Results 1 to 6 of 6
Like Tree4Likes

Thread: "Nearly All" The Pentagon's Expensive New Toys Are Embarrassingly Easy To Hack, GAO

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

  1. #1
    Senior Member Airbornesapper07's Avatar
    Join Date
    Aug 2018
    Posts
    61,615

    "Nearly All" The Pentagon's Expensive New Toys Are Embarrassingly Easy To Hack, GAO

    "Nearly All" The Pentagon's Expensive New Toys Are Embarrassingly Easy To Hack, GAO Audit Finds



    "They could see, in real-time, what the operators were seeing on their screens..."

    Wed, 10/10/2018 - 23:45
    15 SHARES

    The Pentagon's next-gen weapons systems currently under development by the Department of Defense (DoD) are woefully vulnerable to cyberattacks, according to a Tuesday report by the US Government Accountability Office (GAO).
    GAO testers "playing the role of adversary" discovered "mission critical cyber vulnerabilities in nearly all weapon systems that were under development."

    "Using relatively simple tools and techniques, testers were able to take control of systems and largely operate undetected, due in part to basic issues such as poor password management and unencrypted communications," said GAO officials.
    In one case, it took a two-person test team just one hour to gain initial access to a weapon system and one day to gain full control of the system they were testing.
    Some programs fared better than others. For example, one assessment found that the weapon system satisfactorily prevented unauthorized access by remote users, but not insiders and near-siders. Once they gained initial access, test teams were often able to move throughout a system, escalating their privileges until they had taken full or partial control of a system.
    In one case, the test team took control of the operators' terminals. They could see, in real-time, what the operators were seeing on their screens and could manipulate the system. They were able to disrupt the system and observe how the operators responded.
    Another test team reported that they caused a pop-up message to appear on users' terminals instructing them to insert two quarters to continue operating.
    Multiple test teams reported that they were able to copy, change, or delete system data including one team that downloaded 100 gigabytes, approximately 142 compact discs, of data.
    Warnings ignored
    Despite years of repeated warnings, cybersecurity surrounding weapons systems has been surprisingly ignored. In 1991, the National Research Council reported "as computer systems become more prevalent, sophisticated, embedded in physical processes, and interconnected, society becomes more vulnerable to poor system design, accidents that disable systems, and attacks on computer systems. Without more responsible design and use, system disruptions will increase, with harmful consequences for society. "
    The warnings by the GAO began in 1996, when the auditing agency warned that the internet could provide enemies with a cheap and easy method to cause catastrophic damage to connected systems. In 2013, the Defense Science Board warned that "in today's world of hyper-connectivity and automation, any device with electronic processing, storage, or software is a potential attack point and every system is a potential victim - including our own weapons systems."

    Perhaps worst of all; the GAO claims that despite documented instances of "mission-critical cyber vulnerabilities," Pentagon officials who met with the GAO testers brushed off their concerns - insisting that their systems were secure, and "discounted some test results as unrealistic."
    The GAO acknowledge that the tests were performed on computerized weapons systems that are still under development - and that hackers are unable to infiltrate current weapons systems in the field. If and when the next-gen weapons are deployed, however, the threat becomes real according to the GAO.
    "It looks grim unless they see this as a wake-up call and they start taking action in a serious manner," said GAO employee and co-author of the report, Christina Chaplin.
    Answering questions in a podcast, Chaplin said that one of the reasons these new computerized weapons systems are so vulnerable to hacks is because, until recently, the DOD didn't prioritize "cyber" as part of the development process, "but it has begun to grasp the magnitude of the problem and taken a way of action."
    One way was by instituting better testing procedures, and the second was by setting "cyber" as a focus during the acquisition process of the many components part of these new systems.
    But despite this, the GAO report warns that if the DOD doesn't act on its own findings to patch the vulnerabilities its employees discover in their own software, then all their internal testing procedures are useless. -ZDNet
    The GAO report goes on to call out the DoD for their shoddy response to the vulnerabilities.
    For example, one test report indicated that only 1 of 20 cyber vulnerabilities identified in a previous assessment had been corrected. The test team exploited the same vulnerabilities to gain control of the system. When asked why vulnerabilities had not been addressed, program officials said they had identified a solution, but for some reason it had not been implemented. They attributed it to contractor error.
    "There's also a culture right now at the DOD were we feel like the extent of the problem isn't really appreciated at the program level," Chaplin said. "The DOD has a lot of work ahead of it to overcome some cultural issues."
    While the GAO doesn't specify the weapons systems involved out of national security concerns, they did say that the systems are heavily computerized and many of them networked together - making them attractive targets for enemies of the United States after they are deployed in the field.
    "Nearly every conceivable component in DOD is networked," the report reads. "Weapon systems connect to DOD's extensive set of networks--called the DOD Information Network--and sometimes to external networks, such as those of defense contractors. Technology systems, logistics, personnel, and other business-related systems sometimes connect to the same networks as weapon systems. Furthermore, some weapon systems may not connect directly to a network, but connect to other systems, such as electrical systems, that may connect directly to the public Internet."

