Hackers thought to be from the Ministry of State Security (MSS) division in Guangdong, linked to the Chinese government, have stolen over 614GB of sensitive data from the computer systems of a US Navy contractor. The contractor was working with the Naval Undersea Warfare Centre (a submarines and underwater weaponry R&D organisation) when the data was stolen over a two-month period in January and February this year.
The hackers stole the data that was stored on the contractor’s unclassified network. The compromised data included signals and sensor data, Navy’s electronic warfare library as well as cryptographic systems information. Additionally, information relating to a top-secret project named ‘Sea Dragon’ was stolen. The only new detail released relating to this project was that it aims to integrate “an existing weapon system with an existing Navy platform”. From previous reports, we know that Sea Dragon is part of a Pentagon initiative to adapt existing US military technologies for new applications and that since 2015 about $395 million has been spent on the project.
Although the stolen data was unclassified an official has explained that when combined it could be considered as classified.
This is not the first time that China has been linked to US hacks. In 2015 China targeted the US’s Office of Personnel Management and stole data which resulted in the personal information of as many as 25 million federal workers and contractors being compromised. Another major attack on Woods Hole Oceanographic Institution a US scientific research centre, that undertakes work with the Navy as well, was similarly linked to China.
The US Navy is investigating the breach along with the Pentagon and Federal Bureau of Investigation (FBI). Further details of the breach have been withheld for national security purposes.
Control your data and its security, don’t rely on someone else to do it
There is definitely an increasing cyberwar between the US and China but this breach (among previous ones) also reveals the continuing struggle the US government has with regards to keeping their data secure when in the hands of third parties. Many previous breaches have resulted from a third party being compromised where the data was unprotected.
A high-level breach like this shows that third parties (in this case a contractor) are often successful entry points for hackers into the target organisation.
Many organisations outsource work and depend heavily on third parties for a variety of functions. Every party that interacts with an organisation, in this way, could be a hacker’s potential entry point. This attack vector is proving successful time and time again.
No one is immune to attack
Additionally, this incident demonstrates that anyone and any organisation (no matter their size) is vulnerable to such an attack. If hackers are successfully targeting highly regulated entities and they are falling victim, it shows that any organisation is potentially vulnerable too.
A couple of lessons to learn from this
Firstly, the importance of protecting the data. If the data were secured, it would not be usable to the hackers and the impact significantly reduced. Make sure the data is protected at all stages, in transit and at rest, within your organisation and in the hands of a third party. Protect it and manage it appropriately. A data-centric approach to security enables you to protect the data no matter where it is.
Secondly, the importance of ensuring that your organisation’s security policies and data protection policies extend to the third parties that you interact with too. There is no point following strict data protection rules within your organisation only to throw caution to the wind when it leaves. You must ensure that your third parties handle the data in the same secure manner. Alternatively, don’t allow your sensitive data to leave and instead let your third parties access the data on your terms and within your environment.
Lastly, education. It is so important that employees, contractors, suppliers-everyone that your organisation deals with have up to date training on how to work in a safe and secure way and be knowledgeable of the types of attacks impacting so many and so often.
In order to improve our security posture and have the best chance of countering such attacks, we must identify our weaknesses and fill those gaps in our security.
News Source: The Washington Post and New York Times