Chinese Penetrate TRANSCOM Amid Lack of Data Sharing

TRANSCOM Hacked by China

TRANSCOM, the Defense Department command that handles wartime military logistics was compromised repeatedly over a one-year span by a handful of Chinese APT groups.

Hackers allegedly affiliated with the Chinese government compromised the computer networks of the United States Transportation Command, the group tasked with providing air, land and sea transportation services to the Department of Defense, according to the findings of a Senate Armed Services Committee investigation.

Between June 2012 and May 2013, the committee determined that Chinese military hackers managed to compromise the networks of a series of TRANSCOM contractors more than 20 times, with an additional 30 or so intrusions not attributed to advanced persistent threats. Of those 20-some APT incidents, TRANSCOM was aware of two, an oversight the Senate committee is attributing to a lack of information sharing between TRANSCOM, its contractors, sub-contractors and government intrusion experts at the FBI, DoD and elsewhere.

As was made clear during the U.S. government focused Billington Cybersecurity Summit earlier this week, top federal security officials are prioritizing information sharing practices now perhaps more than ever. Despite this push, the Senate report says that the FBI and DoD had identified a number of these companies as victims of APT attacks without even knowing that the companies worked as TRANSCOM contractors.

“We must ensure that cyber intrusions cannot disrupt our mission readiness” said Senator Jim Inhofe, the committee’s ranking member. “It is essential that we put into place a central clearinghouse that makes it easy for critical contractors, particular those that are small businesses, to report suspicious cyber activity without adding a burden to their mission support operations.”

Specifically, the inquiry’s findings demonstrated that the Chinese military stole email, documents, credentials and passwords for an encrypted email service used by a contractor from 2008-2010. In a 2010 intrusion, they also found their way into a Civil Reserve Air Fleet network and made off with documents, flight details, credentials and passwords for an encrypted emails. In 2012, attackers infiltrated systems onboard a commercial ship contracted by TRANSCOM.

Researchers Jen Weedon and Kristen Dennesen of the security firm FireEye claim the motive behind these attacks are to “steal intellectual property and proprietary information capable of providing the government with a military advantage and assist the country in reaching its goals for military modernization.” This would make available to the Chinese government technologies that the U.S. and its allies would not sell or otherwise offer to China. Additionally, the purloined information could help the Chinese military assess the logistical capacity of the U.S. military.

“Stealing data from the [defense industrial base] could also provide the Chinese government with an economic advantage in the global arms market, as the government would be able to indigenously develop and then sell new and highly valued technologies,” Dennessen and Weedon wrote. “Using stolen blueprints would also allow the Chinese government to increase its market competiveness(sp.), as it would be able to skip the research and development process and thus sell the same products for a cheaper price.”

Part of the problem, the committee found, is that contractors are only required to report intrusions impacting the DoD. The very nature of TRANSCOM means that certain contractors will do virtually no business with the DoD during peacetime but will provide services in times of war. Thus, much of the information potentially lost in these attacks would not effect TRANSCOM or the DOD. However, these compromises could impact readiness in the future when and if the contractors deal directly with the DoD, particularly if APT groups maintain a presence on affected systems.

The DoD will tighten requirements about which contractors are required to disclose security incidents initiated by known or suspected government actors.

Suggested articles