SoylentNews is people
SoylentNews
from the who's-aiming-that-thing,-anyhow? dept.
Submitted via IRC for chromas
Pentagon's new next-gen weapons systems are laughably easy to hack | ZDNet
New computerized weapons systems currently under development by the US Department of Defense (DOD) can be easily hacked, according to a new report published today.
The report was put together by the US Government Accountability Office (GAO), an agency that provides auditing, evaluation, and investigative services for Congress.
Congress ordered the GAO report in preparation to approve DOD funding of over $1.66 trillion, so the Pentagon could expand its weapons portfolio with new toys in the coming years.
But according to the new report, GAO testers "playing the role of adversary" found a slew of vulnerabilities of all sort of types affecting these new weapons systems.
"Using relatively simple tools and techniques, testers were able to take control of systems and largely operate undetected, due in part to basic issues such as poor password management and unencrypted communications," GAO officials said.
The report detailed some of the most eye-catching hacks GAO testers performed during their analysis.
In one case, it took a two-person test team just one hour to gain initial access to a weapon system and one day to gain full control of the system they were testing.
Some programs fared better than others. For example, one assessment found that the weapon system satisfactorily prevented unauthorized access by remote users, but not insiders and near-siders. Once they gained initial access, test teams were often able to move throughout a system, escalating their privileges until they had taken full or partial control of a system.
In one case, the test team took control of the operators' terminals. They could see, in real-time, what the operators were seeing on their screens and could manipulate the system. They were able to disrupt the system and observe how the operators responded.
Another test team reported that they caused a pop-up message to appear on users' terminals instructing them to insert two quarters to continue operating.
Multiple test teams reported that they were able to copy, change, or delete system data including one team that downloaded 100 gigabytes, approximately 142 compact discs, of data.
The report claims the DOD documented many of these "mission-critical cyber vulnerabilities," but Pentagon officials who met with GAO testers claimed their systems were secure, and "discounted some test results as unrealistic."
(Score: 0) by Anonymous Coward on Wednesday October 10 2018, @07:10PM (1 child)
Sadly this approach only works when everyone can agree to follow the same set of rules for the benefit of all. And when they can all agree on how to define "benefit of all." To date, the human race has proven that it won't, and that it won't. In every group over a certain size, there's always some bugger slightly more selfish than the rest who screws it up for everybody.
Back in my long-forgotten youth, I'd hear it justified as "you're a fool if you don't take advantage of this!" (Typically, this would be in a retail setting. Some well-meaning store manager advertises a limited sale, and gets swamped by people abusing the intent/spirit of the act.)
Scaled up to nation-state, and it works right up to the moment your ill-behaved neighbor country decides it needs a little more elbow-room - and you no longer have elbows to push back.
(Score: 1, Interesting) by Anonymous Coward on Wednesday October 10 2018, @09:09PM
Well, that's why you form a network of voluntary contracts to mutually defend other countries like you in the event of such a neighbor's aggression.
(We tried this once, and it worked great right up until some Serbian assassin fucked everything up.)