11:02 AM
Connect Directly

Web Probes On Defense Contractors Rising

Rapidly increasing rates of industrial espionage against the U.S. defense industry puts military technology at risk, report says.

Internet-based attempts to steal U.S. military technology via defense contractors are on the rise, according to an annual Department of Defense analysis of data supplied by the defense industry.

Not only are network probes and intrusions on the increase, the Department of Defense said in the report, which it released late last month, but so are "bold and overt" requests for information made via e-mail and even social networks.

Information systems are the most-heavily targeted of military technologies, according to the report, closely followed by aeronautics. Efforts to get details on unmanned aerial vehicle technology are becoming so widespread that the report broke out a separate section about UAVs, finding that, there, too, foreign elements are looking for information on UAV IT systems.

The report was written by the Defense Security Service (DSS), a branch of the DoD that, among other things, works with the defense industry to protect military technology. The DSS draws on individual reports of suspicious contacts that it collects from the defense industry and analyzes that data in annual reports.

"The United States' technical lead, competitive edge, and strategic military advantage are at risk; and our national security interests could be compromised," DSS director Kathleen Watson wrote in the report's introduction. "The attack is pervasive, relentless, and unfortunately, at times, successful."

Last year, for example, reports emerged that hackers had breached sensitive data on the next-generation U.S. Joint Strike Fighter program. That attack was said to have come from China. A top executive at another government contractor that does business with the DoD recently told InformationWeek that attacks are indeed on the rise, and that his company is spending an increasing amount of time on cybersecurity issues.

In addition to the DSS, several other government efforts, among them the Department of Homeland Security's National Infrastructure Protection Plan and the military's Defense Industrial Base Information Assurance Task Force, aim to help ensure sensitive military data held by defense contractors remains secure.

According to the DSS report, while foreign governments still pose a huge risk, probes by commercial entities are growing at nearly double the rate at which those by governments are growing. The report attributed this to likely purposeful attempts to make overt contacts "seem more innocuous."

Most attempts to exploit U.S. military technology appear to be coming from East Asia and the Pacific (including China, the Koreas and Japan), which represented 29% of the total suspicious contact data. These areas were followed by the Near East (including the Middle East), and Europe and Eurasia (including Russia and Eastern European countries known for hacking).

The report suggests that the only reason Europe and Eurasia aren't higher on the list is that they may be more successful at covert espionage that goes unnoticed.

Overall, direct requests for information, whether by e-mail, phone calls, or marketing surveys looking for things like price quotes and system information, are the preferred method of operation, the report finds.

The report attributes this to ever-increasing Web connectivity and the ease of e-mail and online requests for information. Suspicious Internet activity, including intrusions and spam, represent the second most popular avenue of attack.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio