Risk
4/6/2010
11:02 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Web Probes On Defense Contractors Rising

Rapidly increasing rates of industrial espionage against the U.S. defense industry puts military technology at risk, report says.

Internet-based attempts to steal U.S. military technology via defense contractors are on the rise, according to an annual Department of Defense analysis of data supplied by the defense industry.

Not only are network probes and intrusions on the increase, the Department of Defense said in the report, which it released late last month, but so are "bold and overt" requests for information made via e-mail and even social networks.

Information systems are the most-heavily targeted of military technologies, according to the report, closely followed by aeronautics. Efforts to get details on unmanned aerial vehicle technology are becoming so widespread that the report broke out a separate section about UAVs, finding that, there, too, foreign elements are looking for information on UAV IT systems.

The report was written by the Defense Security Service (DSS), a branch of the DoD that, among other things, works with the defense industry to protect military technology. The DSS draws on individual reports of suspicious contacts that it collects from the defense industry and analyzes that data in annual reports.

"The United States' technical lead, competitive edge, and strategic military advantage are at risk; and our national security interests could be compromised," DSS director Kathleen Watson wrote in the report's introduction. "The attack is pervasive, relentless, and unfortunately, at times, successful."

Last year, for example, reports emerged that hackers had breached sensitive data on the next-generation U.S. Joint Strike Fighter program. That attack was said to have come from China. A top executive at another government contractor that does business with the DoD recently told InformationWeek that attacks are indeed on the rise, and that his company is spending an increasing amount of time on cybersecurity issues.

In addition to the DSS, several other government efforts, among them the Department of Homeland Security's National Infrastructure Protection Plan and the military's Defense Industrial Base Information Assurance Task Force, aim to help ensure sensitive military data held by defense contractors remains secure.

According to the DSS report, while foreign governments still pose a huge risk, probes by commercial entities are growing at nearly double the rate at which those by governments are growing. The report attributed this to likely purposeful attempts to make overt contacts "seem more innocuous."

Most attempts to exploit U.S. military technology appear to be coming from East Asia and the Pacific (including China, the Koreas and Japan), which represented 29% of the total suspicious contact data. These areas were followed by the Near East (including the Middle East), and Europe and Eurasia (including Russia and Eastern European countries known for hacking).

The report suggests that the only reason Europe and Eurasia aren't higher on the list is that they may be more successful at covert espionage that goes unnoticed.

Overall, direct requests for information, whether by e-mail, phone calls, or marketing surveys looking for things like price quotes and system information, are the preferred method of operation, the report finds.

The report attributes this to ever-increasing Web connectivity and the ease of e-mail and online requests for information. Suspicious Internet activity, including intrusions and spam, represent the second most popular avenue of attack.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2382
Published: 2014-11-20
The DfDiskLo.sys driver in Faronics Deep Freeze Standard and Enterprise 8.10 and earlier allows local administrators to cause a denial of service (crash) and execute arbitrary code via a crafted IOCTL request that writes to arbitrary memory locations, related to the IofCallDriver function.

CVE-2014-3625
Published: 2014-11-20
Directory traversal vulnerability in Pivitol Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

CVE-2014-8387
Published: 2014-11-20
cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi.

CVE-2014-8493
Published: 2014-11-20
ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1.

CVE-2014-8767
Published: 2014-11-20
Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?