1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

US Navy contractors successfully hacked by China 'more than a handful of times'

By Cal Jeffrey · 14 replies
Dec 14, 2018
Post New Reply
  1. Earlier this week we brought you news that officials suspect China was behind the Marriott/Starwood hotel breech that exposed the records of 500 million guests. The hack raised concerns that the global adversary could be planning further attacks to the US energy, financial, transportation, and healthcare infrastructures. It seems the situation is even worse.

    On Friday, the Wall Street Journal reported that Chinese hackers have successfully carried out several attacks on US Navy contractors over the last 18 months. The bad actors have stolen data which included ship maintenance information. The attackers also exfiltrated weapon data pertaining to a “supersonic anti-ship missile.”

    The hackers seemed to have mainly focused on smaller contractors that had less secure networks. Some of the targets include military research labs at universities.

    According to National Security Agency officials, the hacks have clear identifying markers that indicate China was behind the attacks. Clues specifically point to Beijing and other territories. Among the evidence are traces of hacking tools that are commonly used by Chinese black hat groups and an accidentally uncovered IP address traced back to Hainan Island, a state province.

    Navy Secretary Richard Spencer has ordered a full investigation of the Navy’s cybersecurity weaknesses.

    “Attacks on our networks are not new, but attempts to steal critical information are increasing in both severity and sophistication,” read a memo penned by Spencer in October notes WSJ. “We must act decisively to fully understand both the nature of these attacks and how to prevent further loss of vital military information.”

    The Navy did not specify precisely how many attacks it has suffered over the last 18 months only saying that it was “more than a handful.”

    Chinese officials continually deny that they engage in cyber attacks, and they have not responded to requests for comment on these specific breaches.

    Permalink to story.

  2. Uncle Al

    Uncle Al TS Evangelist Posts: 5,400   +3,793

    I've been reading similar articles to this one for a long time. You would think that after Pearl Harbor and the number of similar incidents that our Navy would be a lot smarter about internal security. What this article points out is how critical the situation has become. I doubt we have seen China's best efforts, which might just be saved for a more direct and sinister application which we might not anticipate ahead of time. WAKE UP!!
    Reehahs likes this.
  3. petert

    petert TS Evangelist Posts: 359   +157

    Probably the only jobs Americans have not lost to Chinese industry yet - the armament industry and armed forces.

    At some point, the US government is going to realize that these too needs to be outsourced to China because the workforce there is cheaper, more qualified and the end result is overall better. Maybe Trump is gonna push this in his second term - try to compensate China for ZTE and Huawei losses. I can see in the future, the US armed forces composed of Chinese soldiers and Chinese equipment.

    When was last time you heard US hacking into Chinese army infrastructure? US government is too busy spying on its people, but this is a job which can be passed to Chinese as well ... they are a bit more motivated
    Last edited: Dec 14, 2018
    Carljames likes this.
  4. psycros

    psycros TS Evangelist Posts: 2,718   +2,517

    The US government has been buying tons of military parts, including ICs, from Chinese suppliers for years now. Only when some whistleblowers sounded the alarm did this practice start to be curtailed, buts its never really stopped.

    As for reciprocal espionage, the US *did* embed some spy chips into Cisco routers that were distributed in China. But thanks to the "great firewall" that's about the only way the western powers can strike back. For decades smart American patriots warned Wall Street and K Street that sending our prosperity to China would empower a communist dictatorship to expand its unscrupulous trade practices and far-reaching espionage campaigns. And of course that's exactly what happened. The only question now is how those soulless dirtbags will take advantage of the crisis they've created.
    Reehahs likes this.
  5. Evernessince

    Evernessince TS Evangelist Posts: 4,008   +3,503

    If the hacks were detected, they screwed up.

    Regardless, America pumps hundreds of billions into it's weapons. You'd think it would be wise to properly secure these systems and information pertaining to them to protect that investment.
  6. xxLCxx

    xxLCxx TS Addict Posts: 231   +153

    To the simple minded:
    You may be noticing “bad stories” about China coming in on a weekly basis. Please don’t be concerned about the fact, that these do all lack evidence. Be a patriot! Yes, we did lie to you in the past and in a very similar manner, too – but hey – you should’ve gotten used to that by now.
    Please hang on for more stories to come.
    J̶o̶s̶e̶p̶h̶ ̶G̶o̶e̶b̶b̶e̶l̶s̶ Your Deep state US propaganda ministry.
    Uncle Al likes this.
  7. Nobina

    Nobina TS Evangelist Posts: 1,947   +1,492

    Nothing interesting to write about? Don't worry you can always talk about Russia and China hacking everything without a single piece of real evidence.
    xxLCxx likes this.
  8. Reehahs

    Reehahs TS Guru Posts: 729   +472

    Were the contractors happen to be using the default passwords by any chance?
    Kibaruk likes this.
  9. Evernessince

    Evernessince TS Evangelist Posts: 4,008   +3,503

    It's not likely that they would mis-classify the origin of the attacks. When profiling cyber attacks the US looks at the digital fingerprints of the hack. This would include how the hack was conducted, what tools were used, the source of the hack, and any other points of data. For example, both the Russian and Chinese government have tools and techniques that only their state sponsored hackers would have access to. A VPN means squat if they figure out you are using top-secret hacking tools only available to state sponsored hackers.

    When the NSA issues a statement like this, you can rest assure that they have verified the information. If they weren't sure they would not be making any of this public.
  10. GeforcerFX

    GeforcerFX TS Evangelist Posts: 876   +372

    Most of these attacks are purposely allowed, it's how we keep up to date on there tools, and feed them all sorts of fun stuff (gotta love counter espionage). The reason for reporting publicly is funding more than anything else, paying for upgrades and maintaining security is expensive. Unfortunately lot of smaller contractors have a hard time meeting those goals, luckily they are given limited info and can be used as bait. The US counter spys all the time, almost all of it is monitoring and any debilitating attack is outside the private sector and rare. The digital fight is shaping up to be interesting over the next 5 years.
  11. Bubbajim

    Bubbajim TechSpot Staff Posts: 681   +660

    "World War 3 has broken out this afternoon after it was discovered by the Chinese that America's nuclear launch code was 'Admin'"
  12. xxLCxx

    xxLCxx TS Addict Posts: 231   +153

    This explains why we are being fed lies on a weekly basis:
    [At Gathering of Spy Chiefs, U.S., Allies Agreed to Contain Huawei]

    This extortion (Mafia style) adds to it:
    [Report: T-Mobile and Sprint parent companies may drop Huawei to get merger approval]

    Wasn't there something about 'free markets and competition'? I can still hear the US whining, whenever they claimed themselves victimized. Truth is, they are the last ones to obey their propagated credo. ;-)
  13. Athlonite

    Athlonite TS Booster Posts: 135   +33

    Hey U.S Military please stop using publicly accessible networks and don't allow sailors to bring their own devices onboard ship no cell phones, laptops or tablets and especially no USB sticks found in the car park the night before and stop storing the good stuff on network attached computers and build all your sensitive buildings inside a Faraday cage so no wireless leaks and have no outward facing windows and only use the highest grade of encryption when storing sensitive data
    xxLCxx likes this.
  14. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 11,403   +5,022

    Just as soon as you volunteer for the position.
  15. Athlonite

    Athlonite TS Booster Posts: 135   +33

    Seeing as I'm not a U.S citizen that would be highly unlikely and I've already done my bit in the armed forces by joining the army where I live when I was 17 I'm now 49. But hey if they wish to hire me as a security consultant then I'd be more than happy to accept, my fee wouldn't be that extensive

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...