Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Chinese 'Comment Crew' hackers emptied QinetiQ of top-secret military data

US firm complacent about serious breaches, Bloomberg alleges

Article comments

One of the US’s critical military and espionage contractors QinetiQ North America (QNA) was successfully pillaged for huge amounts of top-secret know-how by the infamous Chinese ‘Comment Crew’ or PLA 61398 hacking group in a campaign stretching over years, Bloomberg has reported.

Reports and accusations of Chinese hacking are now ten-a-penny but what has been reconstructed by Bloomberg’s journalists after talking to investigators tells a story that will be as embarrassing as it is depressing for both QNA and the US defence establishment.

The hacking was so extensive that external consultants ended up more or less working permanently inside the firm to root out malicious software and compromises on an ongoing basis.

It’s already established that Chinese hackers (including probably PLA 61398 outed earlier this year by Mandiant) started targeting US defence contractors as far back as 2007, but the role of QNA in events has not until now been full explained despite fragments of the story turning up in emails leaked after the 2011 Anonymous Group hack of security firm HBGary.

By late 2007 the Naval Criminal Investigation Service reportedly told QNA that two staff at the firm’s HQ were losing data from laptops, information that the firm allegedly treated as a minor breach when it was later discovered to be anything but.

Through 2008, is said to have treated the continuing pattern of hacks traced to its buildings as “isolated incidents”, including the compromise of 13,000 server passwords that attackers were used to help steal huge amounts of classified military engineering data.

Security deteriorated to such an extent that investigators found that it was possible to access the firm’s network from a car park using an unsecured Wi-Fi connection and that, independently, Russian hackers had set up the compromised PC of a secretary to steal sensitive data at will over a two and a half year period.

“Over one stretch in 2009, the spies spent 251 days raiding at least 151 machines, including laptops and servers, cataloging TSG’s [a QNA division] source code and engineering data,” said Bloomberg.

“The hackers dribbled data out of the network in small packets to avoid detection, managing to get away with 20 gigabytes before they were finally stopped, according to an internal damage assessment.”

Despite another assessment that found that QNA’s lack of two-factor authentication helped a major 2010 raid on the company’s cache of robotics IP, the firm’s managers still did not address the need for security fixes recommended by consultant Mandiant.

By 2010, QNA believed it had cleaned up the last remnants of a hacking attack that dated back three nearly years only to discover yet more data leaks traced to malicious software that had been operating since 2009.

The damage done by the years-long thefts is harder to assess but must have compromised US military superiority in a range of spheres including helicopters and robotics as well as some of this infomatics systems used by them during a military conflict.

It’s already been noticed how similar some Chinese drone designs are to the US designs on which they were almost certainly based.

Third-party assessments are that QNA was so successfully attacked that there is probably nothing left for the Chinese to steal.

QinetiQ’s story started in contentious fashion after it was hived off at an infamously knock-down price in 2001 from the UK’s Defence Evaluation Research Agency (DERA) with the help of US investor Carlyle Group.

Critics complained that Carlyle had been handed huge amounts of valuable British research IP at a steal. QNA formed its own board in 2004 before the whole group went public in 2006.

As for the other actor in all this, the so-called Chinese Comment Crew hackers, one of the consultants used by QNA, Mandiant, made its global name after a report that not only explored the group’s activities but even identified the building they work from.


More from Techworld

More relevant IT news


AmadeoDeLosRios said: Privatisation was so wrong

URSULARICHES said: The colt is more likely to kill unless the American false flag gers buy Chinese guns to save costs When did the liars who are devils in the USA ever try to save money in their business of killing people

snavej said: Same old spy vs spy bks Everyone should grow up

Mark said: A Chinese copied gun kills you just as dead as a expensive Colt

Stephen Burns said: Would I be wrong in assuming the systems compromised were mainly Windows based When will these firms ever learn A secure UnixLinux infrastructure is the best starting base for security That and proper training of staff to stop social engineering attacks

TED said: I dont think it would be morally wrong for someone to use cheap copied bombs to strike the pentagon

L.Titinero said: Sounds like a big screw-up So bad its maybe even worth trying misinf to concealconfusede-demoralise It was all on purpose Typical in the intelligence world more cock-up is that OK than conspiracy Lets hope the Chinese value the IP so much they keep it to themselves If they franchise it out to any primo US enemies thats another story

jimmett said: Hopefully they will just do their usual and cut costs so far that they make crap

Happeh said: Nobody can screw up that muchQinetiq gave them the data on purposeAll you need to do is see the name Carlyle Group in the story and you know everything you are being told is a lie Car-LIE-l Group

Rick Francis said: The Chinese have no ingenuity so they steal from everyone and reverse engineer everyones hard work Chinese are low life scumbags

Rick Francis said: fucking Chinese are going to start WW3

Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *