Risk
4/6/2010
11:02 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Web Probes On Defense Contractors Rising

Rapidly increasing rates of industrial espionage against the U.S. defense industry puts military technology at risk, report says.

Internet-based attempts to steal U.S. military technology via defense contractors are on the rise, according to an annual Department of Defense analysis of data supplied by the defense industry.

Not only are network probes and intrusions on the increase, the Department of Defense said in the report, which it released late last month, but so are "bold and overt" requests for information made via e-mail and even social networks.

Information systems are the most-heavily targeted of military technologies, according to the report, closely followed by aeronautics. Efforts to get details on unmanned aerial vehicle technology are becoming so widespread that the report broke out a separate section about UAVs, finding that, there, too, foreign elements are looking for information on UAV IT systems.

The report was written by the Defense Security Service (DSS), a branch of the DoD that, among other things, works with the defense industry to protect military technology. The DSS draws on individual reports of suspicious contacts that it collects from the defense industry and analyzes that data in annual reports.

"The United States' technical lead, competitive edge, and strategic military advantage are at risk; and our national security interests could be compromised," DSS director Kathleen Watson wrote in the report's introduction. "The attack is pervasive, relentless, and unfortunately, at times, successful."

Last year, for example, reports emerged that hackers had breached sensitive data on the next-generation U.S. Joint Strike Fighter program. That attack was said to have come from China. A top executive at another government contractor that does business with the DoD recently told InformationWeek that attacks are indeed on the rise, and that his company is spending an increasing amount of time on cybersecurity issues.

In addition to the DSS, several other government efforts, among them the Department of Homeland Security's National Infrastructure Protection Plan and the military's Defense Industrial Base Information Assurance Task Force, aim to help ensure sensitive military data held by defense contractors remains secure.

According to the DSS report, while foreign governments still pose a huge risk, probes by commercial entities are growing at nearly double the rate at which those by governments are growing. The report attributed this to likely purposeful attempts to make overt contacts "seem more innocuous."

Most attempts to exploit U.S. military technology appear to be coming from East Asia and the Pacific (including China, the Koreas and Japan), which represented 29% of the total suspicious contact data. These areas were followed by the Near East (including the Middle East), and Europe and Eurasia (including Russia and Eastern European countries known for hacking).

The report suggests that the only reason Europe and Eurasia aren't higher on the list is that they may be more successful at covert espionage that goes unnoticed.

Overall, direct requests for information, whether by e-mail, phone calls, or marketing surveys looking for things like price quotes and system information, are the preferred method of operation, the report finds.

The report attributes this to ever-increasing Web connectivity and the ease of e-mail and online requests for information. Suspicious Internet activity, including intrusions and spam, represent the second most popular avenue of attack.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5619
Published: 2014-09-29
The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file system entries in FAT file systems and other file systems for which . is not a reserved name, which allows local users to hide activities it more difficult to conduct forensics activities, as demonstrated by Flame.

CVE-2012-5621
Published: 2014-09-29
lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service (crash) via an OPAL connection with a party name that contains invalid UTF-8 strings.

CVE-2012-6107
Published: 2014-09-29
Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVE-2012-6110
Published: 2014-09-29
bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by accessing an open file descriptor.

CVE-2013-1874
Published: 2014-09-29
Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
In our next Dark Reading Radio broadcast, we’ll take a close look at some of the latest research and practices in application security.