Feeds

'Chinese' attack sucks secrets from US defence contractor

Comment Crew blamed for three-year attack on QinetiQ

Secure remote control for conventional and virtual desktops

Just when it looked like US-China relations couldn’t get any more frosty, news has emerged that defence contractor QinetiQ suffered a massive breach of classified data over three years which may have leaked advanced military secrets to the infamous PLA-linked hacking gang Comment Crew.

Bloomberg spoke to Verizon’s Terremark security division, HB Gary and Mandiant – all security firms which were hired by QinetiQ to deal with the problem – and sifted through reports and emails made public by the 2011 Anonymous hack of HBGary, in order to get a clear picture of the scale of the breach.

The report reveals poor security practice and misjudgement allowed the hackers to siphon off terabytes of data, potentially compromising national security.

“We found traces of the intruders in many of their divisions and across most of their product lines,” former Terremark SVP Christopher Day told the newswire. “There was virtually no place we looked where we didn’t find them.”

QinetiQ is thought to have been among around 30 defence contractors targeted by hackers in a campaign dating back to 2007, with a group Comment Crew apparently pegged by investigators as the perpetrators – although there’s no explanation for how they arrived at this decision.

The group was famously outed by Mandiant in a high profile report back in February as linked to People’s Liberation Army Unit 61398 and responsible for over 100 other attacks.

QinetiQ was apparently first notified of an intrusion back in 2007, when an agent from the Naval Criminal Investigative Service warned that two employees working at the firm’s US HQ in McLean, Virginia, had their laptops compromised.

The agent had stumbled upon the breach as part of a separate investigation but apparently left out many key details including the fact that other contractors were being hit. QinetiQ limited the following forensic trawl to a few days and mistakenly treated it and several succeeding incidents as unconnected.

Even when NASA warned the firm that it was being attacked by hackers from one of QinetiQ’s computers the firm apparently continued to treat incidents in isolation.

The attackers’ MO appears to have been classic APT-style attack. Once inside the network they appear to have moved laterally to nab internal passwords, allowing them access to highly classified data including source code from the Technology Solutions Group.

Huge amounts of data were apparently smuggled out of the company in small packets to evade detection by traditional filters.

It is claimed that QinetiQ didn’t operate a two-factor authentication system, which could have prevented the hackers logging on with the stolen passwords, and that when Mandiant suggested a simple fix to the problem it was ignored.

Investigators also found in 2008 that QinetiQ’s corporate network could be accessed using unsecured Wi-Fi from a car park outside a facility in Waltham, Massachusetts, the report claimed.

The hackers targeted advanced drone and robotics technology and compromised hundreds of machines in QinetiQ’s facilities all over the US, including St. Louis, Mississippi, Alabama and New Mexico, according to Bloomberg.

Last year China made a splash at the Zuhai air show with a range of drone aircraft similar in design to their US equivalents but pitched at a lower price point.

As if the persistent hacking incursions weren’t enough, investigators brought in to help apparently made matters worse by arguing with each other.

Then software installed by HBGary to monitor for malicious activity wouldn’t function properly and was deleted by many employees because it apparently used too much processing power.

The investigators even found evidence that Russian hackers had been stealing QinetiQ secrets for over two years through a compromised PC belonging to a secretary.

The report comes just a day after news that the Pentagon has leased a Chinese commercial satellite for communications in Africa. It also emerged this week that Comment Crew is very much still operating, despite being named and shamed in the Mandiant report earlier this year. ®

New hybrid storage solutions

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.