
familiar with the matter. However, the plane's most vital systems --
such as flight controls and sensors -- are physically isolated from
the publicly accessible Internet, they said.

The intruders entered through vulnerabilities in the networks of two
or three contractors helping to build the high-tech fighter jet,
according to people who have been briefed on the matter. Lockheed
Martin is the lead contractor on the program, and Northrop Grumman
Corp. and BAE Systems PLC also play major roles in its development.

Lockheed Martin and BAE declined to comment. Northrop referred
questions to Lockheed.

The spies inserted technology that encrypts the data as it's being
stolen; as a result, investigators can't tell exactly what data has
been taken. A former Pentagon official said the military carried out a
thorough cleanup.

Fighting online attacks like these is particularly difficult because
defense contractors may have uneven network security, but the Pentagon
is reliant on them to perform sensitive work. In the past year, the
Pentagon has stepped up efforts to work with contractors to improve
computer security.

Investigators traced the penetrations back with a "high level of
certainty" to known Chinese Internet protocol, or IP, addresses and
digital fingerprints that had been used for attacks in the past, said
a person briefed on the matter.

As for the intrusion into the Air Force's air-traffic control systems,
three current and former officials familiar with the incident said it
occurred in recent months. It alarmed U.S. national security
officials, particularly at the National Security Agency, because the
access the spies gained could have allowed them to interfere with the
system, said one former official. The danger is that intruders might
find weaknesses that could be exploited to confuse or damage
U.S. military craft.

Military officials declined to comment on the incident.

In his speech in Austin, Mr. Brenner, the U.S. counterintelligence
chief, issued a veiled warning about threats to air traffic in the
context of Chinese infiltration of U.S. networks. He spoke of his
concerns about the vulnerability of U.S. air traffic control systems
to cyber infiltration, adding "our networks are being mapped." He went
on to warn of a potential situation where "a fighter pilot can't trust
his radar.

Who ever approved the systems that makes our data this easy to hack, needs
to be prosecuted for treason.

"Tim" #__#@__.- wrote:

Who ever approved the systems that makes our data this easy to hack, needs
to be prosecuted for treason.


We need to quit making routers, nics, switches, and pc's in china.

Wes
--
"Additionally as a security officer, I carry a gun to protect
government officials but my life isn't worth protecting at home
in their eyes." Dick Anthony Heller

"Wes" wrote in message
...
"Tim" #__#@__.- wrote:

Who ever approved the systems that makes our data this easy to hack, needs
to be prosecuted for treason.


We need to quit making routers, nics, switches, and pc's in china.


No, we need to stop making systems critical to national security available
over the internet, or at least the web shared with the rest of the world,
both public and private.

"Tim" #__#@__.- wrote:

No, we need to stop making systems critical to national security available
over the internet, or at least the web shared with the rest of the world,
both public and private.

Back when I handled automotive EDI, the big three had their own private internet based
network, I think it was called ANX. Not sure how private it was since they used the
internet but I assume vpn's did the connecting.

The current worm that goes around is smart enough to use public key, private key
cryptology to authenticate between controller and controlled.

Wes

Wes writes:

"Tim" #__#@__.- wrote:

No, we need to stop making systems critical to national security available
over the internet, or at least the web shared with the rest of the world,
both public and private.

Back when I handled automotive EDI, the big three had their own private internet based
network, I think it was called ANX. Not sure how private it was since they used the
internet but I assume vpn's did the connecting.

The current worm that goes around is smart enough to use public key, private key
cryptology to authenticate between controller and controlled.

And it checks 50,000 different domains each day for updates.

Wes writes:

"Tim" #__#@__.- wrote:

Who ever approved the systems that makes our data this easy to hack, needs
to be prosecuted for treason.


We need to quit making routers, nics, switches, and pc's in china.


I talked to someone from NIST, and someone bought a used router off
ebay "at a really good price." It had a backdoor in it.


This was reported about a year ago, when they discovered the problem.

I believe they are stricter rules for buying equipment now.

What the Chinese don't know is that the code has 3319 serious bugs,
which will cost them $510billion to fix.

After they fix it, we're gonna steal the fixed code back saving our
taxpayers all that money.

Tim.

On Tue, 21 Apr 2009 10:32:06 -0500, Ignoramus3201
wrote:

http://online.wsj.com/article/SB124027491029837401.html

Computer Spies Breach Fighter-Jet Project

By SIOBHAN GORMAN, AUGUST COLE and YOCHI DREAZEN

WASHINGTON -- Computer spies have broken into the Pentagon's $300
billion Joint Strike Fighter project -- the Defense Department's
costliest weapons program ever -- according to current and former
government officials familiar with the attacks.
snipped

The fact that outsiders are attempting to break into defense
contractors computers is hardly new "news". The book "The Cuckoo's
Egg", written by Clifford Stoll in 1990, describes just such kind of
acts, except that they were apparently sponsored by the Russians
rather then by the Chinese.

Apparently the saying "those who refuse to learn from history are
doomed to repeat it" is true.

