Chinese hackers stole sensitive U.S. Navy submarine plans from contractor

The guided-missile submarine USS Ohio prepares to moor at Naval Magazine Indian Island. A group tied to the Chinese government has hacked a contractor responsible for submarine development. (U.S. Navy photo by Lt. Ed Early/Released)

Share

Written by

A Chinese intelligence agency was able to successfully hack into a Navy contractor around February, stealing more than a half terabyte worth of highly sensitive documents about U.S. submarine technology and plans.

The hackers, according to the Washington Post, employed by China’s Ministry of State Security (MSS), targeted a Rhode Island-based company that was actively working on a Navy development project known as “Sea Dragon.”

The Post reported that the breach was driven by China’s continued mission to challenge the U.S. military’s existing naval superiority, especially as it relates to the hotly contested South China Sea territory. While China has made strides in developing aspects of their navy, the country has lagged in building both anti-submarine technology and a next generation fleet.

Based on publicly available information, the Sea Dragon program is part of the Pentagon’s Strategic Capabilities Office. It focuses on building a “cost-effective disruptive offensive capability … by integrating an existing weapon system with an existing Navy platform,” according to several different budget documents and previous reporting by Inside Defense.

“The [Ministry of State Security] appears to extensively favor the use of contractors because it allows for operations to be easily terminated, adds an extra layer of OPSEC between the victim and intelligence officers, offers a variety of technical responses to fulfill collection requirements, creates plausible deniability in the event attacks are reversed, and can provide additional technical expertise that may not exist in-house,” said Adam Meyer, vice president of intelligence at cybersecurity firm CrowdStrike.

One of the largest companies involved in the still-active Sea Dragon contract is Connecticut-based Electric Boat Corp, a subsidiary of defense contracting behemoth General Dynamics. The company has pulled in more than $100 million as part of their work so far.

Representatives for Electric Boat or General Dynamics did not respond to CyberScoop’s inquires prior to this article’s publication.

It’s believed that the theft of this classified data, which includes an electronic warfare library and information about the Navy’s cryptographic systems, will help China keep up with U.S military capabilities.

Over the last year, private sector cybersecurity firms have detected Chinese hacking groups associated with Beijing targeting U.S. military, engineering and maritime contractors, based on previous reporting by FireEye, CrowdStrike and others.

In March, a blog post by FireEye outlined a hacking group it dubbed “TEMP.Periscope,” which had sent a wave of phishing emails to submarine technology developers primarily based in the U.S. and several other NATO countries. While TEMP.Periscope has been active since at least 2013, they became more aggressive recently, analysts previously told CyberScoop.

Cybersecurity policy experts say that Chinese cyber-espionage operations — hacking activities aimed at stealing trade secrets, intellectual property or other confidential business information — has substantially declined in the wake of an agreement struck between former President Barack Obama and Chinese President Xi Jinping in September 2015. But others disagree.

Legitimate national security targets, like defense contractors, are not protected under the 2015 arrangement; leaving a loophole for China to target any U.S. company that it deems tangentially related to domestic defense.

In an interview with CyberScoop on Thursday, Bill Evanina, Director of the National Counterintelligence and Security Center, said that he believed Chinese hacking activity had never been deterred.

“We’re being eviscerated [by China],” said Evanina. “[Intelligence community], [law enforcement], folks who were victimized in the last five years would counter the narrative that there’s been a lull … There won’t be a lull until we have a vibrant deterrent.”

Former Pentagon cyber adviser Eric Rosenbach previously told CyberScoop that he also doubted the longterm effectiveness of the 2015 Xi-Obama agreement.

“I don’t want to sound cynical, but I just now believe that they are better at doing what they were doing before and they’ve found new ways and their leadership has told them ‘Don’t you dare get caught again,’” Rosenbach said last year.

News of the Sea Dragon compromise, which has already reportedly prompted a review by the Defense Department’s inspector general, follows other damaging counterintelligence incidents. At least three different retired U.S. intelligence officials have been caught passing secrets to the Chinese government since last year.

*Patrick Howell O’Neil contributed to this story 

-In this Story-

APT, APT3, breach, cyber-espionage, cybersecurity, FireEye, military, nation state, Navy, news, Pentagon, Sea Dragon, Temp.periscope, Washington Post
TwitterFacebookLinkedInRedditGoogle Gmail