Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Chinese 'Comment Crew' hackers emptied QinetiQ of top-secret military data

John E Dunn | May 6, 2013
US firm complacent about serious breaches, Bloomberg alleges

One of the US's critical military and espionage contractors QinetiQ North America (QNA) was successfully pillaged for huge amounts of top-secret know-how by the infamous Chinese 'Comment Crew' or PLA 61398 hacking group in a campaign stretching over years, Bloomberg has reported.

Reports and accusations of Chinese hacking are now ten-a-penny but what has been reconstructed by Bloomberg's journalists after talking to investigators tells a story that will be as embarrassing as it is depressing for both QNA and the US defence establishment.

The hacking was so extensive that external consultants ended up more or less working permanently inside the firm to root out malicious software and compromises on an ongoing basis.

It's already established that Chinese hackers (including probably PLA 61398 outed earlier this year by Mandiant) started targeting US defence contractors as far back as 2007, but the role of QNA in events has not until now been full explained despite fragments of the story turning up in emails leaked after the 2011 Anonymous Group hack of security firm HBGary.

By late 2007 the Naval Criminal Investigation Service reportedly told QNA that two staff at the firm's HQ were losing data from laptops, information that the firm allegedly treated as a minor breach when it was later discovered to be anything but.

Through 2008, is said to have treated the continuing pattern of hacks traced to its buildings as "isolated incidents", including the compromise of 13,000 server passwords that attackers were used to help steal huge amounts of classified military engineering data.

Security deteriorated to such an extent that investigators found that it was possible to access the firm's network from a car park using an unsecured Wi-Fi connection and that, independently, Russian hackers had set up the compromised PC of a secretary to steal sensitive data at will over a two and a half year period.

"Over one stretch in 2009, the spies spent 251 days raiding at least 151 machines, including laptops and servers, cataloging TSG's [a QNA division] source code and engineering data," said Bloomberg.

"The hackers dribbled data out of the network in small packets to avoid detection, managing to get away with 20 gigabytes before they were finally stopped, according to an internal damage assessment."

Despite another assessment that found that QNA's lack of two-factor authentication helped a major 2010 raid on the company's cache of robotics IP, the firm's managers still did not address the need for security fixes recommended by consultant Mandiant.

By 2010, QNA believed it had cleaned up the last remnants of a hacking attack that dated back three nearly years only to discover yet more data leaks traced to malicious software that had been operating since 2009.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.