BAE F-35 Hack Confirmed

I’ve long complained that the government’s obsession with WikiLeaks is badly misplaced. After all, DOD and some of its contractors simply can’t keep their networks secure from Chinese hackers. So if our chief rival can take what it wants, why worry so much that actual American citizens have access to what China can take with abandon?

Case in point. The Australian has confirmed what was initially reported three years ago: China hacked BAE to steal performance information on the F-35.

CHINESE spies hacked into computers belonging to BAE Systems, Britain’s biggest defence company, to steal details about the design, performance and electronic systems of the West’s latest fighter jet, senior security figures have disclosed.

The Chinese exploited vulnerabilities in BAE’s computer defences to steal vast amounts of data on the $300 billion F-35 Joint Strike Fighter, a multinational project to create a plane that will give the West air supremacy for years to come, according to the sources.

[snip]

One of those present said: “The BAE man said that for 18 months, Chinese cyber attacks had taken place against BAE and had managed to get hold of plans of one of its latest fighters.”

This plane will have taken more than $385 billion to develop and will take $1 trillion to sustain. It is the most expensive weapons system in history. And yet for 18 months, the Chinese were just living on (at least) BAE’s networks taking what they wanted. How much of the considerable cost and rework on this program comes from the data on it China has stolen along the way?

In fact, I’m wondering whether China isn’t borrowing from our own playbook: during the Cold War, we made Russia go bankrupt by engaging in an arms race it couldn’t afford. China doesn’t need to do that. By hacking our data, they can just make us go bankrupt by setting up an arms race between our contractors and its hackers. With the result that we build a trillion dollar plane that it can already exploit.

And yet the government’s priority seems to be shutting up leakers who reveal its crimes, not networks that reveal our biggest military secrets.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

9 replies
  1. MadDog says:

    “…In fact, I’m wondering whether China isn’t borrowing from our own playbook: during the Cold War, we made Russia go bankrupt by engaging in an arms race it couldn’t afford…”

    Another unlikely alternative is that we deliberately allowed the Chinese to steal the F-35 plans so they would use it to waste all of their money building a fleet of fighter pigs planes they too couldn’t afford.

    Nah, we ain’t that subtle.

  2. emptywheel says:

    @MadDog: Well, that’s the genius of the Chinese approach. They don’t actually have to build the planes, or can build them at great delay (they’re accruing power through soft power and econmic might in any case, they don’t really need the planes). And an army of hackers in China is a lot cheaper than an army of defense contractors in the US and UK.

  3. prostratedragon says:

    Hmmm, kind of rhymes with the previous post, but with the scary additional thought that the nature of the real threat here might not even be appreciated. (I take as given that the source of the real mortgage fraud problem is well-understood at FBI.)

    Precision-guided weapons, blunderbuss minds.

  4. Frank33 says:

    CHINESE spies hacked into computers belonging to BAE Systems, Britain’s biggest defence company

    The Internet never forgets. “Classified” information, with a Gateway to the Internet can, and will be attacked. This information can be stolen and the theft is undetected. Also Microsoft is aiding and abetting Chinese computer terrorists, with their built in, security holes. Presumably this successful attack was against Microsoft Operating Systems. With respect to security, Microsoft equals FAIL.

    Any critical systems, that are open to the public internet, have only themselves to blame, when their Bill Gates computers get Botted.

  5. Arbusto says:

    Remember that BAE, an ethics free Company, bought UDLP Ground Systems Division, so is embedded with the US MIC.

    PS Just went to their web page. Saw banner stating BAE’s ability in fighting cyber crime. How’s that working for Them?

  6. Snarki, child of Loki says:

    Microsoft is aiding and abetting Chinese computer terrorists, with their built in, security holes.

    Hard to say 100% for sure, but it does seem likely.

    The takeaway being that the National Security of the United States requires saturation bombing of Redmond. Oh, wait, the bombers are running Windows Vista! Abort, retry, continue?

  7. William Ockham says:

    Pursuing the wrong people/threats is the very definition of cybersecurity in the U.S.

    Our vaunted cybersecurity efforts have netted a few Anonymous members who were an annoyance at most and we have new legislation that will, um, do something (nobody is sure what). Meanwhile, there is no effective action against real threats like the one Marcy highlights above and the absolute lack of effective cybersecurity in our critical infrastructure (with the possible exception of nuclear plants which occasionally have some defenses).

Comments are closed.