Sunday, May 5, 2013

Massive China hack of QinetiQ - hacked for three years ( 2007 - 2010 ) .... Failure to connect dots by QinetiQ ? Failure to take threat seriously and heed warnings - and just a cursory investigation when warned . Why such a flaccid response by QinetiQ ? And note the hacking by China was not limited to QintetiQ , but struck almost every major Defense Contractor ! And the extent of the damage - you know that is and will remain classified , but you know it must be catastrophic damage !

http://www.reuters.com/article/2013/05/07/us-usa-defense-china-idUSBRE94511720130507


(Reuters) - China is using espionage to acquire technology to fuel its military modernization, the Pentagon said on Monday, for the first time accusing the Chinese of trying to break into U.S. defense computer networks and prompting a firm denial from Beijing.
In its 83-page annual report to Congress on Chinese military developments, the Pentagon also cited progress in Beijing's effort to develop advanced-technology stealth aircraft and build an aircraft carrier fleet to project power further offshore.
The report said China's cyber snooping was a "serious concern" that pointed to an even greater threat because the "skills required for these intrusions are similar to those necessary to conduct computer network attacks."
"The U.S. government continued to be targeted for (cyber) intrusions, some of which appear to be attributable directly to the Chinese government and military," it said, adding the main purpose of the hacking was to gain information to benefit defense industries, military planners and government leaders.
A spokeswoman said it was the first time the annual Pentagon report had cited Beijing for targeting U.S. defense networks, but China dismissed the report as groundless.
The U.S. Defense Department had repeatedly "made irresponsible comments about China's normal and justified defense build-up and hyped up the so-called China military threat," Chinese Foreign Ministry spokeswoman Hua Chunying said.
"This is not beneficial to U.S.-China mutual trust and cooperation," Hua told reporters. "We are firmly opposed to this and have already made representations to the U.S. side."
China's defense build-up was geared towards protecting its "national independence and sovereignty," Hua said.
On the accusations of hacking, Hua said: "We firmly oppose any groundless criticism and hype, because groundless hype and criticism will only harm bilateral efforts at cooperation and dialogue."
Despite concerns over the intrusions, a senior U.S. defense official said his main worry was the lack of transparency.
"What concerns me is the extent to which China's military modernization occurs in the absence of the type of openness and transparency that others are certainly asking of China," David Helvey, deputy assistant secretary of defense for East Asia, told a Pentagon briefing on the report.
He warned of the "potential implications and consequences of that lack of transparency on the security calculations of others in the region."
The annual China report, which Congress began requesting in 2000, comes amid ongoing tensions in the region due to China's military assertiveness and expansive claims of sovereignty over disputed islands and shoals. Beijing has ongoing territorial disputes with the Philippines,Japan and other neighbors.
Beijing's publicly announced defense spending has grown at an inflation-adjusted pace of nearly 10 percent annually over the past decade, but Helvey said China's actual outlays were thought to be higher.
China announced a 10.7 percent increase in military spending to $114 billion in March, the Pentagon report said. Publicly announced defense spending for 2012 was $106 billion, but actual spending for 2012 could range between $135 billion and $215 billion, it said. U.S. defense spending is more than double that, at more than $500 billion.
The report highlighted China's continuing efforts to gain access to sophisticated military technology to fuel its modernization program. It cited a laundry list of methods, including "state-sponsored industrial and technical espionage to increase the level of technologies and expertise available to support military research, development and acquisition."
Dean Cheng, an analyst at the conservative Heritage Foundation think tank, said he was surprised by the number of cases of human espionage cited in the report.
"This is a PLA (People's Liberation Army) that is extensively, comprehensively modernizing," Cheng said. "...China is also comprehensively engaging in espionage."
China tested its second advanced stealth fighter in as many years in October 2012, highlighting its "continued ambition to produce advanced fifth-generation fighter aircraft," the report said. Neither aircraft of its stealth aircraft was expected to achieve effective operational capability before 2018, it said.
Last year also saw China commission its first domestically produced aircraft carrier. China currently has one aircraft carrier bought abroad and conducted its first takeoff and landing from the ship in November.




















http://rt.com/usa/us-military-chinese-hackers-792/


US military secrets leaked to Chinese hackers for three years

Published time: May 03, 2013 19:58
AFP Photo / Lui Jin
AFP Photo / Lui Jin
A US military contractor was allegedly hacked by those associated with the Chinese military. The company reportedly ignored signs of security breaches, allowing hackers to access military technology and classified documents for three years.
QinetiQ North America was attacked by a Shanghai-based hacker group from 2007 to 2010, Bloomberg reported on Thursday. The hacking collective has been coined the “Comment Crew” by security experts.

The company is known for its contributions to national security – including software used by US forces in Afghanistan and the Middle East.

Comment Crew’s continuous spying reportedly provided China with a wealth of secret information on QinetiQ’s drones, satellites, military robotics, and the US Army’s combat helicopter fleet. The spies also stole several terabytes – equivalent to hundreds of millions of pages – of documents and data on weapons programs.

China’s military may have also stolen programming code and design details that it could use to disable some of the most sophisticated US weaponry. The situation could have a crippling effect on America’s defense capabilities.

“God forbid we get into a conflict with China but if we did we could face a major embarrassment, where we try out all these sophisticated weapons systems and they don’t work,” said Richard Clarke, former special adviser to President George W. Bush on cyber security.

But the hacking could have been easily prevented, if QinetiQ would have picked up on one of the many warnings it received along the way.

Failing to connect the dots

QinetiQ ignored the first sign of spying in 2007, when an agent from the Naval Criminal Investigative Service notified the company that two people were apparently losing classified information on their laptops.

QinetiQ failed to act with caution, according to Brian Dykstra, a forensics expert hired to conduct the investigation into the lost data.

“They just felt like it was this limited little thing, like they’d picked up some virus,” he said.

Dykstra was given only four days to complete the investigation. He said the company didn’t give him the time or data necessary to determine whether more employees had been successfully targeted. In his report, Dykstra warned that QinetiQ is “likely not seeing the full extent” of the intrusion.

His assumptions were soon proved correct. In 2008, NASA alerted the company that hackers had tried to enter its system from one of QinetiQ’s computers.

But QinetiQ still failed to connect the dots, treating each series of attacks over the next several months as unrelated incidents. The company’s ignorance was welcomed by Comment Crew, who continued to raid servers and gather more than 13,000 internal passwords in the first 2 ½ years.

An easy hack?

In 2010, the hackers logged onto QinetiQ’s system with incredible ease – through the company’s remote access system, just like an ordinary employee.

The hack was made easy because of QinetiQ’s failure to use a two-factor authentication, allowing Comment Crew to use the stolen password of a network administrator. But it gets even worse – the company had discovered its own vulnerability months before, but failed to fix it the problem.

Over the course of four days, the hackers attacked at least 14 servers, eventually hitting the jackpot when they discovered an inventory of weapons-systems technology and source code throughout the company.

When QinetiQ finally caught on in 2010 and hired two outside firms to help combat the hackers. It was soon revealed that Comment Crew had established near permanent residence in the company’s computers.

The firms also discovered that the hackers had walked away with information on microchips that control the company’s robots.

The chip architecture could help China test ways to take over or defeat US robots or aerial drones, said Noel Sharkey, a drones and robotics expert at Britain’s Sheffield University.

The hackers also targeted at least 17 employees working on the Condition Based Maintenance program, which collects data on Apache and Blackhawk helicopters deployed around the world.

Thus far, there has been no word from the State Department regarding Comment Crew’s hacks into QinetiQ systems. Washington has the power to revoke the company’s charter to handle military technology if it finds negligence.

However, it appears the US government is doing just the opposite. In May 2012, QinetiQ received a $4.7 million cybersecurity contract from the US Transportation Department.

http://www.bendbulletin.com/article/20130505/NEWS0107/130509993/

China Cyberspies Outwit U.S. Stealing Vital Military Secrets

By Michael Riley and Ben Elgin / Bloomberg News
Published: May 05. 2013 4:00AM PST
WASHINGTON — Among defense contractors, QinetiQ North America is known for spy-world connections and an eye- popping product line. Its contributions to national security include secret satellites, drones, and software used by U.S. special forces in Afghanistan and the Middle East.
Former CIA Director George Tenet was a director of the company from 2006 to 2008 and former Pentagon spy chief Stephen Cambone headed a major division. Its British parent was created as a spinoff of a government weapons laboratory that inspired Q's lab in Ian Fleming's James Bond thrillers, a connection QinetiQ (pronounced kin-EH-tic) still touts.
But QinetiQ's espionage expertise didn't keep Chinese cyber- spies from outwitting the company. In a three-year operation, hackers linked to China's military infiltrated QinetiQ's computers and compromised most if not all of the company's research. At one point, they logged into the company's network by taking advantage of a security flaw identified months earlier and never fixed.
"We found traces of the intruders in many of their divisions and across most of their product lines," said Christopher Day, until February a senior vice president for Verizon Communications's Terremark security division, which was hired twice by QinetiQ to investigate the break-ins. "There was virtually no place we looked where we didn't find them."
QinetiQ was only one target in a broader cyberpillage. Beginning at least as early as 2007, Chinese computer spies raided the databanks of almost every major U.S. defense contractor and made off with some of the country's most closely guarded technological secrets, according to two former Pentagon officials who asked not to be named because damage assessments of the incidents remain classified.
As the White House moves to confront China over its theft of U.S. technology through hacking, policymakers are faced with the question of how much damage has already been done. During their multiyear assault on defense contractors, the spies stole several terabytes — equal to hundreds of millions of pages --of documents and data on weapons programs, dwarfing in sheer quantity any theft of Cold War secrets. The QinetiQ hack may have compromised information vital to national security, such as the deployment and capabilities of the combat helicopter fleet.
"The line forms to the left when it comes to defense contractors that have been hacked," said James Lewis, a senior fellow in cybersecurity at the Center for Strategic and International Studies in Washington. "The damage has been significant."
A few of the attacks have become public, including the 2007 theft from Lockheed Martin Corp. of technology related to the F- 35, the most advanced U.S. fighter jet. Intelligence officials say the damage is far more extensive than the limited public accounting suggests, and that China-based hackers have acquired data on a large number of major weapons systems and many minor ones. One former intelligence official described internal Pentagon discussions over whether another Lockheed Martin fighter jet, the F-22 Raptor, could safely be deployed in combat, because several subcontractors had been hacked.
In 2007-2008, the Pentagon gave secret briefings to about 30 defense companies alerting them to the aggressive spying effort and providing data to help defend against it, according to a person familiar with the process. The person did not know whether QinetiQ received the classified intelligence.
Investigators eventually identified the Shanghai-based hackers that broke into QinetiQ as a crack team, nicknamed the Comment Crew by security experts, which has also hit major corporations and political figures, including the 2008 presidential campaigns of Barack Obama and John McCain. At least one other Chinese hacking team also may have been involved, according to a person familiar with the investigation.
In a Feb. 18 report, Mandiant, an Alexandria, Va.- based security firm, attributed 141 major cyberattacks to the Comment Crew without naming the targets. Mandiant identified the Comment Crew as the People's Liberation Army Unit 61398, which is similar in some respects to the National Security Agency. Mandiant's report prompted Tom Donilon, President Obama's national security adviser, to call on China to stop the hacking of U.S. companies.
The spying on QinetiQ and other defense contractors appears aimed at helping China leapfrog the U.S.'s technologically- advanced military, foregoing years of research and development that would have cost billions of dollars, according to Michael Hayden, former director of the CIA.
China's military may also have stolen programming code and design details that it could use to disable some of the most sophisticated U.S. weaponry.
The lengthy spying operation on QinetiQ jeopardized the company's sensitive technology involving drones, satellites, the U.S. Army's combat helicopter fleet, and military robotics, both already-deployed systems and those still in development, according to internal investigations. Jennifer Pickett, a spokesman for QinetiQ, declined to comment as part of a general policy not to discuss security measures.
"God forbid we get into a conflict with China but if we did we could face a major embarrassment, where we try out all these sophisticated weapons systems and they don't work," said Richard Clarke, former special adviser to President George W. Bush on cybersecurity.
The spies' trail at QinetiQ begins in late 2007, and so do the company's mistakes. QinetiQ's travails are documented in hundreds of unvarnished emails and dozens of reports that were never meant to be public, part of a cache that was leaked in 2011 by the group Anonymous after it hacked HBGary Inc., a Sacramento-based computer security firm hired by QinetiQ the previous year.
The emails and reports are authentic, according to former HBGary executives and Day. Day agreed to an interview limited to the investigation's findings because the documents had already become public.
By reviewing the documents with security experts and interviewing more than a dozen people familiar with the QinetiQ breaches, Bloomberg News reconstructed how the hackers outmaneuvered QinetiQ's internal security team and at least five companies brought in to help salvage the situation.
Headquartered in a glass-and-steel office tower in McLean, Va., QinetiQ's U.S. subsidiary is a boutique arms maker, less than one-tenth the size of industry giants like Lockheed or Northrop Grumman Corp. It has specialized in fields expected to grow as the rest of the Pentagon budget shrinks, including drones, robotics, software and high-speed computing. A 2012 want ad for QinetiQ's Albuquerque facility solicited a programmer to work on a "satellite-based global monitoring system" and limited candidates to those with top secret clearances only.
In December 2007, an agent from the Naval Criminal Investigative Service contacted the company's small security team and notified them that two people working in McLean were losing confidential data from their laptop computers, according to an internal report. The agency had stumbled upon the stolen data as part of another investigation and the alert was a courtesy.
The San Diego-based agent didn't provide the identity of the hackers, who had been tracked by U.S. intelligence since at least 2002, or the crucial — but classified — fact that they were hitting other defense contractors. The company wouldn't find out who its attackers were for two more years.
QinetiQ put strict limits on the investigation.
"They just felt like it was this limited little thing, like they'd picked up some virus," said Brian Dykstra, a forensics expert based in Columbia, Md., which QinetiQ hired to conduct the investigation.
Dykstra was given only four days to complete his work. He said the company didn't give him the time or data necessary to determine whether more employees had been successfully targeted, a standard precaution. In his final report, Dykstra warned that QinetiQ "is likely not seeing the full extent" of the intrusion.
Evidence surfaced almost immediately that he was right, as the attacks continued. On Jan. 7, 2008, NASA alerted the company that hackers had tried to infiltrate the space agency from one of QinetiQ's computers.
QinetiQ treated a series of attacks over the next several months as isolated incidents. The hackers followed a more meticulous strategy: In the first 2 1/2 years, they gathered more than 13,000 internal passwords and raided servers that could give them detailed information about the company and how it was organized — data they would use to devastating effect.
More investigations uncovered more security holes. In 2008, a security team found that QinetiQ's internal corporate network could be accessed from a Waltham, Mass., parking lot using an unsecured Wi-Fi connection. The same investigation discovered that Russian hackers had been stealing secrets from QinetiQ for more than 2 1/2 years through a secretary's computer, which they had rigged to send the data directly to a server in the Russian Federation, according to an internal investigation.
QinetiQ's executives in the meantime fretted about rising costs.
"You could spend all your resources chasing such things as this," William Ribich, the former president of QinetiQ's Technology Solutions Group, said in an interview in January. Ribich, who retired in November 2009, shortly after the discovery of a major data theft, said he needed to balance the uncertain risk that the hackers could use what they stole against a growing shopping list of security products and consulting fees.
"You finally have to reach a point where you say 'let's move on,'" he said.
China's hackers in fact zeroed in first on Ribich's division, based in Waltham, and specifically on QinetiQ's drone and robotics technology. Internal reports leaked by Anonymous chronicle a breach at TSG in February 2008, followed by another attempt in March of that year. By 2009, the hackers had almost complete control over TSG's computers, the documents show.
