Jump to content


‘Nearly All’ of the Pentagon’s New Weapons Systems Are Vulnerable to Hacking


18 replies to this topic

#1 LFC

    Fiscal Conservative

  • Members
  • PipPipPip
  • 24675 posts
  • LocationPennsylvania

Posted 11 October 2018 - 11:29 AM

Great. Lots of money dumped into them and they can be hacked when they're needed most.

Quote

A handful of costly military satellites and ground stations were deployed between 2012 and 2016 so they could pass secure messages between the U.S. Army’s portable radios and cellular networks around the globe. But when a team of Navy hackers tested it in 2015 and 2016, the system turned out not to be so secure.

It had more than 1,000 cyber vulnerabilities, half of which had “a high potential of giving system access to an intruder,” a 2016 Pentagon testing report said.

The network, known as the Mobile User Objective System, turns out to be just one of many new major Pentagon weapons systems found vulnerable to hacking. A new report from auditors at the Government Accountability Office (GAO) concluded on Oct. 9 that “nearly all” of the weapons systems in the Pentagon’s $1.7 trillion dollar purchasing pipeline have glaring cybersecurity holes.

Here’s the problem: The Pentagon and other federal agencies for the past few years have been intensifying their efforts to protect their own computer networks from hacking—after some spectacular breaches, including a hack of sensitive government personnel files in 2015 and Edward Snowden’s theft of NSA files in 2013.

But the military hasn’t worked as hard over the past decade to protect its software-dependent weapons systems from hacking, according to the GAO.

The consequences in a crisis or military conflict could be grave, since cyber breaches involving weapons systems could in theory give an enemy the opportunity to make the weapons misfire or fail. It’s not the first time this warning has been issued—at least a half-dozen military studies since the 1990s have sounded alarms that Pentagon systems were becoming enticing hacking targets, the report said.

Only in 2014 did the Pentagon begin to routinely check for cyber vulnerabilities in weapons systems, the GAO noted, and many systems haven’t been tested at all. “Until recently, DOD [Department of Defense] did not prioritize cybersecurity in weapon systems acquisitions,” the report said. “DOD is in the early stage of trying to understand how to apply cybersecurity to weapon systems.”

The GAO, which serves as Congress’s watchdog group reviewing the work of government agencies, conducted the study at the request of the Senate Armed Services Committee. The report does not describe any vulnerabilities in specific weapons systems, noting that classification rules protect details of what was found during testing. But it points to multiple instances where military hackers testing the cybersecurity of weapons systems, called red teams, managed to get into platforms in seconds because of lax security.

" 'Individual conscience' means that women only get contraceptives if their employers, their physicians, their pharmacists, their husbands and/or fathers, pastors, and possibly their mayors, Governors, State Secretaries of Health, Congressmen, Senators, and President all agree that in that particular case they're justifiable." --D.C. Sessions

"That's the problem with being implacable foes - no one has any incentive to treat you as anything more than an obstacle to be overcome."

"The 'Road to Serfdom' is really all right turns." --Progressive Whisperer

""The GOP ... where every accusation is also a confession." --Progressive Whisperer

#2 Bact PhD

    Frustrated, Thoughtful Independent

  • Members
  • PipPipPip
  • 1545 posts
  • LocationFlorida

Posted 11 October 2018 - 12:20 PM

Scary.

Sadly, some ammo for the “Government Is Inept” team. Seriously, one would think systems that critical in nature would have better cyber security than a Fortune 500 company? This doesn’t look to be specific to any particular Administration, either.
Politics these days is show business. Elections are Dancing with the Stars with consequences. ~Rue Bella

(About fame) Living for likes, shares and follows is a form of validation. The question is whether it is also the source of our self esteem. If it is, we’re screwed. And, culturally, it seems as if it’s become more and more our shared value. ... Meringue is no longer a sweet and pretty topping but the body itself. ~Charles Perez

"If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be." --Thomas Jefferson to Charles Yancey, 1816. ME 14:384, via LFC, 12/1/2016

Competent people go in one of a few directions. But incompetence is infinite. ~David Brooks, NY Times

#3 golden_valley

    Advanced Member

  • Members
  • PipPipPip
  • 5089 posts
  • LocationNorthern California

Posted 11 October 2018 - 12:36 PM

View PostBact PhD, on 11 October 2018 - 12:20 PM, said:

Scary.

Sadly, some ammo for the “Government Is Inept” team. Seriously, one would think systems that critical in nature would have better cyber security than a Fortune 500 company? This doesn’t look to be specific to any particular Administration, either.

How good is the cyber security in a Fortune 500 company? If there is a failing in their systems are hacked I suspect they won't go public with it unless forced to.

#4 AnBr

    Advanced Member

  • Members
  • PipPipPip
  • 12153 posts

Posted 11 October 2018 - 01:32 PM

A good reason to have some hardware manufacturing done here.
"Science is more than a body of knowledge; it is a way of thinking. I have a foreboding of an America in my children's or grandchildren's time - when the United States is a service and information economy; when nearly all the key manufacturing industries have slipped away to other countries; when awesome technological powers arc in the hands of a very few, and no one representing the public interest can even grasp the issues; when the people have lost the ability to set their own agendas or knowledgeably question those in authority; when, clutching our crystals and nervously consulting our horoscopes, our critical faculties in decline, unable to distinguish between what feels good and what's true, we slide, almost without noticing, back into superstition and darkness.

— Carl Sagan
The Demon-Haunted World: Science as a Candle in the Dark
1995


“As democracy is perfected, the office of president represents, more and more closely, the inner soul of the people. On some great and glorious day the plain folks of the land will reach their heart's desire at last and the White House will be adorned by a downright moron.”

— H.L. Mencken
On Politics: A Carnival of Buncombe


“The test of our progress is not whether we add more to the abundance of those who have much; it is whether we provide enough for those who have too little.”

— Franklin Delano Roosevelt
Second inaugural address January, 1937

#5 andydp

    Advanced Member

  • Members
  • PipPipPip
  • 3295 posts
  • LocationUpstate NY near Albany

Posted 11 October 2018 - 03:40 PM

View PostLFC, on 11 October 2018 - 11:29 AM, said:

Great. Lots of money dumped into them and they can be hacked when they're needed most.

Biggest AND scariest takeaway:

But it points to multiple instances where military hackers testing the cybersecurity of weapons systems, called red teams, managed to get into platforms in seconds because of lax security.

Nothing in the world is more dangerous than sincere ignorance and conscientious stupidity.

Rev Martin Luther King Jr.


Obamacare took my guns away and put me in a FEMA reeducation camp.

Anonymous

If you've got public schools paid for by taxpayers, you're in a socialist nation. If you have public roads paid for by taxpayers, socialist nation. If you've got public defense (police, fire, military, coast guard) paid for by tax dollars, socialist nation. If you're in a nation that has nationalized or localized delivery of services that are not paid for by users alone, you're in a socialist nation- the only question is how socialist. As I see it, we have the military pay to protecting the shipping lanes for our fuel needs which makes up very socialist. In a capitalist nation, the people supplying the oil would pay for their own defense force.


DC Coronata

#6 D. C. Sessions

    I don't have to pretend to be an adult any more

  • Members
  • PipPipPip
  • 8665 posts
  • LocationCentral New Mexico

Posted 11 October 2018 - 04:21 PM

View PostBact PhD, on 11 October 2018 - 12:20 PM, said:

Scary.

Sadly, some ammo for the “Government Is Inept [1]” team.

[1]: Military, mercenaries, police, and death penalty not included.
"Robots aren't the problem. Capitalism is." -- Last words of Stephen Hawking.
These days, "libertarian" is just a euphemism for a Nazi who's afraid to commit.
"If you're not outraged, you're not paying attention." -- Heather Heyer
"I'd rather have my child, but by golly, if I gotta give her up, we're gonna make it count." -- Her mother
"Your purpose, then, plainly stated, is that you will destroy the Government, unless you be allowed to construe and enforce the Constitution as you please, on all points in dispute between you and us. You will rule or ruin in all events." -- some RINO

#7 George Powell

    Advanced Member

  • Members
  • PipPipPip
  • 193 posts

Posted 12 October 2018 - 01:26 AM

I have always thought that the best way to ensure fair play is rely on peoples individual conscience. Our creator bestowed with a clear sense of what is right and wrong. However, I am also a great believer in belt and braces. As an example, traffic behavior in countries that have recently employed hundreds of millions of surveillance cameras and use computerized infringement fines show that technology can stimulate the noble side of our nature. The effect has been most notable in China where two decades ago traffic lights were regarded as interesting fairy lights and routinely ignored but now traffic seems western. Well almost. It short it has had a remarkable effect on China's collective conscience.

The West right now is being ripped off on an industrial scale by the PLA, they sit in rows in their army uniforms and day in day out hack our technology and IP, in fact they have a battalion near me in Shanghai. The PLA is to an extent self supporting, it owns companies and sells the stolen IP it does not use itself. Boeing, BAE, Lockheed and their subcontractors have all been hacked. Hacked again and again and again. I have a partial solution.

The theft of IP is carried out on multiple fronts. Chinese immigrants who find jobs in hi-tech industries are probably the biggest threat, followed by hacking and forced IP exchange in return for manufacturing rights in China. The scale of all this is simply massive. I would not be surprised if America had 50,000 Chinese spies in sensitive areas and have tens of thousands of full time hackers. To put this in perspective Xi Ji Ping revealed two years ago that they employ 3,000,000 people just to monitor and control the internet. We all knew about the Wu Mao Deng, the 5 cent army and estimates ranged up to 300,000, but the number of people employed is still jaw dropping.

At the moment when a company finds it has been hacked it may or not inform a government agency. It is left on the goodwill of the executive officers to do the right thing. There are no requirements for comprehensive security measure despite the damage to national security when their security is breached. That is plain stupid and irresponsible. Can you fine people and companies for not having a good attitude? Well, yes you can.

All companies with over a certain turnover creating high tech products must register with the government.
There must be adequate, verified, digital security procedures in place.
Employees must be at least second generation Americans.
It must be mandatory to inform the government of security breaches, with heavy penalties, including imprisonment for individuals.
The government should regularly inform the public of the dangers of IP theft, to stimulate awareness.

It truly requires a comprehensive approach and although it may take a decades we must start without delaying any further. There may be loss of liberty, especially with immigrants, but let us look at the situation before immigration caused political awareness to interfere. It was not always like this. When I was in the upper sixth I applied for a part-time job with the post office at Christmas. I had to show my fathers and my mothers birth certificates and they both had to be British citizens. If I or my mother or father had committed any felonies then it was all over. When I was a young man I applied to EMI at Feltham on the Bluestreak team and I got the job offer. It was later retracted with apologies because I did not pass X clearance because my father in law had been born in Warsaw. (I am grateful now that I never joined that terrible gang). It never used to be so easy to get a job if you were not impeccably British, even in the post office let alone a defense contractor, so why not now? If it was considered risky then then surely it is even riskier now.

Some security procedures will be inconvenient but necessary. I recall an American company that knew they had been hacked but had no idea how. A prestigious security company had combed thru everything and could not find how the virus was introduced, in short they were flummoxed. Then at a meeting the CEO plugged his nicotine vapor lead into a USB for a recharge. It was made in China and ordered on the net. Another time an employee found a US drive on the floor and plugged it in to find who to give it to. The firmware that drives a USB flash device can not be monitored, it affects all USBs and is a system flaw that cannot be corrected. USBs need to be banned in hi-tech areas. Then there is the requirement for an air gap. No computer with sensitive info should be connected to the net. It is all going to be painful inconvenient, but do we really have a choice?

#8 andydp

    Advanced Member

  • Members
  • PipPipPip
  • 3295 posts
  • LocationUpstate NY near Albany

Posted 12 October 2018 - 05:01 AM

Re USB drives:

Didn’t they get STUXNET into the Iranian systems via USB drive ?

Like you, I recall reading a story on a hacking that was traced to a “lost” USB drive that was plugged into a company PC so the finder could locate the owner.

I watched a program about “used” computer recycling. They went to Ghana, picked out some hard drives from a few trashed PCs. Plugged the drives in at the University. Besides the photos and SSAN data, they wound up with a hard drive from a US defense contractor.

