Chinese hackers expose US weapon designs: report

Chinese hackers expose US weapon designs: report

Summary: A confidential report states that hackers originating from China have been able to breach systems containing American weapon designs.

TOPICS: Security, China

Chinese hackers have managed to break into U.S. systems that contained sensitive documentation relating to the design of weaponry.


According to a confidential report prepared by the U.S. Defense Science Board for the Pentagon, Chinese infiltrators have managed to expose data relating to the United States' "most sensitive advanced weapons systems," reports The Washington Post.

Over two dozen weapon system designs were compromised, according to the report. These systems are "critical" to U.S. missile defenses, and also relate to military systems present on U.S. aircraft and ships. 

Read this

U.S. government becomes 'biggest buyer' of malware

U.S. government becomes 'biggest buyer' of malware

Amid a growing battle between federal government agencies and hackers, cyberwarriors, and cyber-enemy nation states, the U.S. is ramping up its malware stockpile to 'hack back' at those who attack it.

The confidential version contains a list of all the weapons compromised in the security breach. Designs include the Aegis ballistic-missile defense system, the Patriot missile system (PAC-3), and combat aircraft including the F/A-18 fighter jet, the V-22 Osprey, the Black Hawk helicopter and the Navy patroller called the Littoral Combat Ship.

Experts told the publication that exposure of this data could accelerate the development of Chinese weapon systems, and therefore weaken the U.S. in potential future disputes.

The Defense Science Board did not formally accuse China of involvement, but governmental sources with knowledge of the breach say that the vast majority of U.S. infrastructure cyberattacks originate from the country. However, the Post does not indicate whether the data breach took place on a governmental or third-party contractor network, nor does it indicate the timeframe in which cyberattacks took place.

The public version of the report, "Resilient Military Systems and the Advanced Cyber Threat" (.pdf), labels the problem of cyberattacks "serious" and "insidious," with consequences similar to "the nuclear threat of the Cold War." The task force also says that allowing data theft may have "severe consequences for U.S. forces engaged in combat."

In addition, the report says that the Department of Defense is not equipped to be able to cope with the rising problem, and downloadable hacking tools make it easy to breach governmental defenses, as "U.S. networks are built on inherently insecure architectures with increasing use of foreign-built components."

An anonymous senior military official told the publication:

"In many cases, they don't know they've been hacked until the FBI comes knocking on their door. This is billions of dollars of combat advantage for China. They've just saved themselves 25 years of research and development."

The Obama Administration recently released a report that suggested China has engaged in widespread cyber espionage campaigns against the United States. China allegedly has been stealing confidential information concerning "diplomatic, economic and defense industrial base sectors that support national defense programs."

China has also been linked to cyberspying campaigns by security firm Mandiant, which claims that the country is responsible for an "overwhelming number" of cyberattacks.

The Chinese government has blasted reports that the nation is responsible for cyberattacks, and has retaliated by claiming that the U.S. is often the instigator of cyberattacks against Beijing.

Cyberwarfare is expected to be a hot topic when President Obama meets Chinese President Xi Jinping next month.

Topics: Security, China

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Chinese hackers

    Why would you have this information on a computer connected to the internet knowing that china is working to hack this information. After all the times this has happened we must have the dumbest people in the world running this department or it is a setup for china to get bad information.
    • false information

      how do you know they were not being lured into getting false information?

      it's even said it in the Art of War too.
  • Chinese hackers

    Why would you have this information on a computer connected to the internet knowing that china is working to hack this information. After all the times this has happened we must have the dumbest people in the world running this department or it is a setup for china to get bad information.
    • Defense contractors don't bother to protect the data

      so any Chinese student in an internet cafe with a few hours to kill can download fighter jet blueprints. Even when there are fines for bad security, the contractors just sneak the charges back into another contract and some general will sign off on it. These generals "retire" and get cushy retainers or VP jobs at the defense companies. They get millions out of the deal, but they waste BILLIONS of taxpayer dollars in the process.
      terry flores
    • and the blame lies....

      So the fault lies entirely on the US side and I am firm in my opinion.
      If you left your car unlocked with the keys on the front seat and it was stolen...would insurance pay?
      Would you tell your friends and family what an idiot you were....?
      • No, it doesn't

        Sorry, but just because you don't have strong enough locks on your house does not mean the burglar gets a pass if he steals your things. None of this information is out in the open unprotected. If the burglar smashes a window or picks a lock he's still guilty of Burglary.

