GhostNet hacks into US-UK fighter project

27 Apr 2009

Cyber spies have once again hacked into a major US system – the target this time being the $300 billion joint strike fighter programme of the US forces and the British Royal Navy, which is aimed at homogenising the air defence needs of the two armed forces. The spy ring, widely dubbed GhostNet, is reported to be based in China, though the Chinese government has denied any involvement.

The news of the JSF hacking, first reported by the Wall Street Journal, has been confirmed by senior US defence officials, who admitted that thousands of confidential files on the 'F-35' multi-purpose fighter jet had been copied. The F-35, being designed in various versions of different capabilities, is meant to replace the multitude and wide variety of aircraft now in service with the two armed forces.

The report suggests that the computer systems of JSF contractors like Lockheed Martin, Northrop Grumman, and BAE Systems may also be compromised. However, the stolen material was not classified and of little strategic importance, since all pf the programme's vital data is stored in closed systems that cannot be reached through the internet.

The data copied was related to the design and electronic systems, such as self-diagnostics during flight and such publicly available matters. As the Journal itself said, what the spies accessed was data "responsible for diagnosing a plane's maintenance problems during flight."

Commentators say that the Journal's story was somewhat overblown, although true. The rival Washington Post quotes defence industry consultant Jim McAleese as saying, "They'll have very little information other than how you maintain the aircraft. They'd know, for example, at what number of hours do the engines get checked, or the procedures for maintaining the stealth coding, but they wouldn't have information about key parts."

The Wall Street Journal reported that ''Investigators traced the penetrations back with a "high level of certainty" to known Chinese Internet protocol addresses and digital fingerprints ''that had been used for attacks in the past''. However, such addresses are notoriously difficult to pin down.

After years of being accused and constantly denying such accusations, the Chinese have this time gone as far to say that their countrymen are not capable of carrying out such advanced cyber spying. China pointed the finger at hackers in advanced nations like the US, Russia and Israel, who have a higher level of expertise in such matters.

Lockheed Martin issued a statement saying, "To our knowledge, there has never been any classified information breach. Like the government, we have attacks on our systems continually and have stringent measures in place to detect and stop attacks."

According to US defence officials, the attacks have been occurring since 2007, but the hackers were clever enough to cover their tracks and masked the IP protocols to make the attacks appear to be originating from different parts of the world.

The US Department of Defence said that it conducts scans on its computers thousands of times a day since hackers are constantly trying to penetrate its military computer networks.

Since there is no single dedicated US agency to look into the country's cyber security, the Obama administration has proposed to create a senior White House post to co-ordinate efforts to guard from such cyber attacks.

The JSF project is perhaps the costliest defence project ever, and can be traced back to 1986 when a combined US and UK study explored a potential supersonic replacement for the UK's Harrier and Sea Harrier as well as replacing all the aging aircraft of the US like the F-16, A-10 and the F/A-18. The new aircraft are scheduled to enter service sometime next year.

China under a cloud
In March last year, the Pentagon admitted that in 2007, the defence networks in the US as well as computer networks of Germany, the UK and France were hit by multiple intrusions, with most of the intrusions originating from China.

In December 2007, British intelligence agency MI5 had warned Rolls-Royce, Royal Dutch Shell and about 300 banks in the UK of high level covert cyber attacks originating from China. However, the warning had come too late for Rolls-Royce and Royal Dutch Shell, which discovered that Chinese hackers had already infected Rolls-Royce's network with a Trojan that sent information back to a remote server; while Shell discovered a Chinese spying ring in Houston that was trying to gain access to confidential information on pricing of the company's operations in Africa.

Last year the US National Counter-intelligence agency banned all computer chips originating from China, since many US military suppliers were buying it for using in the manufacture of defence aircraft. This action came after the US suspected that China was supplying counterfeit routers and spy chips to US military suppliers to steal the country's aircraft data.  

Last month, Information Warfare Monitor (IWM) investigators from Ottawa, Canada said that while investigating a Chinese cyber attack against the Tibetan exile community and the computers used by the Dalai Lama, stumbled on a spy network originating from China that had hacked into classified documents on government and private computers in 103 countries.

The GhostNet had hacked the computers used by the Dalai Lama and Tibetan exiles as well as 1,295 computers belonging to NATO, foreign ministries, embassies, banks and news organisations across the world. IVM said that the GhostNet removed documents without the target's knowledge, while key-strokes were logged, web cameras were silently triggered and audio inputs activated.

They also discovered that the hackers had infiltrated into the systems in the embassies of India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan.

This month, the US homeland security secretary Janet Napolitano confirmed a Wall Street Journal report of 7 April that hackers backed by the Chinese government and Russian hackers had continuously broken into computers of the US electric grid network and installed control programmes that would allow them to disrupt service.

A US intelligence official had said at that time that the Chinese were trying to map the country's infrastructure, such as the electrical grid, and all major companies supplying electricity in the US were targeted in the attack and many of their systems compromised.

This month, Chinese spies had hacked into the mobile phones, computers and e-mail of Australian prime minister Kevin Rudd and officials accompanying him during a visit to Beijing. The blatant electronic espionage has prompted Australian intelligence officials to tighten the communications security for senior government officials traveling to China.

Intelligence officials in Australia also believe that the Chinese government had targeted the mining company Rio Tinto, which had been under cyber attack in the early stages of Chinese government-owned Chinalco's bid for the Anglo-Australian miner.

British intelligence chiefs have recently warned that China could have the expertise to shut down Britain by crippling its telecoms and utilities, while a Pentagon report issued last month said that the Chinese military has made "steady progress" in developing online-warfare techniques. China hopes its computer skills can help it compensate for an underdeveloped military, the report said.

It is well known in the global intelligence community that Hainan islands, situated in the southernmost  part of China, is the home to the Lingshui signals intelligence facility and the third technical department of the People's Liberation Army as well as China's secret nuclear submarine underground base that has been constructed by digging through the mountain overlooking the bay.

But global intelligence agencies find it very difficult to distinguish between state-sponsored hackers and individual hackers. Since the US is the most computerised country in the world, it is more prone to cyber warfare and cyber terrorism.