The NYT has a story about a mock US aircraft carrier Iran is building, its sources say, so Iran can blow it up for the propaganda value.
Iran is building a nonworking mock-up of an American nuclear-powered aircraft carrier that United States officials say may be intended to be blown up for propaganda value.
This has set off chatter about how weird and dumb Iran is for building this giant toy boat, which US sources call the Target Barge.
But pretty soon after I started reading the article I found myself applying the phrases in it to America’s F-35 program which, in many ways, is an even bigger propaganda prop. See how it looks when you swap out Iran’s barge for the F-35?
Intelligence officials do not believe that the US is capable of building an actual F-35.
“Based on our observations, this is not a functioning plane; it’s a large spending program built to look like an plane,” said Cmdr. Jason Salata, a spokesman for the Navy’s Fifth Fleet in Bahrain, across the Persian Gulf from Lockheed. “We’re not sure what the US hopes to gain by building this. If it is a big propaganda piece, to what end?”
“It is not surprising that American military forces might use a variety of tactics — including military deception tactics — to strategically communicate and possibly demonstrate their resolve in air power,” said a Chinese official who has closely followed the construction of the F-35.
[T]he Pentagon has taken no steps to cloak from prying Chinese hackers what it is building in pork-laden building sites across several countries. “The system is often too opaque to understand who hatched this idea, and whether it was endorsed at the highest levels,” said Karim Sadjadpour, an American expert at the Carnegie Endowment for International Peace.
See what I mean?
Opacity of purpose.
Failure to provide adequate security.
Probable impossibility to bring to completion.
I’m not all that sure what distinguishes the F-35 except the cost: Surely Iran hasn’t spent the equivalent of a trillion dollars — which is what we’ll spend on the F-35 when it’s all said and done — to build its fake boat.
So which country is crazier: Iran, for building a fake boat, or the US for funding a never-ending jet program?
Reuters has a report I found sort of punny, about how white hat hackers had managed to break into the computer systems of the lead ship of the Navy’s Littoral Combat Ship program, the USS Freedom.
A Navy team of computer hacking experts found some deficiencies when assigned to try to penetrate the network of the USS Freedom, the lead vessel in the $37 billion Littoral Combat Ship program, said the official, who spoke on condition of anonymity.
The Freedom arrived in Singapore last week for an eight-month stay, which its builder, Lockheed Martin Corp., hopes will stimulate Asian demand for the fast, agile and stealthy ships.
It may be ironic that Lockheed had a ship get hacked just before it sent the ship out on a sales trip to Asia. (Asia! Where our most fear hacking-rival is!)
But … um, Lockheed?
Lockheed, of course, couldn’t keep the F-35 program safe from hackers either, and that time it wasn’t white hats doing the hacking.
Before the government imposes fines for companies unwilling to sacrifice the security of their systems to program in a backdoor, as the WaPo reports is being debated …
A government task force is preparing legislation that would pressure companies such as Facebook and Google to enable law enforcement officials to intercept online communications as they occur, according to current and former U.S. officials familiar with the effort.
Susan Landau, a former Sun Microsystems distinguished engineer, has argued that wiring in an intercept capability will increase the likelihood that a company’s servers will be hacked. “What you’ve done is created a way for someone to silently go in and activate a wiretap,” she said. Traditional phone communications were susceptible to illicit surveillance as a result of the 1994 law, she said, but the problem “becomes much worse when you move to an Internet or computer-based network.”
Marcus Thomas, former assistant director of the FBI’s Operational Technology Division, said good software coders can create an intercept capability that is secure. “But to do so costs money,” he said, noting the extra time and expertise needed to develop, test and operate such a service.
… Maybe we ought to instead focus on Lockheed’s apparent inability to keep the hundreds of billion dollar weapons systems it produces safe from hackers?
Remember how, before the election, Lockheed threatened to send out layoff notices to all its employees just before the election because sequestration might force it to layoff 10,000 employees?
Here’s the actual state of affairs for defense contractors:
The biggest defense companies’ share value has soared faster than the stock market since sequester spending cuts began on March 1.
While the S&P is up 3.7 percent and the Dow Jones industrial average has risen 4.3 percent, Boeing has jumped 9.6 percent, Lockheed Martin is up 8.3 percent. Northrop Grumman has climbed 6.1 percent and Raytheon is up 6 percent.
No major defense layoffs tied to the sequester have been announced under the Worker Adjustment and Retraining Notification (WARN) Act, despite predictions during the heat of the 2012 presidential campaign when companies pressed Congress to turn off the automatic cuts.
Defense experts say the sequester will inflict pain on the defense sector, but the pace of the cuts will not help contractors make their case. “There are real impacts here on national security from what this is going to do to the defense industrial base, but it’s not this year, it’s not even next year — and will anyone be listening by the time those effects become evident?” said Todd Harrison, a defense budget analyst at the Center for Strategic and Budgetary Assessments.
And all that’s before you consider the $334 MLockheed itself got before the sequester just to protect the F-35 program.
So while actual government employees are dealing with cuts and other resources are being cut, the defense industry still has a year before they’re going to feel the pinch.
This was all predictable (I’m pretty sure DDay laid it all out, back in the day). But it’s nice to know the parts of our economy that DC really care about — the warmaking, campaign donating ones — are still doing swimmingly under austerity.
Over the last week, two perennial stories have again dominated the news. China continues to be able to hack us — including top DC power players — at will. And the F-35 has suffered another setback, this time a crack in an engine turbine blade (something which reportedly happened once before, in 2007).
The coincidence of these two events has got me thinking (and mind you, I’m just wondering out loud here): what if China did more than just steal data on the F-35 when it hacked various contractors, and instead sabotaged the program, inserting engineering flaws into the plane in the same way we inserted flaws in Iran’s centrifuge development via StuxNet?
We know China has hacked the F-35 program persistently. In 2008, an IG report revealed that BAE and some of the other then 1,200 (now 1,300) contractors involved weren’t meeting security requirements; last year an anonymous BAE guy admitted that the Chinese had been camped on their networks stealing data for 18 months. In April 2009, WSJ provided a more detailed report on breaches going back to 2007.
The Joint Strike Fighter, also known as the F-35 Lightning II, is the costliest and most technically challenging weapons program the Pentagon has ever attempted. The plane, led by Lockheed Martin Corp., relies on 7.5 million lines of computer code, which the Government Accountability Office said is more than triple the amount used in the current top Air Force fighter.
Six current and former officials familiar with the matter confirmed that the fighter program had been repeatedly broken into.
As first started leaking last week, Lockheed Martin seems to have been hacked.
Last weekend was bad for a very large U. S. defense contractor that uses SecureID tokens from RSA to provide two-factor authentication for remote VPN access to their corporate networks. Late on Sunday all remote access to the internal corporate network was disabled. All workers were told was that it would be down for at least a week. Folks who regularly telecommute were asked to come into nearby offices to work. Then earlier today (Wednesday) came word that everybody with RSA SecureID tokens would be getting new tokens over the next several weeks. Also, everybody on the network (over 100,000 people) would be asked to reset their passwords, which means admin files have probably been compromised.
What seems to have happened is hackers used information gotten in the RSA Data Security hack to try to break Lockheed’s own security–basically, Lockheed noticed that hackers were trying to use the keys they stole in March to open a bunch of locks at Lockheed. Lockheed appears to have discovered the effort and in response, started shutting down remote access on parts of its network.
Lockheed Martin, the Pentagon’s No. 1 supplier, is experiencing a major disruption to its computer systems that could be related to a problem with network security, a defense official and two sources familiar with the issue said on Thursday.
Lockheed, the biggest provider of information technology to the U.S. government, is grappling with “major internal computer network problems,” said one of the sources who was not authorized to publicly discuss the matter.
The slowdown began on Sunday after security experts for the company detected an intrusion to the network, according to technology blogger Robert Cringely. He said it involved the use of SecurID tokens that employees use to access Lockheed’s internal network from outside its firewall,
Loren Thompson, chief operating officer of the Lexington Institute, and a consultant to Lockheed, said the company monitored every node on its vast global computer network from a large operations center in a Maryland suburb near Washington, D.C.
“If it sees signs that the network is being compromised by outsiders it will shut down whole sectors of the network to protect information,” Thompson said.
He said Lockheed had advanced networking monitoring tools that gave it a “much better understanding of their systems’ status than most other organizations, including the Department of Defense.”
