The Complex

Here's How Foreign Spies Are Now Getting U.S. Weapons Tech

Forget the shady middlemen; never mind the students just a little too eager to find out the particulars of engines and warheads. Today, when foreign spies want to acquire America's latest weapons technology, they just hack into networks and steal the digital designs. 2012 marked the the first time, overseas intelligence agencies used cyber espionage - rather than the old-fashioned kind -- as their number one way to pilfer information on U.S. weapons.

That's according to a new report  by one of Pentagon branches responsible for preventing such spying. Not coincidentally, perhaps, half of all successful incidents in 2012 of espionage against American defense contractors originated in Asia, up from 43 percent the previous year. THis report higlights what plenty of us have come to grasp intuitively, cyber attacks are steadliy replacing -- or at least complementing -- attempts to flat-out purchase U.S. defense technology or simply ask for more information about it as the top MO of industrial intelligence operators.

This shift from overt attempts at collecting information on U.S. weapons to cyber theft means that it may become more difficult to detect when a rival is trying to gain access to America's defense secrets. It also shows why the Obama administration has been in such a tizzy of China's alleged industrial espionage.

According to the report from the Defense Security Service, these spies were particularly interested in gathering information on U.S. electronics; worldwide collection attempts in this sector spiked 94 percent from the year before.

A "substantial" number of those electronics were radiation-resistant electronics that can be used in nuclear weapons, ballistic missiles, aerospace and space programs, according to the report.

"Foreign entities, especially those linked to countries with mature missile programs, increasingly focuses collection efforts on U.S. missile technology, usually aimed at particular missile subsystems," reads the report.

Why are nations with mature missile programs trying to steal secrets about American missile parts? To make their missiles even more deadly, of course.

"After a country masters the chemistry and physics required to launch a missiles, scientists and engineers can focus on accuracy and lethality, the desired characteristics of modern missiles," the report notes.

Getting their hands on U.S. missile parts will also help these countries defend against American weapons.

"Reverse-engineering would probably give East Asia and the Pacific scientists and engineers a better understanding of the capabilities of the targeted and acquired technology to develop countermeasures to U.S. weapons systems," reads the document.

Overall, foreign spies' top four American targets were "information systems; electronics; lasers, optics and sensors; and aeronautic systems technologies," according to the report.

All of these are crucial parts of the weapons that have given the U.S. a clear advantage on battlefields for the last 20 years. Information systems are how the US military passes massive amounts of intelligence and communications data. Meanwhile optics, lasers and sensors are key technologies that help American drones spy on enemies and that guide its smart weapons onto targets. Aeronautic systems technologies, as you know, are the parts that make up the Pentagon's next-generation rockets, stealth drones and fighters -- exactly the types of weapons that nations like China are trying to replicate.

The report doesn't specifically call out China as the home of these spies. But let's be honest, the vast majority of espionage attempts originating from Asia are likely coming from China.

"DSS continues to take the politically correct route and hide China within the ‘East Asia and Pacific' category, disappointing," Richard Bejtlich, chief security officer of the cybersecurity firm Mandiant, told Killer Apps after reading the report.

The Defense Security Service document was published on July 17, two days before David Shedd, deputy director of the Defense Intelligence Agency told Killer Apps that his agency is constantly finding new attempts by foreign government to install spyware on U.S. weapon systems. (In 2011, a Senate investigation found that tons of counterfeit electronic parts made in China were making their way into U.S. weapons; these parts could hide spyware or ‘back doors' allowing enemies to take over or disable the weapons.)

Far East countries -- who accounted for 54 percent of the interest in American missile tech -- targeted everything from the Standard Missiles and Ground Based Interceptors used for missile defense to TOW antitank missiles, Trident Submarine launched nuclear missiles, Tomahawk cruise missiles and Patriot anti-aircraft missiles and Harpoon anti-ship missiles.

Unlike overall trends in espionage, spies kept things old fashioned when going after missile tech, trying to either buy it outright or simply requesting information about such technology.

