China Hacks US Military Transport Contractors

KC-135 Stratotankers taxi to a runway during an exercise at Fairchild Air Force Base, on August 22, 2014.

U.S. Air Force photo by Staff Sgt. Benjamin W. Stratton

AA Font size + Print

KC-135 Stratotankers taxi to a runway during an exercise at Fairchild Air Force Base, on August 22, 2014.

A new report outlines serious vulnerabilities in the computer systems of military transport contractors. By Patrick Tucker

Chinese military hackers successfully breached the systems of several transportation companies that do important work for the military, according to a new Senate Armed Services Committee report released on Wednesday. 

U.S. Transportation Command, or TRANSCOM, is the outfit that moves troops and equipment. The command relies on a network of private companies large and small.

The heavily-redacted report outlines more than 20 successful intrusions on behalf of the Chinese government. “These are just those intrusions of which TRANSCOM is aware,” the report states.

The hacks outlined occurred between 2008 and 2013, but most occurred in 2012. The Chinese hackers stole emails, documents, compromised “multiple systems” of ships, obtained credentials, personal identification numbers and passwords for encrypted email and, through a phishing scam, convinced someone working at a TRANSCOM contracting air company to download an email with malware onto the airline’s network.

The report does not indicate how the Defense Department determined that the hackers were affiliated with the Chinese military, but the attacks do fit with what is now a well-established pattern of breaches conducted by Chinese military on U.S. military contractor systems, which the U.S. often discovers and responds to years later..

On May 19, the Justice Department charged five members of the People’s Liberation Army with espionage for “computer hacking, economic espionage and other offenses,” that took place years ago. The group has also been implicated in the theft of information related to the Israeli Iron Dome and the Arrow 3 Missile system, which occurred between 2011 and 2012.

The military’s increasing reliance on contactors to provide everything from transportation to communications equipment means that more and more military activities and operations could occur over civilian or commercial systems with serious flaws. At this year’s Black Hat conference in Las Vegas, researchers with the group IOActive found exploitable backdoors in various pieces of satellite communication equipment that the military relies on for moving people and goods.

Even though the intrusions highlighted in the report occurred on contractor systems, not those that the Defense Department uses for sensitive military operations, the government is not taking the breaches lightly. “These have got security implications, these intrusions. These are not just commercial,” Sen. Carl Levin, D-Mich., the chairman of the Senate Armed Services Committee, told reporters on Wednesday.

The committee tapped the FBI, the Defense Security Service, the Defense Cyber Crime Center, and the U.S. Air Force Office of Special Investigations for information and evidence to put into the report. The fact that no one body or investigative unit could find all of the incursions raises serious questions about how many may gaps may remain and how to find them. More importantly, the report describes serious problems in the way TRANSCOM communicates with investigators and investigators with one another.

“The reasons for TRANSCOM being unaware of intrusions affecting its contractors include a lack of common understanding between TRANSCOM and other DOD components about what cyber information TRANSCOM needs to know and misperceptions about the rules governing how cyber intrusion-related information identifying a particular victim may be shared,” the report said.

 “DOD has begun to take some steps to break down some of the stove piping,” Levin said, which he called “truly absurd.”

Contractors have to report cybersecurity incidents to TRANSCOM, as stipulated by a clause that the command put into its contracts back in 2010. But investigators also found that TRANSCOM contractors were unsure as to which sorts of cyber intrusions to report and to whom. Private contractors who do work for the command may have to report cyber intrusions to a variety of different agencies under different conditions.

The National Defense Authorization Act for Fiscal Year 2015 includes a provision to designate one place for private contractors to report intrusions and hacks, which could help contractors step up inspection and reporting of breaches and hacks. “Or else we won’t renew their contract” Levin said.

The report does not state which contractors suffered the hacks. But Bloomberg Intelligence identified some of the top contractors since 2010 as FedEx, Evergreen Holdings., A.P. Moeller-Maersk A/S, United Parcel Service and Neptune Orient Lines.  

A Pentagon spokesman told Bloomberg that the Defense Department takes the breaches “very seriously.”

“This is a very high priority for the department.”

Close [ x ] More from DefenseOne