        Defense contractors that allow this to happen should have their contracts suspended...And I'm in favor of some NSA/CIA payback. We're not the only ones that can get hacked.
  • military networks

    When I was in the Air Force. I was under Air Force Space Command and our networks consisted of two computers. Both computers had bars on the top and bottom signifying whether it is classified or not. Non classified was a green bar that said non classified and classified was a red bar that said classified. Then there are RJ-45 ports also one red and one green. This shouldn't have happened.
    Brendon Jarrett
  • Inability to label data.

    And general insecurity of the hosts.

    Being able to label data would allow routers to block labeled connections that would be carrying sensitive information.

    No connection should ever be unlabeled, and labels must be mandatory.

    The host itself must be able to label data as it is generated.

    Of course it doesn't work when using an insecure system in the first place.
  • If the report was confidential....

    then the military official who leaked the information should be prosecuted and lose their security clearence for leaking classified information. I remember when I was in the Army and any security breaches like that would have you busted in a heartbeat. Confidential is an official clearance level. Even if you have that level, to access the information you would still have a need to know.
    Test Subject
  • Forgetting the Past

    Prior to the 90s, US classified systems were kept separate from the Internet--only on their own government intranet systems. They also used proprietary softward (a special version of UNIX with classified modification) and proprietary hardware.

    In the 90s, as part of the so-called "Peace Dividend" following the dissolution of the Soviet Union, the government began using off-the-shelf hardware, software, and Internet connectivity. I worried about that at the time--especially when we saw how sophisticated "easter eggs" could be hidden in the software--or in firmware disguised as resistors or capacitors.

    But it seems there is an inability to remember the lessons of the past--it's as though "Disconnect it from the Internet, stupid!" isn't even a conceivable option to today's system designers.
    • True

      Air-Gap systems were - and I would have thought continue to remain - a necessity when dealing with sensitive information. At least my experience (in a non-US mil set up) bears that out. But that being said, air-gapped systems themselves are (usually) on a private and secure network. It is this network that is often compromised - and that too most often in the so-called "first" and/ or "last" mile. Generally, these are instances of very detailed and carefully orchestrated espionage involving either an insider (or multiples thereof) or person or persons having access to such systems (and yes, the contractor is the weak link in this set up - again, usually). You can be sure counter-intel must be spending a lot of sleepless nights not only poring over access log details, but also revetting access credentials and records.
      • false!
        beau parisi
  • Nobody talking about the real problem

    Most of these so-called leaks come from defense contractors who routinely ignore ITAR and DOD restrictions and nobody ever does anything about it. The CEOs bribe the criminals in Congress to give them a free pass, it's cheaper than actually implementing any security. The new dodge is to have the TAXPAYERS pay for private company security now, in addition to the mega-billions that already get handed out to the corporations. The CEOs just keep punching the cash button and Congress keeps giving them all our tax money and extra besides. It makes me sick to think about it.
    terry flores
    • Time to Insource?

      Typical choice of convenience over security.

      No WiFi on my LAN...
  • Littoral Attack vessels

    WTF ? Who thought up this name?, were they perverts or on something? Bit like the Guy who thought Cunnilingus was an Irish Airline. Or like calling your Kid Mike Hunt.
    Desperate Dan
    • You, sir, are

      clearly desperate. Time for a trip to Vegas.
    • Littoral

      This is the geographer's and ecologist's term for fresh water river environments. We have had littoral weapons before. The best known is the Swift Boat used in Vietnam; you know, the one John Kerry was accused of NOT earning his medal on?
  • Retard US GOVT

    Why are systems containing this information connected to the internet? Why are they using regular operating systems? Why are they not using fully custom ports, protocols and networking layers.
    • jimster

      Jimster, the answer is in a post above where our gov't users only look for red bars, green bars, or the color coded ethernet ports. (Scary eh?)
      They are not supposed to think critically when using secure information, nor have the appropriate education to hold their respective positions. China knows more about our defense plans and spending than Congress. The sheep are ready.
    • Well...

      ... must not have been that nice of a boat.
      Barnyard Barnacle