I have just published a timeline covering the main Cyber Attacks targeting Military Industry and Aviation, but it looks like the latest events will force me to post an update, soon.
Although perpetrated with very different timelines, origins and motivations behind them, the last three days have seen a new wave of attacks against military industry that has unexpectedly become the point of intersection between cybercrime and cyberwar.
The first clamorous attack was disclosed a couple of days ago, when the Sunday Times revealed that alleged Chinese Hackers were able to penetrate into computers belonging to BAE Systems, Britain’s biggest defence company, and to steal details about the design, performance and electronic systems of the West’s latest fighter jet, the costly F-35 Joint Strike Fighter. The hacking attack has raised concerns that the fighter jet’s advanced radar capabilities could have been compromised and comes few weeks after papers about the future British-French drone were stolen in Paris.
Apparently, once again, an APT-based attack, or maybe one of its precursors, since it was first uncovered nearly three years ago. In any case, according to the sources and the little information available, it lasted continuously for 18 months, exploiting vulnerabilities in BAE’s computer defences to steal vast amounts of data. A fingerprint analogous to other similar cyber operations, allegedly generated from China such as Operation Aurora or the controversial operation Shady RAT.
Details of the attack have been a secret within Britain’s intelligence community until they were disclosed by a senior BAE executive during a private dinner in London for cyber security experts late last year.
Curiously the F-35 seems to be a very attracting prey for hackers as it was already the victim of a Cyber Attack in 2009; once again the latest attack is believed to be originated from China, who is showing a restless cyber activity.
Although completely different for impact and motivations, a second attack has just been announced by the infamous hacking collective Anonymous, which, in name of the #OpFreePalestine operation, has published the contact details for senior staff at BAE (hit once again), Lockheed, Gulfstream Aerospace, a division of General Dynamics, and the United States Division Of Israeli Owned Arms Company Elbit Systems. An attempt to embarrass military industry considered involved in the events happening in Palestine.
Although the data dumps apparently contain little valuable information (according to V3.co.uk many of the telephone numbers listed are for company headquarters, while several of the names appear to be out of date), the latest attacks represent a quantum leap in the Middle East Cyber War, after the “reign of terror” threatened by Anonymous against Israel.
The F-35 JSF is not only the most advanced stealthy fighter plane of the next future. It is also the most expensive. That’s why some partners have been compelled to downsize their initial requirements because of cuts imposed by the increasing unit price (with the new contract the total unit cost for an LRIP 5 jet is 205.3 million USD!!).
Apparently these cuts are interesting even the IT Security budgets of the manufacturers.
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated) at hackmageddon.com. And follow the author of this article @paulsparrows on Twitter for the latest updates.
Related articles
- Exclusive Infographic: all Cyber Attacks on Military Aviation and Aerospace Industry (theaviationist.com)
Couple of thought, we keep hearing China hacking like crazy but never US or Western countries doing it to China? I have a hard time believing that we don’t hack their computers.
Also, why would only China be interested in JSF? Wouldn’t some of the countries buying JSF want to hack into LM to know if LM or US Govt is telling the truth or covering up facts?
It’s a bit far fetched in my opinion. It’s easier or safer, as a customer, ally or business partner, to request information through the government, as the project is negotiated with the US Government.
What does the LRIP5 F-35 price contain? Basic airframe, airframe + engine etc. or full lifetime cost? And can you publish a source for it?
Here’s one of the sources:
http://www.defense-aerospace.com/article-view/feature/133433/f_35-unit-cost-tops-$200m–%3Ci%3E%28updated%29%3C%C2%A7i%3E.html
I would say complicated rather than advanced.
The F-22 offer advanced features like thrust vectoring and IR-reduction that the F-35 lack so deciding which one is the most advanced is pretty much impossible. Features such as VTOL and C-programming does however ensure that the F-35 is more complicated.
The F35 is an enormous soft target for the Chinese. Since it is to be produced in so many countries, and so many actors, it is really hard to protect it from a determined opponent.
Now, the reason why F35 is so uniquely dispersed in its production is of course since that makes it much harder to kill… As a project.
I don’t think the Chinese are interested in the single parts, manufactured by various subcontractors, but in the source code as well as the most advanced onboard systems that will not be released to all partners.
Why don’t they flood their databases with so many versions, code, radar config etc so the “opposition” have no idea which version makes the plane fly or radar bounce the way they want it too, essentially creating a version “with it’s own signature”,
when you think of how many lines of code it would take to drive a F35 it must be quite easy to lead someone down the wrong path with differing versions..
Stephen