Risk
4/6/2010
11:02 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Web Probes On Defense Contractors Rising

Rapidly increasing rates of industrial espionage against the U.S. defense industry puts military technology at risk, report says.

Internet-based attempts to steal U.S. military technology via defense contractors are on the rise, according to an annual Department of Defense analysis of data supplied by the defense industry.

Not only are network probes and intrusions on the increase, the Department of Defense said in the report, which it released late last month, but so are "bold and overt" requests for information made via e-mail and even social networks.

Information systems are the most-heavily targeted of military technologies, according to the report, closely followed by aeronautics. Efforts to get details on unmanned aerial vehicle technology are becoming so widespread that the report broke out a separate section about UAVs, finding that, there, too, foreign elements are looking for information on UAV IT systems.

The report was written by the Defense Security Service (DSS), a branch of the DoD that, among other things, works with the defense industry to protect military technology. The DSS draws on individual reports of suspicious contacts that it collects from the defense industry and analyzes that data in annual reports.

"The United States' technical lead, competitive edge, and strategic military advantage are at risk; and our national security interests could be compromised," DSS director Kathleen Watson wrote in the report's introduction. "The attack is pervasive, relentless, and unfortunately, at times, successful."

Last year, for example, reports emerged that hackers had breached sensitive data on the next-generation U.S. Joint Strike Fighter program. That attack was said to have come from China. A top executive at another government contractor that does business with the DoD recently told InformationWeek that attacks are indeed on the rise, and that his company is spending an increasing amount of time on cybersecurity issues.

In addition to the DSS, several other government efforts, among them the Department of Homeland Security's National Infrastructure Protection Plan and the military's Defense Industrial Base Information Assurance Task Force, aim to help ensure sensitive military data held by defense contractors remains secure.

According to the DSS report, while foreign governments still pose a huge risk, probes by commercial entities are growing at nearly double the rate at which those by governments are growing. The report attributed this to likely purposeful attempts to make overt contacts "seem more innocuous."

Most attempts to exploit U.S. military technology appear to be coming from East Asia and the Pacific (including China, the Koreas and Japan), which represented 29% of the total suspicious contact data. These areas were followed by the Near East (including the Middle East), and Europe and Eurasia (including Russia and Eastern European countries known for hacking).

The report suggests that the only reason Europe and Eurasia aren't higher on the list is that they may be more successful at covert espionage that goes unnoticed.

Overall, direct requests for information, whether by e-mail, phone calls, or marketing surveys looking for things like price quotes and system information, are the preferred method of operation, the report finds.

The report attributes this to ever-increasing Web connectivity and the ease of e-mail and online requests for information. Suspicious Internet activity, including intrusions and spam, represent the second most popular avenue of attack.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3352
Published: 2014-08-30
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame vulnerability," aka Bug ID CSCuh...

CVE-2014-3908
Published: 2014-08-30
The Amazon.com Kindle application before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2010-5110
Published: 2014-08-29
DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.

CVE-2012-1503
Published: 2014-08-29
Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.

CVE-2013-5467
Published: 2014-08-29
Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP04 and Monitoring Server (ms) and Shared Libraries (ax) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP08, 6.2.3 through FP01, and 6.3.0 through FP01 in IBM Tivoli Monitoring (ITM)...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.