andre.kesteloot at verizon.net
Wed Feb 24 19:37:47 CST 2010
*Dozens Of Defense Contractors, Agencies Hacked.*
As cyberspies multiply and evolve, the military says many defense firms
remain woefully insecure.
For anyone who has a security clearance and doesn't believe the U.S.
faces a cyber-espionage crisis, Colonel Steven Shirley has 102 stories
to share with you.
That's the number of cases in which Shirley's team of Pentagon
researchers discovered cyberspies breaching the networks of government
agencies, defense contractors and other organizations with ties to the
U.S. Department of Defense, gaining administrator-level access with the
aim of stealing military secrets.
The Pentagon's forensics-focused Cyber Crime Center, where Shirley is
executive director, found that between August 2007 and August 2009, 71
government agencies, contractors, universities and think tanks with
connections to the U.S. military had been penetrated by foreign hackers,
in some cases multiple times. In total, Shirley told Forbes, the center
performed 116 investigations following spying breaches and found that in
all but 14 of those cases the intruders had gained complete
administrator-level access to the victim's network.
"There are some significant defense contractors among that number,"
Shirley says. "We can say that any company that's involved in
high-technology research and development is a target for these adversaries."
Shirley wouldn't reveal what information was stolen in any of the
breaches, where the attackers seemed to be located or whether they
appeared to be state-sponsored, saying only that the attacks were based
He also declined to name any specific companies or organizations
penetrated in the defense industry's hacking epidemic. But military
contractors General Dynamics and Northrop Grumman have both been
successfully breached by cyberspies in the last two years, according to
sources familiar with the security situations of those companies. It's
also likely that many other major defense contractors have recently had
data stolen by hackers.
Northrop Grumman's chief information security officer Tim McKnight said
the company is "always in the trenches" defending its network from
cyberattacks but doesn't discuss internal security issues. "We don't
talk about successful or unsuccessful intrusions," he says. A General
Dynamics spokesperson declined to comment.
The defense-industrial complex's hemorrhaging of intellectual property
to cyberspies is hardly new - in fact, it dates back much farther than
the private sector hacking incidents revealed by Google's admission of a
breach by hackers last month.
As early as 2003 Sandia National Laboratories and its managing company,
Lockheed Martin, were penetrated by cyberspies, seemingly based in
China, who pilfered plans for the Mars Reconnaissance Orbiter, a class
of technology with potential military uses. In 2007 Forbes reported that
cyberspies, again seemingly based in China, had breached the largest 10
military contractors, including Lockheed Martin, Northrop Grumman,
Raytheon and Boeing.
But threats are increasing in both "sophistication and number," Shirley
says, and many defense firms haven't kept up. "In some cases, there was
a huge attack surface for an adversary," says Shirley. "The IT staffs in
some companies were simply overwhelmed or inexperienced in their ability
to contend with threats. "Almost every breach his agency investigated,
Shirley says, began when an employee was sent a highly targeted and
convincing phishing e-mail that spoofed a trusted sender. When the
recipient opened a file attached to that message, it used a flaw in the
target computer's software to invisibly plant malicious software on the
machine and give it access to the user's network. (Finnish cybersecurity
firm F-Secure recently found one such booby-trapped PDF intended to
infect an Air Force computer using a vulnerability in Adobe Reader.)
But the large majority of those attacks, Shirley says, didn't use new,
previously unknown software vulnerabilities. Instead, they exploited old
software bugs that IT administrators had failed to patch, configuration
errors and even poor password practices.
"We were surprised to see that even companies that we regarded as tech
savvy in a lot of cases had significant vulnerabilities correlated with
inattention to the basic blocking and tackling of information
assurance," says Shirley. "The most popular password in the world is
still 'password,' and we still see that from time to time even in these
As top-tier contractors respond to attacks by improving their security,
hackers are increasingly targeting a second tier of smaller defense
firms with innovative military technology but little experience in
protecting secrets. That's made defense contractors' acquisitions of
small, insecure companies a prime avenue for introducing new
vulnerabilities, says Shirley. "When you've just inherited a network,
you also inherit all the ensuing impact on protection of intellectual
property," he says.
But hacker exploits are also evolving to challenge the security of even
long-established defense firms, says Kevin Mandia, a former Pentagon
researcher whose firm, Mandiant, serves as a post-breach consultancy. In
some cases, he says, intruders hide multiple hidden backdoors or steal
documents from one computer that they later use to spoof an e-mail after
an initial breach is thought to be contained. "The techniques imply that
attackers have a great familiarity with the victim organizations, their
people, their roles and responsibilities," says Mandia.
The spying software that hackers hide on victims' networks is also
becoming harder to detect - particularly the code aimed at defense
firms, he says. In a test in December 2009 of 1,400 malicious software
or "malware" samples pulled from victims' machines, Mandia says only 24%
of the programs were found by antivirus programs. "We see malware
hitting the contractors that hits everyone else six to nine months
later," he says. Even as cyberspies expand their targets to other
sectors like law firms, oil companies and technology companies, that
evolution of tactics means the defense industry's cyberstruggles are far
from over. "As you do your judo to combat these guys, they escalate,"
says Mandia. "If you're Boeing, Lockheed or Raytheon, you simply have a
threat that wakes up every day and tries to compromise you."
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Tacos