Interestingly, DSS found that successful attempts to get information on missile technology via cyber means are "relatively low." However, because digital espionage allows spies to be even sneakier than outright attempts to steal information, such efforts may go unnoticed.

When cyber espionage "goes unrecognized or unreported by cleared contractors, industry does not generate a report, making such instances unavailable for analysis in this data set," reads the DSS report.

The DSS report largely confirms what any casual news reader has seen over the last few years -- the Far East, led by China, is pushing to build military technology rivaling the U.S.'s by any means necessary.

Wikimedia Commons

National Security

The U.S. Might Be Buying Weapons With Enemy Access Built In

It's bad enough that U.S. intelligence officials are constantly discovering new plans to insert spyware and back doors into the Defense Department's supply chain. But what may be worse is that American analysts are only discovering indirect evidence of this infiltration, according to a senior DOD intelligence official. The back doors themselves remain maddeningly hard to find.

"Our adversaries are very active in trying to introduce material into the supply chain in ways that threaten our security from the standpoint of their abilities to collect [intelligence] and disrupt" U.S. military operations, said David Shedd, deputy director of the Defense Intelligence Agency during a speech at the Aspen Security Forum in Colorado on July 19.

DIA is finding more and more plots to deliver these parts through front companies that are "the instrument of the hostile service that's guiding and directing them," Shedd told Killer Apps during the forum.

"My concern is that our adversaries -- and they're multiple in the supply chain context -- have been very active for a very long time," David Shedd, deputy director of the Defense Intelligence Agency told Killer Apps at the Aspen Security Forum in Colorado. "We're finding things, not in the supply chain itself but plans and intentions through" front companies posing as legitimate DOD parts suppliers.

This is hardly a new threat. (Yours truly has written about the epidemic of counterfeit parts poisoning DOD supply chains since 2008.) A 2011 Senate investigation discovered an unbelievable amount of fake semiconductors in brand new DOD weapons such as the Navy's P-8 Poseidon sub-killing plane and anti-ICBM missiles used by the Missile Defense Agency. Perhaps unsurprisingly, the vast majority of the parts were found to come from China.

In addition to the obvious safety threat posed by say, fake aircraft bolts or wiring harnesses, one of the main dangers to the supply chain is that spyware or back doors can be built into critical electronic circuits. Spyware and backdoors could allow an enemy to easily monitor U.S. operations or even disable American weapons systems.

Israel is rumored to have used digital back doors planted in the software of Syrian air defenses to disable their radars during its 2007 air strike against the Dayr as-Zawr nuclear facility.

Just as scary as the fact that this kind of espionage has been going on for years, is the fact that the massive advantage the U.S. military has in hardware and manpower doesn't exist in the digital world.

"As we learn more about our own cyber requirements and needs, we have a better understanding that the world is a flatter world in terms of what our adversaries can do in the supply chain," Shedd told Killer Apps. While DOD has poured counterintelligence resources at the problem, "I sense a little bit that it's insufficient" said Shedd during his speech.

"I'm generally an optimist, [but] in the supply chain area, I'm very concerned" given the fact that he doesn't truly know the full extent of adversary penetration into DOD weapons systems, said Shedd. "You don't know what you don't know and the old agage of the weakest link is obviously what we need to be concerned about."

Despite all this, there aren't enough people looking at the problem, and sequestration may make this worse.

"It's an area where I have a significant number of analytic resources attached to it and [this] is still less than adequate, in my personal view," said Shedd during his speech. "I'm trying to think about that in a time of fiscal austerity and all the rest because I'm trading it off with other missions that are critical."

You can bet this issue will see more and more attention as hardware becomes increasingly networked and therefore vulnerable to cyber attack. For all the noise about outsiders hacking American systems, the best way for a foreign adversary to get inside U.S. networks might be to ship some counterfeit parts with the spyware already built in.

Wikimedia Commons