Personally, I have removed and smashed the hard drives from our old PCs with a 5# ball peen hammer. (I also did that for a friend)
Nothing in the world is more dangerous than sincere ignorance and conscientious stupidity.

Rev Martin Luther King Jr.


Obamacare took my guns away and put me in a FEMA reeducation camp.

Anonymous

If you've got public schools paid for by taxpayers, you're in a socialist nation. If you have public roads paid for by taxpayers, socialist nation. If you've got public defense (police, fire, military, coast guard) paid for by tax dollars, socialist nation. If you're in a nation that has nationalized or localized delivery of services that are not paid for by users alone, you're in a socialist nation- the only question is how socialist. As I see it, we have the military pay to protecting the shipping lanes for our fuel needs which makes up very socialist. In a capitalist nation, the people supplying the oil would pay for their own defense force.


DC Coronata

#9 George Powell

    Advanced Member

  • Members
  • PipPipPip
  • 193 posts

Posted 12 October 2018 - 07:28 AM

View Postandydp, on 12 October 2018 - 05:01 AM, said:

Re USB drives: Didn’t they get STUXNET into the Iranian systems via USB drive ? Like you, I recall reading a story on a hacking that was traced to a “lost” USB drive that was plugged into a company PC so the finder could locate the owner. I watched a program about “used” computer recycling. They went to Ghana, picked out some hard drives from a few trashed PCs. Plugged the drives in at the University. Besides the photos and SSAN data, they wound up with a hard drive from a US defense contractor. Personally, I have removed and smashed the hard drives from our old PCs with a 5# ball peen hammer. (I also did that for a friend)
I am NOT expert in USBs although I work in the electronic/computing field. Electronics are increasingly specialized and designing USB stacks is formidable. There are some razor thin areas of specialization. I looked into USBs and downloaded a guide which was 1,500 pages long. I passed over that project because I didn't have time for the learning curve.

But yes, I believe that is how stuxnet was introduced by a USB flash - or at least the explanation given. If they parted with this info then it was just as likely to be someone on the Israeli payroll. The CIA seem to be incensed with making everything spy ware. I hear smart TVs now can be used to spy on you.

#10 D. C. Sessions

    I don't have to pretend to be an adult any more

  • Members
  • PipPipPip
  • 8665 posts
  • LocationCentral New Mexico

Posted 12 October 2018 - 08:16 AM

In short: a USB drive is just data, same as a hard drive etc. Despite all of the fiction out there, there is no way exposure to that data can take over your system just by being inserted or read.

UNLESS

the system itself already has some very bad habits, like automatically running certain data structures that it finds there. Naming no names, but some computer operating systems (or boot systems, if you reboot with the drive inserted) have a long history of putting convenience ahead of security.

Just sayin'.
"Robots aren't the problem. Capitalism is." -- Last words of Stephen Hawking.
These days, "libertarian" is just a euphemism for a Nazi who's afraid to commit.
"If you're not outraged, you're not paying attention." -- Heather Heyer
"I'd rather have my child, but by golly, if I gotta give her up, we're gonna make it count." -- Her mother
"Your purpose, then, plainly stated, is that you will destroy the Government, unless you be allowed to construe and enforce the Constitution as you please, on all points in dispute between you and us. You will rule or ruin in all events." -- some RINO

#11 Traveler

    Rambling Member

  • Members
  • PipPipPip
  • 12469 posts
  • LocationPhilly Area

Posted 12 October 2018 - 09:00 AM

Why not name names? Thankfully, not much worth hacking on my Windows machine....
"Men occasionally stumble over the truth, but most of them pick themselves up and hurry off as if nothing had happened."-- Winston Churchill
"Anyone who has the power to make you believe absurdities has the power to make you commit injustices" Voltaire

#12 George Powell

    Advanced Member

  • Members
  • PipPipPip
  • 193 posts

Posted 12 October 2018 - 10:42 AM

View PostD. C. Sessions, on 12 October 2018 - 08:16 AM, said:

In short: a USB drive is just data, same as a hard drive etc. Despite all of the fiction out there, there is no way exposure to that data can take over your system just by being inserted or read.