    We wonder how vulnerable China or Russia's next-gen weapons systems are?

    https://www.zerohedge.com/news/2018-...ngly-easy-hack
    If you're gonna fight, fight like you're the third monkey on the ramp to Noah's Ark... and brother its starting to rain. Join our efforts to Secure America's Borders and End Illegal Immigration by Joining ALIPAC's E-Mail Alerts network (CLICK HERE)

  2. #2
    Senior Member Judy's Avatar
    Join Date
    Aug 2005
    Posts
    55,883
    There is just absolutely no excuse for this and the military leadership needs a 1,000 lashings for ever allowing something like this to occur. President Trump needs to order them to fix this, fix it right and fix it now.

    And these Generals like want to tell Trump what to do when they can't even secure their own weapons software?

    Shameful.
    Last edited by Judy; 10-11-2018 at 07:16 AM.
    A Nation Without Borders Is Not A Nation - Ronald Reagan
    Save America, Deport Congress! - Judy

    Support our FIGHT AGAINST illegal immigration & Amnesty by joining our E-mail Alerts at https://eepurl.com/cktGTn

  3. #3
    Senior Member Airbornesapper07's Avatar
    Join Date
    Aug 2018
    Posts
    61,615
    If you're gonna fight, fight like you're the third monkey on the ramp to Noah's Ark... and brother its starting to rain. Join our efforts to Secure America's Borders and End Illegal Immigration by Joining ALIPAC's E-Mail Alerts network (CLICK HERE)

  4. #4
    Senior Member Airbornesapper07's Avatar
    Join Date
    Aug 2018
    Posts
    61,615
    10-1 odds the F-35 has china made microchips in it
    If you're gonna fight, fight like you're the third monkey on the ramp to Noah's Ark... and brother its starting to rain. Join our efforts to Secure America's Borders and End Illegal Immigration by Joining ALIPAC's E-Mail Alerts network (CLICK HERE)

  5. #5
    Senior Member Airbornesapper07's Avatar
    Join Date
    Aug 2018
    Posts
    61,615
    If you're gonna fight, fight like you're the third monkey on the ramp to Noah's Ark... and brother its starting to rain. Join our efforts to Secure America's Borders and End Illegal Immigration by Joining ALIPAC's E-Mail Alerts network (CLICK HERE)

  6. #6
    Senior Member Airbornesapper07's Avatar
    Join Date
    Aug 2018
    Posts
    61,615
    If you're gonna fight, fight like you're the third monkey on the ramp to Noah's Ark... and brother its starting to rain. Join our efforts to Secure America's Borders and End Illegal Immigration by Joining ALIPAC's E-Mail Alerts network (CLICK HERE)

Similar Threads

  1. Toys "R" Us plans to close more than 180 U.S. stores
    By JohnDoe2 in forum Other Topics News and Issues
    Replies: 1
    Last Post: 01-24-2018, 12:43 PM
  2. O'REILLY Takes on 'MIKEY' "WEINSTEIN, THE PENTAGON "TOLERANCE" CONSULTANT
    By AirborneSapper7 in forum General Discussion
    Replies: 1
    Last Post: 05-04-2013, 07:32 AM
  3. Toys "R" Us recalls China-made wood coloring cases
    By jp_48504 in forum Other Topics News and Issues
    Replies: 3
    Last Post: 09-02-2007, 09:35 PM
  4. "Thomas and Friends" railway toys recalled (CHINA)
    By jp_48504 in forum Other Topics News and Issues
    Replies: 0
    Last Post: 06-14-2007, 02:41 PM
  5. PIN Scandal "Worst Hack Ever;" Citibank Only The S
    By jp_48504 in forum Other Topics News and Issues
    Replies: 3
    Last Post: 03-11-2006, 11:16 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •