中国の電脳間諜は、アメリカ合衆国軍隊の重要軍事秘密を窃盗。
Ciberespías chinos logran sortear a EE UU y robar secretos militares vitales
La Casa Blanca se dispone a pedir cuentas al país asiático por la tecnología robada gracias a la piratería informática
MICHAEL RILEY / BEN ELGIN Washington 4 MAY 2013 - 22:47 CET
Chinese cyberspies manage to overcome to steal U.S. military secrets and vital
The White House is preparing to ask the Asian country accounts for technology stolen by hacking
MICHAEL RILEY / BEN ELGIN Washington 4 MAY 2013 - 22:47 CET
Among defense contractors, the company QinetiQ North America is known for its connections in the world of espionage and its amazing product line. His contributions to national security secrets include satellites, drones and software that employ U.S. special forces in Afghanistan and the Middle East.
The former CIA director George Tenet was an executive of the company between 2006 and 2008 and the former head of Pentagon spy Stephen Cambone headed one of the main divisions. The parent company, British, was created as a branch of a government weapons lab who was the inspiration for the laboratory of Q in James Bond novels by Ian Fleming, the connection that QinetiQ still likes to show off.
However, the experience of this veteran spy company could not prevent the cheat Chinese cyberspies. For three years, some hackers linked to the Chinese military infiltrated computers and endangered QinetiQ most of his research, if not all. At one point, were introduced into the internal network of the company taking advantage of a security flaw that was discovered months before and never been repaired.
"We found traces of intruders in many of its divisions and in most of its product lines," said Christopher Day, who until February was vice president of Terremark, the security division of Verizon Communications, hired twice by QinetiQ to investigate illegal entries. "There was virtually no place where we looked at encontráramos they do not."
QinetiQ was only one of the objectives of a wide hacking operation. Since at least 2007, Chinese hackers were entered into the databases of most major defense contractors in the U.S. and were able to have several technological secrets protected the country, according to two Pentagon officials who prefer to remain anonymous because the harm of the incident is still classified information.
Now that the White House is preparing to call China to account for American technology has stolen through hacking, authorities still need to know how much damage is already done. During his years of attacks against defense contractors, spies stole several terabytes - that is, hundreds of millions of pages - documents and data on weapons programs, a volume that dwarfs any theft of secrets during the Cold War . QinetiQ pirates endangered perhaps information vital to national security, including the deployment and capabilities of the combat helicopter fleet.
"There are few defense contractors who have not suffered these attacks," said James Lewis, senior fellow at the Center Safety Strategic and International Studies in Washington. "The damage was considerable."
Some of these attacks have come to be made public, such as theft suffered by Lockheed Martin Corp., in 2007, of technology related to the F-35, the most advanced fighter aircraft in the United States. The heads of the intelligence services say that the damage is much more extensive than is known publicly and that Chinese hackers have acquired data on several major weapons systems and numerous less important. A former intelligence official at the Pentagon said there have been discussions about whether it would be safe to deploy in combat other apparatus Lockheed Martin, the F-22 Raptor, after Watt subcontractors have suffered attacks.
In 2007-2008, the Pentagon conducted secret briefings with about 30 defense companies to alert them of espionage campaign and provide weapons to enable them to defend against it, according to a person who lived the process. This person does not know if QinetiQ was one of the companies that received that information secret.
Researchers eventually identify pirates from Shaghai, had entered QinetiQ, an elite group called the Crew Comment by security experts, which has also been introduced in the networks of large corporations and political figures, including campaigns for the 2008 presidential election of Barack Obama and John McCain. It is possible to intervene at least another group of Chinese hackers, according to a person who is aware of the investigation.
In a report of February 18, Mandiant, a security company based in Alexandria, Virginia, 141 large computer attacks attributed to Comment Crew undisclosed targets. Comment Mandiant said the Crew is Unit 61398 of PLA, which is equivalent, in some respects, to the National Security Agency of the United States. The reports pushed Mandiant Tom Donilon, national security adviser of President Obama, to require China to stop pirating American companies.
The purpose of espionage in QinetiQ and other defense contractors that China appears to be getting close the distance that separates the United States in military technology advanced, saving years of research and development that would have cost billions of dollars, according to Michael Hayden , former director of the CIA.
It is also possible that the Chinese army stole programming codes and design details that would help cripple the most sophisticated U.S. weaponry.
Prolonged QinetiQ espionage operation against the delicate endangered enterprise technology related drones, satellites, military robotics and combat helicopter fleet of the United States Army in both systems already deployed and in other still under development, as internal investigations. Jennifer Pickett QinetiQ spokesman, has refused to comment on its general policy of not talking about security measures.
"God forbid we go to war with China, but, if it occurred, could be very embarrassing, when we started to try all these weapons so complex and we saw that not work," says Richard Clarke, former special counsel to President George W. Bush on cybersecurity.
The track of the spies at QinetiQ begins in late 2007, as the company's mistakes. Efforts are registered QniteiQ hundreds of emails and dozens of reports that should never have been made public but were part of a cache filter in 2011 by the hacking group Anonymous after HBGary Inc., a computer security company based in Sacramento that QinetiQ had hired the previous year.
The emails and reports are authentic, according to Christopher Day and several former executives of HBGary. Day agreed to be asked about the findings of the investigation because these documents already were public.
After examining the documents with several security experts and interviewing more than a dozen people who know cyber attacks suffered by QinetiQ, Bloomberg News has reconstructed how hackers circumvented internal security team of the company and five other companies more drawn upon to remedy the situation.
From its headquarters in a tower of glass and steel in McLean, Virginia, the U.S. subsidiary of QniteiQ is a manufacturer of small arms, less d ela tenth of industry giants like Lockheed and Northrop Grumman Corp. has specialized in fields growth prospects are reduced as elsewhere in the Pentagon budget as drones, robotics, software and high speed computers. A job offer published in 2012 by QinetiQ facilities in Albuquerque asked a programmer to work on "a system of global satellite monitoring" and only accept candidates with the highest security clearance.
In December 2007, an agent of the Criminal Investigation Services Marine made contact with the small security team of the company and notified them that two people working in McLean were losing confidential data from their laptops, according an internal report. The naval services had met the stolen data within a research and wanted to warn as a courtesy.
The agent, who worked in San Diego, did not provide the identity of the pirates, who U.S. intelligence services were tracking at least since 2002, nor provided the crucial fact - but secret - they were also attacking other defense contractors. QinetiQ not know who his attackers until two years later.
The company undertook research but with strict limits.
"They thought it was very restricted, such as a virus or something," said Brian Dykstra, forensic expert working in Columbia, Maryland, and to which QinetiQ hired to conduct the investigation.
It only given four days to complete their task. He says he was not afforded the time or the necessary information to find out if there were more employees who had been pirated, which is a standard precaution. In its final report, Dykstra QinetiQ warned that "not seem to realize the extent" of the intrusion.
Almost immediately after evidence emerged showing that Dykstra was right, because the attacks continued. On January 7, 2008, NASA alerted the company that some hackers had tried to enter the space agency from one computer to QinetiQ.
During the following months, there were several attacks as isolated incidents QinetiQ addressed. The pirates followed a meticulous strategy: in the first two and a half years more than 13,000 passwords gathered and entered internal servers could give detailed information about the company and its mode of organization, data that then employ with devastating consequences.
Further investigations revealed more security holes. In 2008, a security team discovered that it was possible to enter the internal corporate network from a parking QinetiQ Waltham, Massachusetts, through an open wifi connection. The same research found that some Russian hackers took more than two and half years gives QinetiQ stealing secret computer through a secretary, who had manipulated to send the data directly to a server in Russian Federation.
Meanwhile, QinetiQ managers were concerned that research costs were rising.
"A company could easily spent all their resources researching this sort of thing," said William Ribich, president of QinetiQ's Technology Solutions Group, during an interview in January. Ribich, who retired in November 2009, shortly after the discovery of a large data theft, said he had to weigh the danger is not proven that hackers use what he had stolen to the fact that there was growing products Security and advisory fees.
"There comes a time when we must say 'Let their'" he said.
In fact, the first division that Chinese hackers attacked was that of Ribich, based in Waltham, specifically technology and robotic drones of QinetiQ. A leaked internal reports by Anonymous speak of an attack suffered by the TSG in February 2008 and another attempt in March of that year. In 2009, hackers had already almost total control of the computers of the group, the documents show.
In 2009, for 251 days in a row, spies attacked at least 151 machines, including laptops and servers, and data cataloged and engineering codes TSG source. Hackers extracted data from the network into small packets to avoid detection, and managed to steal 20 gigabytes before the end to the operation, according to an internal assessment of damages.
Among the stolen data had very sensitive military technology in a volume equivalent to 1.3 million pages of documents and more than 3.3 million pages of tables in Microsoft Excel.
"All keys and their corporate secrets have disappeared," wrote Phil Wallisch, chief engineer at HBGary security, in an email after the company will report its losses.
But there was still the worst.
While QinetiQ team was reeling from one crisis to another, hackers were refining their skills. It is seen again in March 2010, after entering the corporate network with the password stolen a network administrator in Albuquerque, New Mexico, Darren Back.
The hackers used the remote access of the company, like any other employee. If they could use that trick was because QinetiQ not use two-factor authentication, a very simple tool that generates a unique key that employees must use in addition to your regular password, every time you work from home.
A few months earlier, in a security, the problem was detected. Mandiant who examined several intrusions suffered by TSG had been tested and recommended a relatively inexpensive remedy. His advice was ignored, according to a person who knows the report.
In four days of frenetic activity, the pirates attacked at least 14 servers, and is particularly interested in the company's headquarters in Pittsburgh, specializes in advanced robotics design. The Group also Comment Back password used to enter the control computer technology responsible QinetiQ in Huntsville, Alabama, containing an inventory of weapons superconfidential technological elements and source code of the entire company. The spies had found a map of all QinetiQ digital secrets.
At the same time, had begun to extend their attacks. In April 2010, seeing evidence mounted that the pirates had entered TSG other divisions addition, QinetiQ hired two outside companies, Terremark and a small relatively new company HBGary, led by Greg Hoglund, a former hacker become a security expert.
HBGary specialized software installed in more than 1,900 computers and examined for traces of malicious code. Then came faults. According to several internal HBGary emails, the software could not be installed at least one-third of the computers, and even when he did not detect some of those who were known to have been infected by spyware.
Matthew Anglin, one of those responsible for information security at QinetiQ, with the task of coordinating the two investigations, was distressed by not knowing what was happening in their own network. He complained that the experts carried out did not seem to find what was going on and were wasting time searching for software that was harmless, though it was not licensed.
Consultants also fought. In a report, complained that HBGary Terremark hiding vital information. Terremark responded that it seemed that the pirates knew that HBGary was chasing them and were using their technology to erase the traces of their presence in computers.
"They think they delatamos the attackers," he wrote in an e Wallisch, the HBGary chief investigator on this project.
Safety features found evidence that hackers had been introduced in virtually every corner of QinetiQ activities in the United States, including design laboratories and factories in St. Louis, Pittsburgh, Long Beach (Mississippi), Huntsville (Alabama) and Albuquerque (New Mexico), where QinetiQ engineers working on projects of satellite surveillance, among others.
In mid-June 2010, after several weeks of intense work, the researchers thought they cleaned QinetiQ networks and began to finish the job.
The calm lasted just over two months. In early September, the FBI called QinetiQ to say that the defense contractor was going to lose data, as several emails and a person who participated in the research. Anglin sent messages to Terremark HBGary and asking them to turn their equipment soon.
Within hours of arriving, researchers began to find more and more malicious software (malware) on computers of all U.S. divisions of the company. In some cases, was there from 2009.
Security teams began to realize that hackers had managed to create an almost permanent presence in the defense contractor computers that allowed them to extract new data as soon as recorded on your hard drives. "There is no doubt ... They are screwed "wrote Hoglund Wallisch to September.
The researchers also had to deal with the frustration of QinetiQ employees. Angered by the power consumed HBGary detection software, the workers began to remove it from their computers, with the approval of computer information technology company.
