- The Washington Post obtained a classified list of U.S. weapons systems that have been compromised by Chinese hackers.
- Compromised systems included some ballistic missile defense systems and combat ships and aircraft, including the F-35 Joint Strike Fighter.
- The list was part of a report by the Defense Science Board to the Pentagon to improve cybersecurity.
- Independent security experts called the systems included in the list of those compromised "staggering."
The activity Chinese hackers trying to infiltrate -- sometimes successfully -- U.S. companies, private entities like media organizations and government sectors is well known at this point and is only expected to increase. A new confidential report obtained by the Washington Post has security experts shocked at the "very critical weapons systems" the hackers could have compromised.
This report was released to the public in January, but there was a confidential version given to the Pentagon that has been found to list a set of weapons systems compromised by Chinese hackers. (Image: Office of the Under Secretary of Defense for Acquisition, Technology and Logistics)
In January the Defense Science Board released a public version of a report prepared for the Pentagon regarding suggestions to improve the resilience of Defense Department systems against cyberattacks. A classified version though included a list of compromised weapons designs.
The Post obtained this list and had independent experts review it.
“That’s staggering,” Mark Stokes, executive director of the Project 2049 Institute, said to the Post. “These are all very critical weapons systems, critical to our national security. When I hear this in totality, it’s breathtaking.”
Here is some of what the Post reported as compromised:
Some of the weapons form the backbone of the Pentagon’s regional missile defense for Asia, Europe and the Persian Gulf. The designs included those for the advanced Patriot missile system, known as PAC-3; an Army system for shooting down ballistic missiles, known as the Terminal High Altitude Area Defense, or THAAD; and the Navy’s Aegis ballistic-missile defense system.
Also identified in the report are vital combat aircraft and ships, including the F/A-18 fighter jet, the V-22 Osprey, the Black Hawk helicopter and the Navy’s new Littoral Combat Ship, which is designed to patrol waters close to shore.
Also on the list is the most expensive weapons system ever built — the F-35 Joint Strike Fighter, which is on track to cost about $1.4 trillion. The 2007 hack of that project was reported previously.
Watch CBS' report regarding the compromised system list:
The Pentagon declined speaking with the Post about the report, but a spokesperson did say the DoD "has growing concerns about the global threat to economic and national security from persistent cyber-intrusions aimed at the theft of intellectual property, trade secrets and commercial data, which threatens the competitive edge of U.S. businesses like those in the Defense Industrial Base.”
F-35C Lightning II (Photo: United States Navy)
These are some of the issues compromised systems pose, according to the Post's experts:
First, access to advanced U.S. designs gives China an immediate operational edge that could be exploited in a conflict. Second, it accelerates China’s acquisition of advanced military technology and saves billions in development costs. And third, the U.S. designs can be used to benefit China’s own defense industry. There are long-standing suspicions that China’s theft of designs for the F-35 fighter allowed Beijing to develop its version much faster.
In other words, Stokes said, “if they have a better sense of a THAAD design or PAC-3 design, then that increases the potential of their ballistic missiles being able to penetrate our or our allies’ missile defenses.”
Winslow T. Wheeler, director of the Straus Military Reform Project at the Project on Government Oversight, made a similar point. “If they got into the combat systems, it enables them to understand it to be able to jam it or otherwise disable it,” he said. “If they’ve got into the basic algorithms for the missile and how they behave, somebody better get out a clean piece of paper and start to design all over again.”
A senior military official told the Post the hackers helped save China billions of dollars and 25 years worth of research and development with such a breach.
Although none of the companies that had created weapons systems on the compromised list -- Boeing, Lockheed Martin, Raytheon and Northrop Grumman -- would comment on a breach of their own systems, the Post did report Northrop Grumman spokesman Randy Belote at least saying the company “is experiencing greater numbers of attempts to penetrate its computer networks." Belote included though that the company is "vigilant" about protection of the network.
At the same time, another government agency -- Australian Security Intelligence Organization -- might have experienced a recent hack by the Chinese as well.
Australian Broadcasting Corp. television reported on Monday night that the plans for the 630 million Australian dollar ($608 million) spy agency's new headquarters building had been stolen through a cyberattack on a building contractor. Blueprints that included details such as communications cabling, server locations and security systems had been traced to a Chinese server, the network reported.
Des Ball, an Australian National University cybersecurity expert, said China could use the blueprints to bug the building, which is nearing completion in Canberra, the capital, after lengthy construction delays.
Ball told the ABC that given the breach, ASIO would either have to operate with "utmost sensitivity" within its own building or simply "rip the whole insides out and ... start again."
Attorney General Mark Dreyfus, the minister in charge of the spy agency, on Tuesday refused to confirm or deny the report, citing a longstanding government policy of declining to comment on security matters. He called the allegations "unsubstantiated."
Chinese Foreign Ministry spokesman Hong Lei said China opposed hacking in any form and questioned what evidence the ABC report relied on.
"Since it is technically untraceable, it is very difficult to find the source and identify the hacker," Hong said. "Therefore we have no idea what is the evidence for their report in which they make the claim with such certainty."
The Associated Press contributed to this report.