Keep up with the news by installing RT’s extension for . Never miss a story with this clean and simple app that delivers the latest headlines to you.

 

US military secrets leaked to Chinese hackers for three years

Published time: May 03, 2013 19:58
AFP Photo / Lui Jin

AFP Photo / Lui Jin

A US military contractor was allegedly hacked by those associated with the Chinese military. The company reportedly ignored signs of security breaches, allowing hackers to access military technology and classified documents for three years.

QinetiQ North America was attacked by a Shanghai-based hacker group from 2007 to 2010, Bloomberg reported on Thursday. The hacking collective has been coined the “Comment Crew” by security experts.

The company is known for its contributions to national security – including software used by US forces in Afghanistan and the Middle East.

Comment Crew’s continuous spying reportedly provided China with a wealth of secret information on QinetiQ’s drones, satellites, military robotics, and the US Army’s combat helicopter fleet. The spies also stole several terabytes – equivalent to hundreds of millions of pages – of documents and data on weapons programs.

China’s military may have also stolen programming code and design details that it could use to disable some of the most sophisticated US weaponry. The situation could have a crippling effect on America’s defense capabilities.

“God forbid we get into a conflict with China but if we did we could face a major embarrassment, where we try out all these sophisticated weapons systems and they don’t work,” said Richard Clarke, former special adviser to President George W. Bush on cyber security.

But the hacking could have been easily prevented, if QinetiQ would have picked up on one of the many warnings it received along the way.

Failing to connect the dots

QinetiQ ignored the first sign of spying in 2007, when an agent from the Naval Criminal Investigative Service notified the company that two people were apparently losing classified information on their laptops.

QinetiQ failed to act with caution, according to Brian Dykstra, a forensics expert hired to conduct the investigation into the lost data.

“They just felt like it was this limited little thing, like they’d picked up some virus,” he said.

Dykstra was given only four days to complete the investigation. He said the company didn’t give him the time or data necessary to determine whether more employees had been successfully targeted. In his report, Dykstra warned that QinetiQ is “likely not seeing the full extent” of the intrusion.

His assumptions were soon proved correct. In 2008, NASA alerted the company that hackers had tried to enter its system from one of QinetiQ’s computers.

But QinetiQ still failed to connect the dots, treating each series of attacks over the next several months as unrelated incidents. The company’s ignorance was welcomed by Comment Crew, who continued to raid servers and gather more than 13,000 internal passwords in the first 2 ½ years.

An easy hack?

In 2010, the hackers logged onto QinetiQ’s system with incredible ease – through the company’s remote access system, just like an ordinary employee.

The hack was made easy because of QinetiQ’s failure to use a two-factor authentication, allowing Comment Crew to use the stolen password of a network administrator. But it gets even worse – the company had discovered its own vulnerability months before, but failed to fix it the problem.

Over the course of four days, the hackers attacked at least 14 servers, eventually hitting the jackpot when they discovered an inventory of weapons-systems technology and source code throughout the company.

When QinetiQ finally caught on in 2010 and hired two outside firms to help combat the hackers. It was soon revealed that Comment Crew had established near permanent residence in the company’s computers.

The firms also discovered that the hackers had walked away with information on microchips that control the company’s robots.

The chip architecture could help China test ways to take over or defeat US robots or aerial drones, said Noel Sharkey, a drones and robotics expert at Britain’s Sheffield University.

The hackers also targeted at least 17 employees working on the Condition Based Maintenance program, which collects data on Apache and Blackhawk helicopters deployed around the world.

Thus far, there has been no word from the State Department regarding Comment Crew’s hacks into QinetiQ systems. Washington has the power to revoke the company’s charter to handle military technology if it finds negligence.

However, it appears the US government is doing just the opposite. In May 2012, QinetiQ received a $4.7 million cybersecurity contract from the US Transportation Department.

Comments (43)

 

Josh Melo 21.08.2013 02:21

Its all a bunch of BS the US wouldn't let secret military weapons hacked. It was all given to China so when its time for WW3, Us and it western allies and China with its allies. WW1, WW2 were the first to trys to creating a one world government, Hitler got all of his money from Bush family and others including banks supplied him with money. So few can control the many, you are be controlled to believing whats is real. This is there game Illuminati card game came out in 1995, cards like the twin towers and pentagon are on it. Read between the lines. You are being lied to every single dead.

Anonymous user 10.07.2013 01:26

Now they try to hang Snowden for any leack of information to cover up their previous failures.

Anonymous user 26.06.2013 06:04

by re-locating so much industry to China, US has given to them most of its technology and know-how

View all comments (43)
Add comment

Authorization required for adding comments

Register or

Name

Password

Show password

Register

or Register

Request a new password

Send

or Register

To complete a registration check
your Email:

OK

or Register

A password has been sent to your email address

Edit profile

X

Name

New password

Retype new password

Current password

Save

Cancel

Follow us

Follow us