In other words, Lockheed may have prevented a much bigger breach into their own systems. But the assumption of many is that other companies might not have noticed what Lockheed did. Stories on this hack all feature a list of other defense contractors–like Boeing and Raytheon and Northrup Grumman–who “decline to comment,” which might mean they’re scrambling to address the same problem Lockheed is, only trying to do so without all the bad PR.
Now, most observers of this hack have suggested that the hackers–who might work for a state actors or some other sophisticated crime group–were after Lockheed’s war toy information (which partly explains why you’d ask Lockheed’s aerospace competitors if they’d been hacked too). But remember that Lockheed does a lot for the government besides build planes. Of particular note, they’re a huge NSA contractor. Maybe the hackers were after info on jet fighters, or maybe they were after the data and data collection programs our own government hides from its own citizens.
Which is all a reminder that, amidst the sound and fury directed at WikiLeaks (which after all shared important information with citizens who deserved to know it), there’s a whole lot more hacking we don’t learn the results of, hacking that either might result in others adopting our lethal technologies, or in third parties stealing the data we’re not even allowed to know.
Now, granted, Lockheed has far far better security than DOD’s SIPRNet does. At least they’re trying to protect their data. But it’s not clear they–or their counterparts–are entirely successful.
Remember the Counterintelligence Field Activity (CIFA)? Here’s how I described it back in 2007.
CIFA is, along with the National Security Letters Congress is now cracking down on, probably the biggest abuse of civil rights and privacy BushCo has hatched up. It was designed to gather intelligence on threats to defense installments in the United States–to try to collect information (in the TALON database) on threatening people scoping out domestic bases. But it ended up focusing on peace activists and the lefty blogosphere’s own Jesus’ General. 70 percent of CIFA’s employees are contractors, a figure that makes it a prime candidate for politicized contracting scandal.
Among the contractors spying on Americans was MZM, one of the companies that bribed Duke Cunningham. Prosecutors in that case started investigating MZM’s CIFA contracts in May 2006. Three months after that, the top two managers at CIFA, who had directed CIFA keep sending MZM contracts, resigned suddenly. When DOD’s Inspector General tried to investigate CIFA in 2007, it discovered (it claimed) that the entire CIFA database had been destroyed in June 2006, just as prosecutors were closing in on those contracts.
Later, in 2008, just as CIFA was claiming it couldn’t publicly reveal its unclassified contracts, we learned that Stephen Cambone (who had led one of the inquiries into CIFA), had won a contract from it, sort of a payoff for not finding anything, I guess.
Later that year, DOD “disestablished” CIFA.
Or rather, they renamed it, calling it the Defense Counterintelligence and Human Intelligence Center. Then, last year, we learned that database DOD claimed had been destroyed in 2006 really hadn’t been, and CIFA 2.0 was getting back in the business of keeping a database of information on big threats to the US like Quakers and bloggers.
The Defense Intelligence Agency wants to open a new repository for information about individuals and groups in what appears to be a successor to a controversial counterintelligence program that was disbanded in 2008.
The new Foreign Intelligence and Counterintelligence Operation Records section will be housed in DIA’s Defense Counterintelligence and Human Intelligence Center, or DCHC, formed after the demise of the Counterintelligence Field Activity, or CIFA, according to an announcement that appeared Tuesday in the Federal Register.
The “activity” was disbanded, but evidently not its records database, which seems to be headed to the new unit. One of the criticisms of CIFA was that it vacuumed up raw intelligence on legal protest groups and individuals from local police and military spies.
When the DCHC was launched in 2008, the Pentagon said “it shall NOT be designated as a law enforcement activity and shall not perform any law enforcement functions previously assigned to DoD CIFA.”
Why the new depository would want such records while its parent agency no longer has a law enforcement function could not be learned. Not could it be learned whether the repository will include intelligence reports on protest groups gathered by its predecessor, CIFA.
The only thing left, at that point, was to figure out what defense contractor was getting rich spying on American citizens.
The answer? Lockheed Martin.
Lockheed Martin has openings for talented and motivated professionals in the counterintelligence (CI) field to be part of an evolving and highly specialized team that will provide direct support to the Defense Intelligence Agency’s (DIA) Defense Counterintelligence and Human Intelligence Center (DCHC).
The team Lockheed Martin is assembling a team which will function in CI areas such as: force protection; support to Joint Terrorism Task Force (JTTF); CI in Cyberspace; research, development and acquisitions; critical infrastructure protection; CI support to Offensive CI Operations; analysis & production (A&P); collections; campaigns; policy; assessments; TSCM; security; information assurance, and Enterprise governance support (administrative).
Not only is the entire concept wrong, using contractors to spy on Quakers and bloggers. Not only is it especially troublesome that Lockheed–a company with close ties to NSA–is doing this work (which would make it easy for reports from physical surveillance to migrate into the signals surveillance NSA does). But note what else is now included in CIFA 2.0: “CI in Cyberspace.” That is, Lockheed with its close ties to NSA is now in charge of spying on those claimed to present an online counterintelligence threat to the United States. And maybe doing things like hacking a media site to try to exercise illegal prior restraint.
Tomorrow and Wednesday, the WaPo will continue its series on the Intelligence Industrial Complex. It will describe the contractors in the BWI/Fort Meade area that contribute to the NSA’s surveillance programs. According to the DNI’s Director of Communications, that story will describe the contractors in the vicinity, but not say explicitly that those contractors clustered around Fort Meade are working for the NSA.
The Post advises that “links” between individual contractors and specific agencies have been deleted, although the Post will still cite contractors and their locations.
Here’s the WaPo’s description of how it acceded to spy officials’ requests not to include maps like this one–showing one of Lockheed Martin’s extensive locations in the neighborhood of Fort Meade (anyone who has taken the train to BWI will pass another of these locations)–in its database.
Because of the nature of this project, we allowed government officials to see the Web site several months ago and asked them to tell us of any specific concerns. They offered none at that time. As the project evolved, we shared the Web site’s revised capabilities. Again, we asked for specific concerns. One government body objected to certain data points on the site and explained why; we removed those items. Another agency objected that the entire Web site could pose a national security risk but declined to offer specific comments.
We made other public safety judgments about how much information to show on the Web site. For instance, we used the addresses of company headquarters buildings, information which, in most cases, is available on companies’ own Web sites, but we limited the degree to which readers can use the zoom function on maps to pinpoint those or other locations.
Nevertheless, an anonymous official–who sounds an awful lot like Acting Director of National Intelligence David Gompert did in his official statement–is already out bitching about the contractor database the WaPo published as part of this series.
The database the Washington Post compiled during its “Top Secret America” two year investigation is “troubling,” one administration official told me this morning, saying it could become a road map for adversaries – a charge reporter William Arkin denied on “GMA.”
“We’ve been through months now of negotiations and discussions with the government. I don’t think there is anything here that would do harm to national security,” Arkin told me. “And frankly I’m an American as well and I don’t want to do any harm to American national security.”
The official also told me that President Obama and his team are committed to intelligence reform — calling it a “central issue” – and said the system basically worked preventing another major attack and taking out 10 of the top 20 Al Qaeda leaders. But Arkin argued otherwise – saying it is important to counter what “the government would like to put out as the good news.”
Now, this anonymous official (who sounds like David Gompert did) may have been smart enough to know that George Stephanopoulos would obediently grant him anonymity to conduct the pushback ODNI was planning even before they read the article (nice stenography, Steph!). But he apparently believes our adversaries limit their research to the DeadTree press and couldn’t figure out that Lockheed Martin works for NSA (among other agencies) via other means. This anonymous official apparently believes our adversaries couldn’t do what Tim Shorrock did when he established the ties between Lockheed and NSA.
NATIONAL SECURITY AGENCY. Lockheed Martin has extremely close and long-standing ties with the NSA. In the mid-1950s it built the U-2 spy plane that played a key role in the Cold War and conducted some of the NSA’s initial research in signals collection. “The U-2 has been the backbone of our nation’s airborne intelligence collection operations for several decades and continues to provide unmatched operational capabilities in support of Operation Enduring Freedom,” Lockheed Martin states in its 2008 annual report. The U-2 “is expected to continue to provide leading-edge intelligence collection capabilities for years to come.”