UNLESS

the system itself already has some very bad habits, like automatically running certain data structures that it finds there. Naming no names, but some computer operating systems (or boot systems, if you reboot with the drive inserted) have a long history of putting convenience ahead of security.

Just sayin'.
USB's have a control system that cannot be read by anti-virus software because it is on a separate firmware. It is a known flaw in USB specifications. I know it can take over your computer but I have NO expertise in this field, so just GUESSING, it could insert a virus on the area of several hundred bytes at the bottom of a PC files that defines the computer actions for that file.

#13 D. C. Sessions

    I don't have to pretend to be an adult any more

  • Members
  • PipPipPip
  • 8665 posts
  • LocationCentral New Mexico

Posted 12 October 2018 - 01:02 PM

View PostGeorge Powell, on 12 October 2018 - 10:42 AM, said:

USB's have a control system that cannot be read by anti-virus software because it is on a separate firmware. It is a known flaw in USB specifications. I know it can take over your computer but I have NO expertise in this field, so just GUESSING, it could insert a virus on the area of several hundred bytes at the bottom of a PC files that defines the computer actions for that file.

Still won't do a damned thing if your system doesn't go, "Oh, look! An executable file! I'll just run it."

Some do. Not all of them.
"Robots aren't the problem. Capitalism is." -- Last words of Stephen Hawking.
These days, "libertarian" is just a euphemism for a Nazi who's afraid to commit.
"If you're not outraged, you're not paying attention." -- Heather Heyer
"I'd rather have my child, but by golly, if I gotta give her up, we're gonna make it count." -- Her mother
"Your purpose, then, plainly stated, is that you will destroy the Government, unless you be allowed to construe and enforce the Constitution as you please, on all points in dispute between you and us. You will rule or ruin in all events." -- some RINO

#14 LFC

    Fiscal Conservative

  • Members
  • PipPipPip
  • 24675 posts
  • LocationPennsylvania

Posted 12 October 2018 - 02:04 PM

There was a time when programs were program and data were data. Then somebody decided that was a bad idea.
" 'Individual conscience' means that women only get contraceptives if their employers, their physicians, their pharmacists, their husbands and/or fathers, pastors, and possibly their mayors, Governors, State Secretaries of Health, Congressmen, Senators, and President all agree that in that particular case they're justifiable." --D.C. Sessions

"That's the problem with being implacable foes - no one has any incentive to treat you as anything more than an obstacle to be overcome."

"The 'Road to Serfdom' is really all right turns." --Progressive Whisperer

""The GOP ... where every accusation is also a confession." --Progressive Whisperer

#15 D. C. Sessions

    I don't have to pretend to be an adult any more

  • Members
  • PipPipPip
  • 8665 posts
  • LocationCentral New Mexico

Posted 12 October 2018 - 02:20 PM

View PostLFC, on 12 October 2018 - 02:04 PM, said:

There was a time when programs were program and data were data. Then somebody decided that was a bad idea.

Yeah -- Jon von Neumann, back around the time I was born. Since then Harvard architecture machines are pretty scarce. They have some performance advantages but are a real PITA for anything that isn't pre-programmed with a fixed set of capabilities.
"Robots aren't the problem. Capitalism is." -- Last words of Stephen Hawking.
These days, "libertarian" is just a euphemism for a Nazi who's afraid to commit.
"If you're not outraged, you're not paying attention." -- Heather Heyer
"I'd rather have my child, but by golly, if I gotta give her up, we're gonna make it count." -- Her mother
"Your purpose, then, plainly stated, is that you will destroy the Government, unless you be allowed to construe and enforce the Constitution as you please, on all points in dispute between you and us. You will rule or ruin in all events." -- some RINO

#16 AnBr

    Advanced Member

  • Members
  • PipPipPip
  • 12153 posts

Posted 12 October 2018 - 04:33 PM

Autorun is mostly a thing of the past. You can enable it, but it is not on by default for the past several versions of Windows. Out of the box about the only thing it will do automatically is to open a folder on the storage device if it sees images or media files, but will not launch applications. This does not remove all dangers as malware can be embedded in certain image files and some media files. Then of course some might be silly enough to enable it. As they say, the weakest link in computer security exists between the keyboard and the seat. That is one that can make any OS vulnerable if the user has an admin or root account.
"Science is more than a body of knowledge; it is a way of thinking. I have a foreboding of an America in my children's or grandchildren's time - when the United States is a service and information economy; when nearly all the key manufacturing industries have slipped away to other countries; when awesome technological powers arc in the hands of a very few, and no one representing the public interest can even grasp the issues; when the people have lost the ability to set their own agendas or knowledgeably question those in authority; when, clutching our crystals and nervously consulting our horoscopes, our critical faculties in decline, unable to distinguish between what feels good and what's true, we slide, almost without noticing, back into superstition and darkness.

— Carl Sagan
The Demon-Haunted World: Science as a Candle in the Dark
1995


“As democracy is perfected, the office of president represents, more and more closely, the inner soul of the people. On some great and glorious day the plain folks of the land will reach their heart's desire at last and the White House will be adorned by a downright moron.”

— H.L. Mencken
On Politics: A Carnival of Buncombe


“The test of our progress is not whether we add more to the abundance of those who have much; it is whether we provide enough for those who have too little.”

— Franklin Delano Roosevelt
Second inaugural address January, 1937

#17 D. C. Sessions

    I don't have to pretend to be an adult any more

  • Members
  • PipPipPip
  • 8665 posts
  • LocationCentral New Mexico

Posted 12 October 2018 - 07:03 PM

View PostAnBr, on 12 October 2018 - 04:33 PM, said:

This does not remove all dangers as malware can be embedded in certain image files and some media files.

And that in turn only works on the version of the media player (image viewer, etc.) that the malware was designed to trick. If you have prevented the system from using the predictable applications, you're safe. Suggestion: don't use the ones that come with your out-of-the-box operating system.

Me, I compile all of mine from source, and the sources update frequently.
"Robots aren't the problem. Capitalism is." -- Last words of Stephen Hawking.
These days, "libertarian" is just a euphemism for a Nazi who's afraid to commit.
"If you're not outraged, you're not paying attention." -- Heather Heyer
"I'd rather have my child, but by golly, if I gotta give her up, we're gonna make it count." -- Her mother
"Your purpose, then, plainly stated, is that you will destroy the Government, unless you be allowed to construe and enforce the Constitution as you please, on all points in dispute between you and us. You will rule or ruin in all events." -- some RINO

#18 George Powell

    Advanced Member

  • Members
  • PipPipPip
  • 193 posts

Posted 12 October 2018 - 09:29 PM

View PostD. C. Sessions, on 12 October 2018 - 07:03 PM, said:

And that in turn only works on the version of the media player (image viewer, etc.) that the malware was designed to trick. If you have prevented the system from using the predictable applications, you're safe. Suggestion: don't use the ones that come with your out-of-the-box operating system.

Me, I compile all of mine from source, and the sources update frequently.
Wow, that is diligent. I use several computers with the original operating systems but I work on the principle of an air gap. My work computers are never allowed to contact the internet. I appreciate that is impossible for a lot of people. When necessary I transfer files using a branded USB flash. I only use the work computers for PCBs, MPlab and Keil.

#19 D. C. Sessions

    I don't have to pretend to be an adult any more

  • Members
  • PipPipPip
  • 8665 posts
  • LocationCentral New Mexico

Posted 13 October 2018 - 08:56 AM

View PostGeorge Powell, on 12 October 2018 - 09:29 PM, said:

Wow, that is diligent

Gentoo.
"Robots aren't the problem. Capitalism is." -- Last words of Stephen Hawking.
These days, "libertarian" is just a euphemism for a Nazi who's afraid to commit.
"If you're not outraged, you're not paying attention." -- Heather Heyer
"I'd rather have my child, but by golly, if I gotta give her up, we're gonna make it count." -- Her mother
"Your purpose, then, plainly stated, is that you will destroy the Government, unless you be allowed to construe and enforce the Constitution as you please, on all points in dispute between you and us. You will rule or ruin in all events." -- some RINO





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users