Tuesday, August 30, 2011

APT: Breaching Defense Contractor Data

Via AviationWeek (August 30, 2011) -

A couple of years back, it was reported that hackers had compromised the Joint Strike Fighter program’s internal information system. The reports were partially correct, but were not denied by the Pentagon because official sources could then state that the JSF program had not suffered extensive data loss. That was because JSF was not the target.

The hack had been aimed at a classified program. Not only could intruders extract data—they could become invisible witnesses to online meetings and technical discussions. After the break was discovered, the program had to be halted and was not restarted until a new—and costly—security system was in place.

Announcing the Defense Department’s new cyberwarfare strategy in July, Deputy Defense Secretary William Lynn noted that “a foreign intelligence agency” had hit a major defense contractor in an exploit discovered in March, and exfiltrated 24,000 files concerning a developmental system. The Pentagon was still reviewing whether the system (which Lynn did not identify) will need to be redesigned. That could be necessary if the compromised information will not only help the intruder develop similar systems, but also methods of attack and defense.

Meanwhile, China’s unveiling of the Chengdu J-20 stealth fighter prototype at the end of 2010 took Western observers by surprise (DTI February, p. 32). Then-Defense Secretary Robert Gates’s prediction in 2009 that China would have no stealth aircraft in 2020 and only a handful in 2025 had started to look optimistic—but was contradicted by U.S. Air Force Vice Chief of Staff Gen. Phillip Breedlove’s Senate testimony in July. China, he said, can close the technology gap faster than expected because of “the way they’re intruding into the nets of our manufacturers and our government.” Breedlove added: “When they say they’re going to build 300 [J-20s] in the next five years, they will build 300 in the next five years.”

China has made rapid progress in other areas. Images appearing on the Internet show that the updated J-10B single-engine fighter probably has an active, electronically scanned array (AESA), in addition to an infrared search-and-track system and updated defensive avionics.

Other pictures show J-11B fighters (bootlegged versions of the Sukhoi family) with Chinese engines, indicating that China is making progress toward overcoming a critical limitation on its fighter industry—dependence on Russian propulsion. And as a J-10B with a domestically developed engine appeared, China announced its intention to supply Pakistan with such aircraft (DTI July/August, p. 8).

These advances are emerging 5-6 years after cybersecurity professionals detected what came to be dubbed the advanced persistent threat, or APT—in other words, reducing the time taken from conceptual design of a military system to prototyping.

The APT was barely mentioned in public until last year (DTI May 2010, p. 16). Even now, few people in industry or government call it what it is—a massive campaign of cybernetwork exploitation (CNE) originating in China.


The direct damage caused to the target is hard to assess. Was a contract lost due to a rival’s inside knowledge, or other factors? In the case of technical data, [Dmitri] Alperovitch [of McAfee] notes, “it may be several years before stolen schematics turn up in a product, but by then it might be too late.” Compromised information could also help a development in ways that are invisible—for example, the ability to pick one of several technical approaches without testing all of them, or avoiding blind-alley concepts.

Cyberespionage, experts note, is different from classic spycraft. Software agents are expendable. The result is that a classic dilemma of intelligence—the risk that acting on it or disseminating it widely will compromise sources and methods—is absent, as are barriers between intelligence operatives and end users. It’s entirely possible to conceive of a defense manufacturer having its own intelligence operation, combining open-source and CNE methods, accepting direct tasking from program leaders.


There are two big issues, Alperovitch says. One is the “sheer scale and magnitude” of the operation, “a wholesale transfer of intellectual property . . . They are using our resources for their R&D.” That, and the ability to compromise bid data, can cause “a direct loss of jobs.” The other is the potential for “escalation from espionage to cybernetwork warfare. The difference between escalation and attack may be a click of a button.”

No comments:

Post a Comment