The company’s extensive contracts with the NSA first became public in 1997. That year, Margaret Newsham, a contract engineer working for Lockheed Space and Missile Corporation at an NSA listening post in the United Kingdom, disclosed to Congress the existence of Echelon. This global surveillance network is run by the NSA and its counterparts in Britain, Australia, New Zealand, and Canada. She made the disclosure after hearing NSA intercepts of international calls placed by Sen. Strom Thurmond, the conservative South Carolina Republican. Her revelations sparked a spate of Congressional inquiries into whether the NSA was illegally listening in on domestic conversations. The discussions, led by a Republican civil libertarian, Rep. Bob Barr of Georgia, presaged the intense debate that would follow the 2005 revelations about President Bush’s “Terrorist Surveillance Program.” In July 1998 a report commissioned by the European Parliament confirmed that, through Echelon, the United States, and its closest allies had the capability to intercept most European phone calls, emails, and data communications, as well as the technology to decode almost any encrypted communication. This revelation sparked deep suspicion in European capitals that NSA was using Echelon to capture European business intelligence and trade secrets and pass them to U.S. companies.
Under a contract signed in 2005, Lockheed Martin provides an integrated electronic security system to protect NSA facilities in the Washington area. A similar system is in place at the Pentagon and dozens of U.S. military facilities abroad.
And then there are the other ways to figure this out. I first copped on to Lockheed’s ties to NSA when I noted there seemed to be a closer tie between Lockheed campaign contributions and Democrats who voted in favor of retroactive immunity on the FISA Amendments Act than contributions from AT&T.
Of course, presumably this anonymous official does know that our adversaries are not as dumb as he claims.
Which suggests it’s not our adversaries the anonymous official is really worried about. God forbid the citizens of this country–the average readers of the WaPo rather than those with training in intelligence that makes such research a cinch–find out who has been analyzing all the phone data collected in the guise of counterterrrorism.
This one is for Mary, who sent me the link from the road. As everyone knows, once you earn your bones in the Bush DOJ on torture and/or illegal wiretapping, you get a plum position in the private world. As Mary has consistently pointed out, Jim Comey got jumped in to the gang that couldn’t torture straight when he invoked state secrets to cover for Larry Thompson and other malfeasants in the Maher Arar case. For that fine work, Comey is now General Counsel at Lockheed Martin Aerospace while Thompson had to settle for the General Counsel slot at PepsiCo. But today is about Comey’s current crew, Lockheed.
The Wall Street Journal has an article out describing the fine educational possibilities provided the world community by the American military-industrial complex:
Lockheed Martin Corp. became the nation’s No. 1 military contractor by selling cutting-edge weaponry like the F-35 Joint Strike Fighter.
Its latest contribution to the U.S. arsenal: training prosecutors in Liberia’s Justice Ministry.
The U.S. government has hired the defense contractor to test an emerging tenet of its security policy. Called “smart power,” it blends military might with nation-building activities, in hopes of boosting political stability and American influence in far-flung corners such as Liberia.
Yep, the makers of strike fighters, cruise missiles and other niceties of global thermonuclear war, are gonna school up the new justice class in Liberia. Really, what could go wrong??
Defense firms are eager to oblige. “The definition of global security is changing,” says Lockheed’s Chairman and Chief Executive Robert Stevens. He wants the maker of the Air Force’s most advanced fighters to become a central player in the U.S. campaign to use economic and political means to align countries with American strategic interests.
Last year, Lockheed had two of its highest profile programs, the F-22 Raptor fighter and a fleet of presidential helicopters, ended by the Obama administration. Now, Lockheed is one of several defense firms expected to bid for a State Department contract to support “criminal justice sector development programs world-wide,” that could be worth up to $30 billion over five years.
Well, that does seem like a promising business opportunity and, hey, why should Halliburton and Blackwater/Xe get all the fun and Ferengi profit?
Morgan Stanley defense analyst Heidi Wood says Lockheed’s early push into this realm sets it apart from competitors. It is too soon to pinpoint a financial impact, she says, but the moves will pay off. “It’s a complete paradigm change.”
Yeah, ya think?? I wonder what kind of homework the Lockheed law professors assign? Read the entire WSJ article, it is worth it.
Now, to be fair, Jim Comey is not specifically referenced in the comprehensive article, but there is little question but that he is the top prosecutorial experience Lockheed possesses and, really, a joint with the history of Liberia would be the perfect place for former Bush/Cheney prosecutors to impart their “special” skills. It could all fit so nicely.