Over one stretch in 2009, the spies spent 251 days raiding at least 151 machines, including laptops and servers, cataloging TSG's source code and engineering data. The hackers dribbled data out of the network in small packets to avoid detection, managing to get away with 20 gigabytes before they were finally stopped, according to an internal damage assessment.
The stolen cache included highly sensitive military technology and was equivalent in size to 1.3 million pages of documents or more than 3.3 million pages of Microsoft Excel spreadsheets.
"All their code and trade secrets are gone," Phil Wallisch, senior security engineer at HBGary, wrote in an email after being briefed on the loss by the company.
It was about to get much worse.
While QinetiQ's team tripped from crisis to crisis, the hackers honed their skills. They were next spotted in March 2010, after signing on with the stolen password of a network administrator based in Albuquerque, N.M., Darren Back.
The hackers logged on through the company's remote access system, just like any employee. It was a trick they were able to use only because QinetiQ didn't employ two-factor authentication, a simple device that generates a unique code employees enter, along with their usual password, anytime they work from home.
The problem had been spotted months earlier in a security review. Mandiant, which worked on several TSG breaches and performed the test, recommended a relatively inexpensive fix. The advice was ignored, according to a person familiar with the report.
In four days of furious activity, the hackers rifled at least 14 servers, taking particular interest in the company's Pittsburgh location, which specialized in advanced robotics design. The Comment Group also used Back's password to raid the computer of QinetiQ's Huntsville, Ala.-based technology control officer, which contained an inventory of highly sensitive weapons-systems technology and source code throughout the company. The spies had got their hands on a map to all of QinetiQ's digital secrets.
They also had begun to broaden their attack. As evidence mounted that the hackers had moved to divisions beyond TSG, QinetiQ hired two outside firms in April 2010 — Terremark and a relatively new start up called HBGary, headed by Greg Hoglund, a former hacker turned security expert.
HBGary installed specialized software on more than 1,900 computers, then scanned the machines for snippets of malicious code. Glitches surfaced almost immediately. The software wouldn't load on at least a third of the computers, and even where it did, it missed some that the hackers' spyware was known to have infected, according to internal HBGary e-mails.
Matthew Anglin, an information-security principal at QinetiQ, whose job was to coordinate the two investigations, fretted that he had no idea what was happening in his own network. He complained that the expensive outside experts didn't seem to have a handle on what was going on, and wasted time tracing innocuous if unauthorized software.
The consultants also squabbled. HBGary complained in one report that Terremark was withholding vital information. Terremark countered that it appeared the hackers knew HBGary was hunting them and were using its technology to delete evidence of their presence on machines.
"They think we tipped off the attackers," Wallisch, HBGary's principal investigator on the project, wrote in an e-mail.
The security teams found evidence that the hackers had burrowed into almost every corner of QinetiQ's U.S. operations, including production facilities and engineering labs in St. Louis, Pittsburgh, Long Beach, Miss., Huntsville, Ala., and Albuquerque, N.M., where QinetiQ engineers work on satellite-based espionage, among other projects.
By the middle of June 2010, after weeks of intense work, the investigators believed they had cleaned QinetiQ's networks and began wrapping up.
The calm lasted a little more than two months. In early September, the FBI called QinetiQ with evidence that the defense contractor was again losing data, according to emails and a person involved in the probe. Anglin messaged both HBGary and Terremark, asking how quickly their teams could return.
Within hours of their arrival, the investigators again began finding malicious software, or malware, in computers throughout the company's North American divisions. Some of it had been there since 2009.
It began to dawn on the security teams that the hackers had established a near permanent presence in the defense contractor's computers, mining new information almost as soon as it was written onto hard drives. "Oh yeah . . . they are f'd," Wallisch wrote to Hoglund in September.
Investigators also had to contend with frustrated QinetiQ employees. Upset about how much computer power the HBGary detection software was consuming, workers began deleting it from their computers with the approval of the company's information technology staff.