Cheers,

Bruce
(bruceinbangkokatgmaildotcom)

On Wed, 22 Apr 2009 07:46:55 +0700, Bruce In Bangkok
wrote:
snip
Apparently the saying "those who refuse to learn from history are
doomed to repeat it" is true.
snip
Much of these problems appear to arise because of the continual
reorganization, down-sizing, right-sizing, re-engineering,
blah-blah-blah.

When the people are terminated and/or the groups dispersed, the
organizational memory is gone.

There is also the phenomena of what is called "transactive"
memory, where a particular "fact" requires the knowledge of two
or more people to make sense, so when even one person is
relocated or separated, the import and context of the information
is also lost.

This is becoming an increasingly serious problem with the many
"forced" early retirements now being imposed as an economy
measure at many organizations.

The effect of this is that many organizations are always in the
start-up mode and are always on the front [steep, i.e. expensive]
part of the learning curve.


Unka' George [George McDuffee]
-------------------------------------------
He that will not apply new remedies,
must expect new evils:
for Time is the greatest innovator: and
if Time, of course, alter things to the worse,
and wisdom and counsel shall not alter them to the better,
what shall be the end?

Francis Bacon (1561-1626), English philosopher, essayist, statesman.
Essays, "Of Innovations" (1597-1625).

I'm still waiting for hacking to become a capital offence.

"Rick Samuel" writes:

I'm still waiting for hacking to become a capital offence.

I'm sure those hackers in China are quivering at the thought.....

Bruce In Bangkok writes:

Apparently the saying "those who refuse to learn from history are
doomed to repeat it" is true.

It's not a matter of refusing to learn from history.
These systems were protected. However, they are complex, and all it takes is ONE hole.

The systems that were compromised had important, but non-classified
documents. Vendors have to exchange documents all the time, using
secure VPN's, encryption, etc. But it does no good.

For example, there was a zero day exploit on Microsoft
Excel. Microsoft did not have a patch for this flaw for weeks. Use
social engineering, and send someone a spreadsheet with budget
projections, and the victim opens it up and ZAP - they are
compromised.

VPN's and encryption does't help.

Security is always a budget problem. You can increase spending by ten
times. How much improvement in your security is that? Try to convince
someone that they need to spend 10 times what they spent last year,

There's a cartoon I saw.

A bunch of security experts are sitting around.

"Anything happen today?" "No?"

"Good job team!"

So when they do their job - nothing happens.


WOuld you give someone a raise for seemingly doing nothing?

On Apr 25, 10:17*am, Maxwell Lol wrote:

Security is always a budget problem. You can increase spending by ten
times. *How much improvement in your security is that? Try to convince
someone that they need to spend 10 times what they spent last year,

It's also an annoyance problem. How many passwords and combinations
can you remember at a time? I've held up to 12 lock combos and almost
as many passwords without writing them down but the risk of everyone
losing access to something critical becomes important at that level of
security.

Jim Wilkins writes:

On Apr 25, 10:17Â*am, Maxwell Lol wrote:

Security is always a budget problem. You can increase spending by ten
times. Â*How much improvement in your security is that? Try to convince
someone that they need to spend 10 times what they spent last year,

It's also an annoyance problem. How many passwords and combinations
can you remember at a time? I've held up to 12 lock combos and almost
as many passwords without writing them down but the risk of everyone
losing access to something critical becomes important at that level of
security.

Someone once said
Cheap.
Easy.
Secure.
Pick two.

On Apr 21, 8:46*pm, Bruce In Bangkok
wrote:

The fact that outsiders are attempting to break into defense
contractors computers is hardly new "news". The book "The Cuckoo's
Egg", written by Clifford Stoll in 1990, describes just such kind of
acts, except that they were apparently sponsored by the Russians
rather then by the Chinese.

Bruce

The public account doesn't necessarily match reality, there are
multiple levels of security and the inner ones are far more secure and
inconvenient. It's a lot easier to hack someone's list of recently
visited web sites than it is to find out details of what they are
working on.

My home system is one example, this PC is only used for the Internet,
the other ones are off line. I copy stuff onto them with virus-scanned
flash drives but don't bring it back out. I do all banking in person
and haven't ever visited their web site.

On Sat, 25 Apr 2009 07:19:45 -0700 (PDT), Jim Wilkins
wrote:

snip
My home system is one example, this PC is only used for the Internet,
the other ones are off line. I copy stuff onto them with virus-scanned
flash drives but don't bring it back out. I do all banking in person
and haven't ever visited their web site.

That doesn't really matter, if your bank provides (most do)
online access your info is vulnerable whether you choose to
participate or not (shrug).

I can't remember where I saw it, might have been here.
Someone dropped a few flash sticks/usb drives in the parking
lot of the place they wanted access to. Employees picked
them up and then inserted them into their work computer to
see what was on them. You can guess the rest...

The best security plan in the world can't stop dumb/curious
people from circumventing it.

--
Leon Fisk
Grand Rapids MI/Zone 5b
Remove no.spam for email

Leon Fisk wrote:

I can't remember where I saw it, might have been here.
Someone dropped a few flash sticks/usb drives in the parking
lot of the place they wanted access to. Employees picked
them up and then inserted them into their work computer to
see what was on them. You can guess the rest...

