Security

Chinese hackers drain U.S. military secrets from defense contractor

QinetiQ

Chinese cyberspies stole a good majority of U.K.-based defense contractor QinetiQ‘s wealth of U.S. military research, according to Bloomberg. The theft happened over a three-year period in which QinetiQ seemed to make all the wrong moves.

We’re all aware cyberespionage is a growing threat in the United States, where military secrets are of high value. This group, known as the Comment Crew, hacked its way into QinetiQ’s North American division’s systems in 2007. The defense contractor was originally notified of the breach by a Naval Criminal Investigative Service employee who found two infected computers at QinetiQ’s McLean, Va., headquarters. The discovery was tangential to another Naval Criminal Investigative Service project that revealed a great many more compromised defense contractors. But this information was left out of the report to QinetiQ.

Bloomberg chronicles what happened from there. It looked at internal QinetiQ emails as revealed by Anonymous’ hack on HBGary, revealing a string of poor decisions. Security firms HBGary, as well as Terremark and Mandient, came in to deal with the intrusions. But HBGary’s monitoring software slowed employee computers down so much they actually removed it with permission from their IT departments.

Richard Clarke, the former special adviser to George W. Bush, explained to Bloomberg that this could wind up being a huge embarrassment if we ever get into a conflict with China. “We try out all these sophisticated weapons systems, and they don’t work,” he explained.

Mandient revealed the Comment Crew to the masses earlier this year as a specialized group of hackers working for the People’s Liberation Army. Comment Crew is otherwise known as PLA 61398.

One of the ways the Comment Crew got into further systems was by stealing passwords and simply logging in as if they were employees working remotely. Mandient had pointed out this to QinetiQ, suggesting a fix, which might have been two-factor authentication. QinetiQ did not act on the advice.

Furthermore, when future attacks were uncovered –such as one reported by NASA — the company continued to treat them as isolated events instead of as an organized attempt to steal what eventually would be secret military data on drones, robotics, and more. Bloomberg reports the amount as being close to 3.3 million Excel spreadsheets.

Terremark senior vice president Christopher Day spoke to Bloomberg, saying,”There was virtually no place we looked where we didn’t find them.”

Last May, QinetiQ was given a new contract from the U.S. Transportation Department for $4.7 million.

We have reached out to QinetiQ for comment on the report and will update this story upon hearing back.

QinetiQ robot image via QinetiQ