US Navy Contractors Hacked by China "More Than A Handful Of Times"

Over the last 18 months, Chinese hackers breached several unidentified Navy contractors, stealing large amounts of data related to undersea warfare, including top-secret programs to develop supersonic anti-ship missiles for submarines, officials and experts said, triggering top-to-bottom review of cyber vulnerabilities for the Navy.

Navy Secretary Richard Spencer recently requested a review to examine why the service and its contractors are continuing to get hacked by China.

Officials told The Wall Street Journal that a classified initial assessment of the problem was delivered to Navy Secretary Spencer last week and provides appropriate countermeasures to thwart future cyber attacks.

Navy officials declined to say how many cyber attacks occurred during the 18 months except to say that there were “more than a handful,” calling some of the cyber attacks "troubling and unacceptable."

“Attacks on our networks are not new, but attempts to steal critical information are increasing in both severity and sophistication,” Spencer wrote in an internal memo in October reviewed by the Journal.

“We must act decisively to fully understand both the nature of these attacks and how to prevent further loss of vital military information.”

Spencer’s memo excluded explicitly mentioning China, but officials told WSJ that China mostly does the hacking.

On Friday, the Navy said Spencer’s memo “reflects the seriousness to which the [Navy] prioritizes cybersecurity in this era of renewed great power competition so that our Navy and Marine Corps warfighting team can sustain and improve our military advantage over any peer or competitor.”

Even though China would struggle in a conventional war with the US, Navy officials said Beijing had already shown its muscles on the modern battlefield as it continues to launch cyber attacks on the US.

“They are looking for our weak underbelly,” said a defense official. “An asymmetric way to engage the United States without ever having to fire a round.”

Officials told WSJ that "cyber fingerprints pointing to China include the remote administering of malware from a computer address accidentally exposed as located in the island province of Hainan."

US officials also say they have classified sources that have ample evidence the attacks are directly linked to China.

Tom Bossert, an ex-homeland security adviser to President Trump, said the "Chinese hack the U.S. military and other organizations for various reasons—sometimes to sabotage American systems, sometimes to gather intelligence and other times to gain a competitive advantage by stealing intellectual property."

“It’s extremely hard for the Defense Department to secure its own systems,” Bossert said. “It’s a matter of trust and hope to secure the systems of their contractors and subcontractors.”

An intelligence official told WSJ that subcontractors employed by the military are severely lagging in cybersecurity and have been targeted by the Chinese. 

"Senior Pentagon leaders view the military’s acquisition process as inadequately structured to hold contractors and subcontractors accountable for their cybersecurity," officials said.

Spencer’s memo coincides with a broader strategy by the Trump administration to label China as a thief of American intellectual property. 

WSJ indicates that Navy contractors and subcontractors that have been hacked, are generally targeted by one Chinese government hacking unit, known as Temp.Periscope or Leviathan, that often deploys email phishing schemes to break inside secured networks. 

The hacking group has been active since at least 2013 and has focused mostly on targeting Western governments and their militaries. 

Ben Read, senior manager for cyber espionage analysis at FireEye, said that Temp.Periscope has been one of the top hacking groups in China targeting American maritime interests. 

The group has targeted " entities that may be strategically significant to Chinese interests in the South China Sea, including Cambodian political organizations," Read said.

So, how many more hacks will Washington tolerate until President Trump snaps and punishes Beijing with even more tariffs while sending an even greater US military presence in the South China Sea?

As a reminder, NATO recently declared that a major cyber attack on one of its members could be grounds for a declaration of war.