Chinese cyberspies stole a good majority of U.K.-based defense contractor QinetiQ‘s wealth of U.S. military research, according to Bloomberg. The theft happened over a three-year period in which QinetiQ seemed to make all the wrong moves.

We’re all aware cyberespionage is a growing threat in the United States, where military secrets are of high value. This group, known as the Comment Crew, hacked its way into QinetiQ’s North American division’s systems in 2007. The defense contractor was originally notified of the breach by a Naval Criminal Investigative Service employee who found two infected computers at QinetiQ’s McLean, Va., headquarters. The discovery was tangential to another Naval Criminal Investigative Service project that revealed a great many more compromised defense contractors. But this information was left out of the report to QinetiQ.

Bloomberg chronicles what happened from there. It looked at internal QinetiQ emails as revealed by Anonymous’ hack on HBGary, revealing a string of poor decisions. Security firms HBGary, as well as Terremark and Mandient, came in to deal with the intrusions. But HBGary’s monitoring software slowed employee computers down so much they actually removed it with permission from their IT departments.

Richard Clarke, the former special adviser to George W. Bush, explained to Bloomberg that this could wind up being a huge embarrassment if we ever get into a conflict with China. “We try out all these sophisticated weapons systems, and they don’t work,” he explained.

Mandient revealed the Comment Crew to the masses earlier this year as a specialized group of hackers working for the People’s Liberation Army. Comment Crew is otherwise known as PLA 61398.

One of the ways the Comment Crew got into further systems was by stealing passwords and simply logging in as if they were employees working remotely. Mandient had pointed out this to QinetiQ, suggesting a fix, which might have been two-factor authentication. QinetiQ did not act on the advice.

Furthermore, when future attacks were uncovered –such as one reported by NASA — the company continued to treat them as isolated events instead of as an organized attempt to steal what eventually would be secret military data on drones, robotics, and more. Bloomberg reports the amount as being close to 3.3 million Excel spreadsheets.

Terremark senior vice president Christopher Day spoke to Bloomberg, saying,”There was virtually no place we looked where we didn’t find them.”

Last May, QinetiQ was given a new contract from the U.S. Transportation Department for $4.7 million.

We have reached out to QinetiQ for comment on the report and will update this story upon hearing back.

QinetiQ robot image via QinetiQ

Rupert Murdoch, owner of the Wall Street Journal’s parent company Dow Jones, says Chinese hackers are still attacking the paper’s systems.

Last week a number of well-known newspapers reported hacks on their systems. This included both the New York Times and the Wall Street Journal. It was rumored that The Washington Post has been experiencing breaches as well. The New York Times reported that Chinese hackers had accessed its systems specifically breaking into the accounts of its Shanghai bureau chief and the South Asia bureau chief.

The Wall Street Journal soon followed up, saying Chinese hackers also broke into its systems “apparently to spy on reporters covering China.” This was on January 31. A week later, Murdoch says the paper is still being attacked by Chinese hackers.

He tweeted, “Chinese still hacking us, or were over the weekend.”

According to the New York Times the attacks began soon after the newspaper published a story about China’s Prime Minister and his family’s wealth. The Wall Street Journal is another obvious target given its coverage of the region and popularity. But why the newspapers? The information in those emails is important, especially if these were state sponsored attacks. An attacker may be able to see who the reporter’s source is, where they are at any given time, and gain more understanding of how that reporter gets her information.

You can’t write cyber espionage off as a thing of the future. While the New York Times says that the hackers didn’t actually steal any important information, the technology is there. Viruses like Flame and Gauss that can turn on your camera, record your audio, and take screenshots only when communications apps are open show just how strong spyware is today.

At the time a spokesperson for Dow Jones said that this is an “ongoing issue” and promised the publication is working with law enforcement and security professionals to protect its reporters.

hat tip Cnet; Rupert Murdoch image via World Economic Forum/Flickr