Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Wednesday October 10 2018, @04:37PM   Printer-friendly
from the who's-aiming-that-thing,-anyhow? dept.

Submitted via IRC for chromas

Pentagon's new next-gen weapons systems are laughably easy to hack | ZDNet

New computerized weapons systems currently under development by the US Department of Defense (DOD) can be easily hacked, according to a new report published today.

The report was put together by the US Government Accountability Office (GAO), an agency that provides auditing, evaluation, and investigative services for Congress.

Congress ordered the GAO report in preparation to approve DOD funding of over $1.66 trillion, so the Pentagon could expand its weapons portfolio with new toys in the coming years.

But according to the new report, GAO testers "playing the role of adversary" found a slew of vulnerabilities of all sort of types affecting these new weapons systems.

"Using relatively simple tools and techniques, testers were able to take control of systems and largely operate undetected, due in part to basic issues such as poor password management and unencrypted communications," GAO officials said.

The report detailed some of the most eye-catching hacks GAO testers performed during their analysis.

In one case, it took a two-person test team just one hour to gain initial access to a weapon system and one day to gain full control of the system they were testing.

Some programs fared better than others. For example, one assessment found that the weapon system satisfactorily prevented unauthorized access by remote users, but not insiders and near-siders. Once they gained initial access, test teams were often able to move throughout a system, escalating their privileges until they had taken full or partial control of a system.

In one case, the test team took control of the operators' terminals. They could see, in real-time, what the operators were seeing on their screens and could manipulate the system. They were able to disrupt the system and observe how the operators responded.

Another test team reported that they caused a pop-up message to appear on users' terminals instructing them to insert two quarters to continue operating.

Multiple test teams reported that they were able to copy, change, or delete system data including one team that downloaded 100 gigabytes, approximately 142 compact discs, of data.

The report claims the DOD documented many of these "mission-critical cyber vulnerabilities," but Pentagon officials who met with GAO testers claimed their systems were secure, and "discounted some test results as unrealistic."


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Interesting) by Anonymous Coward on Wednesday October 10 2018, @07:25PM (2 children)

    by Anonymous Coward on Wednesday October 10 2018, @07:25PM (#747092)

    This is potentially a very sad story.

    Old school defense plan for something bad coming your way was to stop or deflect it.

    New school is to smile and send it back home.

    With enough control of the other side's systems you don't even have to wait for them to launch something at you.

    Perhaps networking platforms together is a two edged sword which has yet to be thought out.

    Starting Score:    0  points
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  

    Total Score:   1  
  • (Score: 3, Interesting) by legont on Thursday October 11 2018, @01:22AM (1 child)

    by legont (4179) on Thursday October 11 2018, @01:22AM (#747234)

    It's worse. Modern way is to ignore: "no way Russia has it, forgetaboutit", "China is a bunch of stealing idiots".

    The US is a giant on clay legs at this point. The US have not faced a sophisticated adversary for three generations. Any half modern but determinate state can defeat it just like that.

    --
    "Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
    • (Score: 0) by Anonymous Coward on Friday October 12 2018, @11:34AM

      by Anonymous Coward on Friday October 12 2018, @11:34AM (#747856)

      Any half modern but determinate state can defeat it just like that.

      Half modern? Doubt it.

      Much of their older stuff still works and packs a punch. They've been testing them in the Middle East and other places.

      And if push comes to shove, they still have nukes[1]. And if the nukes get hacked and don't hit the right targets they could trigger a global nuclear war.

      So it's unlikely that any half modern country would want to attack the USA. Too much to lose. If your country was about to officially militarily attack the USA the patriotic thing to do would be to kill your idiot leaders who are trying to do it.

      Remember Iraq didn't actually attack the USA, same for Libya, Syria, etc; and yet the US public were so easily swayed into supporting military action against those countries. So imagine what would happen to you if you actually declared war AND tried to defeat the USA in military war and somehow killed enough civilians...

      [1] Do things wrong and take things too far and the Russians and Chinese might even support limited use of nukes by the USA (so they can see the US capability in practice). Especially if your country is not near Russia or China...