If the IT guys didn't turn off autoruns, something XP seems to have on by default, bad
things can happen. U3 devices pose another attack vector.

Wes

On Sat, 25 Apr 2009 16:05:29 -0400, Wes
wrote:

Leon Fisk wrote:

I can't remember where I saw it, might have been here.
Someone dropped a few flash sticks/usb drives in the parking
lot of the place they wanted access to. Employees picked
them up and then inserted them into their work computer to
see what was on them. You can guess the rest...

If the IT guys didn't turn off autoruns, something XP seems to have on by default, bad
things can happen. U3 devices pose another attack vector.

Wes

Turning off Autorun isn't as easy as it should be for XP,
Win2k... See:

http://windowssecrets.com/2009/03/05...g-for-XP-users

http://windowssecrets.com/2009/03/12...-AutoRun-in-XP

You may want to make sure you aren't still vulnerable too.

--
Leon Fisk
Grand Rapids MI/Zone 5b
Remove no.spam for email

Leon Fisk writes:

On Sat, 25 Apr 2009 07:19:45 -0700 (PDT), Jim Wilkins
wrote:

snip
My home system is one example, this PC is only used for the Internet,
the other ones are off line. I copy stuff onto them with virus-scanned
flash drives but don't bring it back out. I do all banking in person
and haven't ever visited their web site.

That doesn't really matter, if your bank provides (most do)
online access your info is vulnerable whether you choose to
participate or not (shrug).

I can't remember where I saw it, might have been here.
Someone dropped a few flash sticks/usb drives in the parking
lot of the place they wanted access to. Employees picked
them up and then inserted them into their work computer to
see what was on them. You can guess the rest...

I saw that report too.

You can create a custom U3 USB stick that executes exploits when
inserted. See the switchblade project.

Smart security experts disable autorun on ALL drives : CDROMS, DVDS
USB, and Net shares. That should help.

But in this case, the attack was even simpler. The USB drives had a
"install" icon, and the users installed the software to see what it does.

On Tue, 21 Apr 2009 10:32:06 -0500, Ignoramus3201
wrote:

http://online.wsj.com/article/SB124027491029837401.html

Computer Spies Breach Fighter-Jet Project

By SIOBHAN GORMAN, AUGUST COLE and YOCHI DREAZEN

WASHINGTON -- Computer spies have broken into the Pentagon's $300
billion Joint Strike Fighter project -- the Defense Department's
costliest weapons program ever -- according to current and former
government officials familiar with the attacks.
snip
-----
Not the first time.

see
http://tech.yahoo.com/news/pcworld/2...vernmentbreach


Unka' George [George McDuffee]
-------------------------------------------
He that will not apply new remedies,
must expect new evils:
for Time is the greatest innovator: and
if Time, of course, alter things to the worse,
and wisdom and counsel shall not alter them to the better,
what shall be the end?

Francis Bacon (1561-1626), English philosopher, essayist, statesman.
Essays, "Of Innovations" (1597-1625).

Ignoramus3201 writes:

Many details couldn't be learned, including the specific identity of
the attackers, and the scope of the damage to the U.S. defense
program, either in financial or security terms.

I'm trying to find a report I saw yesterday.

But the report says there are more than 100,000 amateur Chinese
hackers doing it for their country. Probably why the hacks on the
Tibet sites were so amateurish.

Maxwell Lol wrote:

Ignoramus3201 writes:

Many details couldn't be learned, including the specific identity of
the attackers, and the scope of the damage to the U.S. defense
program, either in financial or security terms.

I'm trying to find a report I saw yesterday.

But the report says there are more than 100,000 amateur Chinese
hackers doing it for their country. Probably why the hacks on the
Tibet sites were so amateurish.

http://www.grc.com/securitynow.htm

Go down to Episode 191 "Ghostnet"

Wes

On Apr 25, 4:08*pm, Wes wrote:
Maxwell Lol wrote:
Ignoramus3201 writes:

Many details couldn't be learned, including the specific identity of
the attackers, and the scope of the damage to the U.S. defense
program, either in financial or security terms.

I'm trying to find a report I saw yesterday.

But the report says there are more than 100,000 amateur Chinese
hackers doing it for their country. Probably why the hacks on the
Tibet sites were so amateurish.

http://www.grc.com/securitynow.htm

Go down to Episode 191 "Ghostnet"

Wes

Also 193. I've used sorting by date to help find malware for quite a
while. He mentions that CF will copy the timestamp from
\system32\kernel32.

jsw

Wes writes:

Maxwell Lol wrote:

Ignoramus3201 writes:

Many details couldn't be learned, including the specific identity of
the attackers, and the scope of the damage to the U.S. defense
program, either in financial or security terms.

I'm trying to find a report I saw yesterday.

But the report says there are more than 100,000 amateur Chinese
hackers doing it for their country. Probably why the hacks on the
Tibet sites were so amateurish.

http://www.grc.com/securitynow.htm

Go down to Episode 191 "Ghostnet"

Wes

I am familiar with that podcast. However, the suggestion is that the
Tibeten hacks were government sponsored. The report I am talking about
says there are 100,000 non-government Chinese hackers.