The Pentagon computer hack which gave access to the Joint Strike Fighter Project, could have been prevented.
Hackers have broken into the Joint Strike Fighter project, one of the most expensive military development programs in history, according to The Wall Street Journal. The project is developing the stealth jets that the Australian government has committed to purchasing from the US for Air Force use.
According to WSJ, the information the hackers obtained could aid potential attackers in defending themselves against the fighter jet, which is capable of dodging existing aircraft detection systems.
The hack was allegedly initiated from China, though to date no one has been able to irrefutably prove Chinese involvement. At this point, the Chinese government has denied involvement in the latest intrusions.
The hack led to the theft of information which related to the Joint Strike Fighter project, though the information that was stolen did not include that which was the most sensitive due to the fact that it was stored on computers which lacked Internet connectivity.
The Pentagon maintains that there was no sensitive information or technology compromised during the attack. "I'm not aware of any specific concerns," Pentagon spokesman Bryan Whitman said, according to Reuters, though he claimed he was speaking generally rather than about any specific intrusion.
At this point the specifics of the breach are not clear, however WSJ believes it was probably done via accessing vulnerabilities in contractor networks of those involved in the aircraft construction.
Aamir Lakhani, a security solutions engineer World Wide Technology claimed that the breach could have been avoided. "I think one of the ways this could have been prevented is by limiting what kind of information is stored on noncontrolled computers," Lakhani said to ChannelWeb.
"Classified information should be stored on centralized computers. Taking advantage of cloud computing or centralized data themes could help prevent this information from leaking.”
Data breaches have become an increasing concern recently, especially considering that foreign governments have the resources to invest massive amounts of money in the equipment needed to break sophisticated encryption used for virtual private network (VPN) links.
The leak of sensitive information directly from portable computers is an increasing concern. When employees are not adhering to company security policies (which often seem annoying), information can easily be stolen. The widespread use of notebooks, smartphones and mobile broadband add to the risk.