US Military In The Dark On Cyberattacks Against Contractors

A lack of communication between military contractors and government agencies about Chinese cyber espionage attacks is revealed in a new Senate report.

Brian Prince, Contributing Writer, Dark Reading

September 18, 2014

3 Min Read
Dark Reading logo in a gray background | Dark Reading

Communication is the key to any good relationship. Yet a new report from the US Senate Armed Services Committee shows that a lack of communication has left the US Transportation Command (Transcom) in the dark about threats to cyber security.

The Armed Services Committee report, released Wednesday, contends that hackers tied to the Chinese government successfully penetrated systems belonging to Transcom contractors at least 20 times during a 12-month period beginning June 1, 2012. The report is the culmination of a year-long investigation by the committee, which found that gaps in reporting requirements and a lack of information sharing between government agencies left Transcom largely unaware of the compromises.

Transcom is responsible for the movement of US troops and equipment around the globe. According to the committee, Transcom was aware of only a handful of the attacks, even though contracts mandate that contractors report certain types of incidents to the command. Though more than 80 companies are subject to the clause, the command had received only two reports of cyber intrusions until August 2013.

In addition, the report states that the FBI, the Department of Defense, the Air Force Office of Special Investigations, and the Defense Cyber Crime Center were aware of cyberattacks between June 2012 and June 2013 and failed to share the information with Transcom.

The committee's findings are detailed in a report entitled "Inquiry into Cyber Intrusions Affecting U.S. Transportation Command Contractors." The committee approved the report in the spring and released an unclassified version today.

During the period covered by the report, there were about 50 intrusions or "cyber events" into the computer networks of Transcom contractors.

"These peacetime intrusions into the networks of key defense contractors are more evidence of China’s aggressive actions in cyberspace," Sen. Carl Levin (D-MI), the committee's chairman, said in a committee press release. "Our findings are a warning that we must do much more to protect strategically significant systems from attack and to share information about intrusions when they do occur."

This year, TrapX Security identified malware called Zombie Zero, which was delivered into enterprise shipping and logistics environments from a Chinese manufacturer responsible for selling proprietary hardware for terminal scanners used to inventory items being shipped. The malware was delivered through the Windows embedded XP operating system installed on the hardware at the manufacturer's location in China and could be downloaded from the Chinese manufacturer's support website.

[Zombie Zero is still actively pushing rigged handheld scanning devices, reviving concerns about doing business with Chinese tech companies. Read Chinese Hackers Target Logistics & Shipping Firms With Poisoned Inventory Scanners.]

"It is just as important in today's world to protect our country's critical information systems and infrastructure as it is to protect sea lanes and foreign economic interests," said Carl Wright, general manager of TrapX and former CISO of the US Marine Corps.

Though Transcom attributed all 20 intrusions in the report to China, FireEye researchers Jen Weedon and Kristen Dennesen wrote in a blog post that the Chinese government is not the only player in the game. Suspected Russian attackers have been targeting a defense technology company, and an Iranian group targeted US defense contractors in Operation Saffron Rose.

"Multiple threat groups appear to have a firm understanding of the Aerospace and Defense supply chains, including the relationships between organizations and specific projects in the industry," Weedon and Dennesen wrote. "In multiple instances, cyber espionage groups have targeted information about specific projects across several companies. Similarly, we have observed threat groups target the entire Aerospace and Defense manufacturing production cycle, from research and development through testing and production, all the way to product launch."

"We must ensure that cyber intrusions cannot disrupt our mission readiness" Sen. Jim Inhofe (R-OK), the committee's ranking Republican, said in the release. "It is essential that we put into place a central clearinghouse that makes it easy for critical contractors, particular those that are small businesses, to report suspicious cyber activity without adding a burden to their mission support operations."

About the Author

Brian Prince

Contributing Writer, Dark Reading

Brian Prince is a freelance writer for a number of IT security-focused publications. Prior to becoming a freelance reporter, he worked at eWEEK for five years covering not only security, but also a variety of other subjects in the tech industry. Before that, he worked as a news reporter for the Asbury Park Press, and reported on everything from environmental issues to politics. He has a B.A. in journalism from American University.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights