Hackers have accessed designs for more than two dozen major U.S. weapons systems, according to a devastating classified report a Pentagon adviser shared with the Washington Post.
Although the report from the Defense Science Board did not identify the hackers, senior military and industry officials with knowledge of the breaches say they come primarily from China, according to Ellen Nakashima of the Post.
“This is billions of dollars of combat advantage for China. They’ve just saved themselves 25 years of research and development. It’s nuts,” a senior official told the Post.
A public version of the report released in January warned of an “existential cyber attack” with “potentially spectacular” effects.
A partial list of compromised designs include the F-35 fifth generation fighter jet, the V-22 Osprey, THAAD missile defense, Patriot missile defense, AIM-120 Advanced Medium-Range Air-to-Air Missile, the Global Hawk high altitude surveillance drone. Hackers also accessed Personally Identifiable Information, including vast quantities of military email addresses, SSN, credit card numbers, and passwords.
“That’s staggering,” Mark Stokes, executive director of the Project 2049 Institute, a think tank that focuses on Asia security issues, told the Washington Post. “These are all very critical weapons systems, critical to our national security. When I hear this in totality, it’s breathtaking.”
Even with the plans, it’s not clear how well China can reproduce U.S. weapons technology. China’s defense industry is plagued by corruption and projects that run over cost, require frequent modification, and often rely on second-hand Russian technology. But they’re trying: a big part of the big haul was schematics for small parts needed to set up manufacturing for these weapons systems.
What this means for the U.S. is a potentially critical vulnerability to hackers down to the level of individual weapons. As the Defense Science Board warned in January:
The benefits to an attacker using cyber exploits are potentially spectacular. Should the United States find itself in a full-scale conflict with a peer adversary, attacks would be expected to include denial of service, data corruption, supply chain corruption, traitorous insiders, kinetic and related non-kinetic attacks at all altitudes from underwater to space.U.S. guns, missiles, and bombs may not fire, or may be directed against our own troops. Resupply, including food, water, ammunition, and fuel may not arrive when or where needed. Military Commanders may rapidly lose trust in the information and ability to control U.S. systems and forces. Once lost, that trust is very difficult to regain.
Chinese hackers could theoretically infiltrate the cryptographic intranet communications systems of an F-35 and render it essentially inoperable.
That’s why the report advises the Pentagon to invest heavily in cyber security.
China apparently uses several different means to gain access to these defense systems, most of them utilizing what Information Security experts call “human engineering” — when manipulative emails or clever online con-men actually get victims to divulge information on their own.