As the search progressed, more clues emerged pursuing the secrets spies. They found his fingerprints on computers QinetiQ Executive Director a division vice president and dozens of software engineers and architects, including several authorizations confidential.
One of the victims was a specialist in the microchips embedded software that controls the military robots company, a technology that would be useful for building Chinese program robots, says Noel Sharkey, an expert on drones and robotics at the University of Sheffield in Britain. In April 2012, the People's Liberation Army released a bomb disposal robot similar to QinetiQ's Dragon Runner.
The chip architecture could also help China to look for ways to make or defeat robots and U.S. drone, says Sharkey.
"They could place them on a plate simulation and piratearlos" he says. "It's easy to do."
The spies also searched for the engineers working on an innovative maintenance program for the fleet of Army combat helicopters. They attacked at least 17 people working in what is known as maintenance under the conditions (Condition Based Maintenance, CBM), which uses onboard sensors to collect data on Apache and Blackhawk helicopters deployed around the world, according to experts who know While the program.
The CBM databases contain sensitive information, including PIN numbers for each device, and could have provided an overview of the deployment pirates, behavior, flight hours, durability and other crucial information of each U.S. helicopter combat from Alaska to Afghanistan, Abdel Bayoumi, who heads the CBM center at the University of South Carolina.
You may also take advantage hackers QinetiQ system to enter the Army Redstone Arsenal, through a network that shares with QinetiQ engineers in nearby Huntsville. As a person who knows the details of the investigation, military investigators linked a search of the base, which houses the Aviation and Missile Command Army with QinetiQ.
It was the only time that pirates took detours to enter into official computers. That same person said, yet last year, federal agents were investigating the illegal entry into cybersecurity unit QinetiQ they suspected Chinese hackers were using to attack targets in the federal administration.
Security weaknesses in QinetiQ led several federal agencies, including the FBI, the Pentagon and the Criminal Investigation Services of the Navy, conduct their own searches, according to two people involved do not yet know the results of the work.
The State Department, which has the power to revoke the license of QinetiQ to manage restricted military technology if it finds that there has been negligence, not yet undertaken any action against the company. Two former members of the security forces say that, despite this power, the State Department does not have people with forensic computer skills necessary to assess the damage, and none of them remember that the Department has participated in any major research data theft.
"In this case, it seems it's been years and you have not learned anything, and that's the scary thing," says Steven Aftergood, who directs the Official Secrets Project at the Federation of American Scientists. "The company is responsible for their decisions, but the government is responsible enough to have had a reaction."
QinetiQ activities in the United States are supervised by a council delegate that present Riley Mixson, the former head of the Navy's air war. The council was informed repeatedly about cyberattacks and investigations. In a brief telephone interview, Mixson said "everything was properly documented" and hung up. Having refused to comment.
The research did not diminish the ability of the company to obtain government contracts and even provide security services to various federal agencies.
In May 2012, QinetiQ won a security contract worth $ 4.7 million with the Department of Transportation of the United States, which includes the protection of something as fundamental as the country's transportation infrastructure.
"In computer security, QinetiQ not heard anything, so I'm amazed they have returned to win," said Bob Slapnik, vice president of HBGary, in 2010, after the company received a grant from the Pentagon in exchange for advice on methods to combat cyber espionage.
In the fall of 2010, Terremark Anglin sent a report to the conclusion that white QinetiQ Comment was Crew since 2007 and that the pirates had constantly acted on their networks, at least since 2009. The report was among the documents leaked by Anonymous.
By then, hackers almost completely controlled the company network. They acted without obstáculpos for months and had implanted múltimples hidden channels to extract data communications. Privately, the researchers were convinced that the spies had achieved everything they wanted from QinetiQ computers.
"In my opinion, if a hacker takes years to your environment, your data have flown" Wallisch wrote in an email to a colleague in December 2010, just weeks before the HBGary itself was also hacked.
"When your enemy knows, catalogs and analyzes all elements of your business," Wallisch wrote, "I have no longer the sense of urgency".
* Translation by Maria Luisa Rodriguez Tapia
© 2013, Bloomberg News.
0 件のコメント:
コメントを投稿