As the hunt continued, more clues surfaced about what secrets the spies were after. The hunters' digital footprints were found on the computers of QinetiQ's chief operating officer, a division vice president and dozens of engineers and software architects, including several with classified clearances.
Among the victims was a specialist in the embedded software on microchips that control the company's military robots, which would help in China's own robot-building program, said Noel Sharkey, a drones and robotics expert at Britain's Sheffield University. The PLA unveiled a bomb disposal robot in April 2012 similar to QinetiQ's Dragon Runner.
The chip architecture could also help China test ways to take over or defeat U.S. robots or aerial drones, Sharkey said.
"You could set them up in a simulation board and hack into them," he said. "That's standard stuff."
The spies also took an interest in engineers working on an innovative maintenance program for the Army's combat helicopter fleet. They targeted at least 17 people working on what's known as Condition Based Maintenance, which uses on-board sensors to collect data on Apache and Blackhawk helicopters deployed around the world, according to experts familiar with the program.
The CBM databases contain highly sensitive information including the aircrafts' individual PIN numbers, and could have provided the hackers with a view of the deployment, performance, flight hours, durability and other critical information of every U.S. combat helicopter from Alaska to Afghanistan, according to Abdel Bayoumi, who heads the Condition Based Maintenance Center at the University of South Carolina.
The hackers also may have used QinetiQ to break into the Army's Redstone Arsenal through a network shared with QinetiQ's engineers in nearby Huntsville. A breach of the base, home of the Army's Aviation and Missile Command, was linked by military investigators back to QinetiQ, according to a person familiar with the investigation.
It wasn't the only time the hackers used the same back-door approach to federal computers. The same person said that as recently as last year, federal agents were looking into a breach at a QinetiQ cybersecurity unit, which they suspected Chinese hackers were using in attacks against government targets.
The security lapses at QinetiQ led to investigations by several federal agencies, including the FBI, Pentagon, and Naval Criminal Investigative Service, according to two people involved, who didn't know the final outcome of the probes.
The State Department, which has the power to revoke QinetiQ's charter to handle restricted military technology if it finds negligence, has yet to take any action against the company. Two former federal law enforcement officials said that, despite its authority, the State Department lacks the computer forensics expertise to evaluate the losses and neither could recall department involvement in several major data theft investigations.
"In this case it looks like years go by without seeing any learning curve and that's what's scary," said Steven Aftergood, who directs the Project on Government Secrecy at the Federation of American Scientists. "The company is responsible for its own failures, but the government is responsible for the inadequacy of its response."
QinetiQ's U.S. operations are overseen by a proxy board that includes Riley Mixson, the Navy's former air-warfare chief. The board was briefed several times about the hacking and the investigations. In a brief telephone interview, Mixson said that "everything was duly reported" and then hung up the phone. Tenet declined to comment.
The investigations didn't affect the company's ability to win government contracts, even to provide cyber-security services to federal agencies.
In May 2012, QinetiQ received a $4.7 million cybersecurity contract from the U.S. Transportation Department, which includes protection of the country's critical transport infrastructure.
"When it comes to cyber security QinetiQ couldn't grab their ass with both hands, so it cracks me up that they won," Bob Slapnik, vice president at HBGary, wrote after QinetiQ received a grant from the Pentagon in 2010 to advise it on ways to counter cyberespionage.
In the fall of 2010, Terremark sent a report to Anglin concluding that QinetiQ had been targeted by the Comment Crew since 2007 and that the hackers had been operating continuously in their networks since at least 2009. The report was part of the trove of documents leaked by Anonymous.
In that time, the hackers had gained almost complete control over the company's network. They had operated unhindered for months-long stretches and they had implanted multiple, hidden communications channels to extract data. Privately, the investigators concluded that the spies had gotten everything they wanted from QinetiQ's computers.
"My feeling is that if an attacker has been in your environment for years, your data is gone," Wallisch wrote in an email to a colleague in December 2010, a few weeks before HBGary itself was hacked and the record stops.
"Everything about your business is known, cataloged, analyzed, by your enemy," Wallisch wrote. "I don't feel a sense of urgency anymore."



No comments:

Post a Comment