More Hacking

andre kesteloot andre.kesteloot at
Wed Feb 24 19:37:47 CST 2010

*Dozens Of Defense Contractors, Agencies Hacked.* 
As cyberspies multiply and evolve, the military says many defense firms 
remain woefully insecure.

For anyone who has a security clearance and doesn't believe the U.S. 
faces a cyber-espionage crisis, Colonel Steven Shirley has 102 stories 
to share with you.

That's the number of cases in which Shirley's team of Pentagon 
researchers discovered cyberspies breaching the networks of government 
agencies, defense contractors and other organizations with ties to the 
U.S. Department of Defense, gaining administrator-level access with the 
aim of stealing military secrets.

The Pentagon's forensics-focused Cyber Crime Center, where Shirley is 
executive director, found that between August 2007 and August 2009, 71 
government agencies, contractors, universities and think tanks with 
connections to the U.S. military had been penetrated by foreign hackers, 
in some cases multiple times. In total, Shirley told Forbes, the center 
performed 116 investigations following spying breaches and found that in 
all but 14 of those cases the intruders had gained complete 
administrator-level access to the victim's network.

"There are some significant defense contractors among that number," 
Shirley says. "We can say that any company that's involved in 
high-technology research and development is a target for these adversaries."

Shirley wouldn't reveal what information was stolen in any of the 
breaches, where the attackers seemed to be located or whether they 
appeared to be state-sponsored, saying only that the attacks were based 

He also declined to name any specific companies or organizations 
penetrated in the defense industry's hacking epidemic. But military 
contractors General Dynamics and Northrop Grumman have both been 
successfully breached by cyberspies in the last two years, according to 
sources familiar with the security situations of those companies. It's 
also likely that many other major defense contractors have recently had 
data stolen by hackers.

Northrop Grumman's chief information security officer Tim McKnight said 
the company is "always in the trenches" defending its network from 
cyberattacks but doesn't discuss internal security issues. "We don't 
talk about successful or unsuccessful intrusions," he says. A General 
Dynamics spokesperson declined to comment.

The defense-industrial complex's hemorrhaging of intellectual property 
to cyberspies is hardly new - in fact, it dates back much farther than 
the private sector hacking incidents revealed by Google's admission of a 
breach by hackers last month.

As early as 2003 Sandia National Laboratories and its managing company, 
Lockheed Martin, were penetrated by cyberspies, seemingly based in 
China, who pilfered plans for the Mars Reconnaissance Orbiter, a class 
of technology with potential military uses. In 2007 Forbes reported that 
cyberspies, again seemingly based in China, had breached the largest 10 
military contractors, including Lockheed Martin, Northrop Grumman, 
Raytheon and Boeing. 

But threats are increasing in both "sophistication and number," Shirley 
says, and many defense firms haven't kept up. "In some cases, there was 
a huge attack surface for an adversary," says Shirley. "The IT staffs in 
some companies were simply overwhelmed or inexperienced in their ability 
to contend with threats. "Almost every breach his agency investigated, 
Shirley says, began when an employee was sent a highly targeted and 
convincing phishing e-mail that spoofed a trusted sender. When the 
recipient opened a file attached to that message, it used a flaw in the 
target computer's software to invisibly plant malicious software on the 
machine and give it access to the user's network. (Finnish cybersecurity 
firm F-Secure recently found one such booby-trapped PDF intended to 
infect an Air Force computer using a vulnerability in Adobe Reader.)

But the large majority of those attacks, Shirley says, didn't use new, 
previously unknown software vulnerabilities. Instead, they exploited old 
software bugs that IT administrators had failed to patch, configuration 
errors and even poor password practices.

"We were surprised to see that even companies that we regarded as tech 
savvy in a lot of cases had significant vulnerabilities correlated with 
inattention to the basic blocking and tackling of information 
assurance," says Shirley. "The most popular password in the world is 
still 'password,' and we still see that from time to time even in these 

As top-tier contractors respond to attacks by improving their security, 
hackers are increasingly targeting a second tier of smaller defense 
firms with innovative military technology but little experience in 
protecting secrets. That's made defense contractors' acquisitions of 
small, insecure companies a prime avenue for introducing new 
vulnerabilities, says Shirley. "When you've just inherited a network, 
you also inherit all the ensuing impact on protection of intellectual 
property," he says.

But hacker exploits are also evolving to challenge the security of even 
long-established defense firms, says Kevin Mandia, a former Pentagon 
researcher whose firm, Mandiant, serves as a post-breach consultancy. In 
some cases, he says, intruders hide multiple hidden backdoors or steal 
documents from one computer that they later use to spoof an e-mail after 
an initial breach is thought to be contained. "The techniques imply that 
attackers have a great familiarity with the victim organizations, their 
people, their roles and responsibilities," says Mandia.

The spying software that hackers hide on victims' networks is also 
becoming harder to detect - particularly the code aimed at defense 
firms, he says. In a test in December 2009 of 1,400 malicious software 
or "malware" samples pulled from victims' machines, Mandia says only 24% 
of the programs were found by antivirus programs. "We see malware 
hitting the contractors that hits everyone else six to nine months 
later," he says. Even as cyberspies expand their targets to other 
sectors like law firms, oil companies and technology companies, that 
evolution of tactics means the defense industry's cyberstruggles are far 
from over. "As you do your judo to combat these guys, they escalate," 
says Mandia. "If you're Boeing, Lockheed or Raytheon, you simply have a 
threat that wakes up every day and tries to compromise you." 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Tacos mailing list