• United States



Chinese hackers stole 614GB of undersea warfare data from U.S. Navy contractor

Jun 10, 20183 mins
Data BreachHackingSecurity

Chinese hackers reportedly stole hundreds of gigabytes of undersea warfare data from a contractor that works for the U.S. Navy’s underwater weapons R&D center.

submarine periscope 101722825
Credit: Thinkstock

Hackers linked to the Chinese government reportedly stole 614 gigabytes of highly sensitive data from a U.S. Navy contractor, including plans related to a supersonic anti-ship missile meant to be usable by 2020 and other details about undersea warfare.

The hundreds of gigabytes of pilfered data came from an unnamed contractor working for the Navy’s underwater weapons R&D center; this Naval Undersea Warfare Center is based in Newport, Rhode Island. According to the Washington Post, the stolen data included material related to a “project known as Sea Dragon, as well as signals and sensor data, submarine radio room information relating to cryptographic systems, and the Navy submarine development unit’s electronic warfare library.”

There was more taken, but the Post held off on reporting about it as to avoid harming national security.

The FBI and Navy are investigating the breaches, which occurred in January and February. Investigators blame the Chinese Ministry of State Security for the hacks. Although the MSS is a civilian spy agency, it is reportedly responsible for counterintelligence, foreign intelligence, and domestic political security, and it compromises networks to glean foreign, military and commercial intelligence.

While the data stored on the contractor’s unclassified network was described as “highly sensitive” by the Post, sources added that it could be considered classified when aggregated.

China denies involvement in hack

China, of course, denies any involvement in the hack. The Chinese Embassy told Reuters that it knew nothing about the breaches and that the Chinese government “staunchly upholds cybersecurity, firmly opposes and combats all forms of cyberattacks in accordance with law.”

How badly did the hack potentially hurt the U.S. Navy?

While it is neither the most sensitive data ever stolen by the Chinese nor the largest theft of data about Navy systems, if push comes to shove with China, then the U.S. Navy would reportedly rely heavily on the use of submarines.

Bryan Clark, a naval analyst at the Center for Strategic and Budgetary Assessments, told the Post, “U.S. naval forces are going to have a really hard time operating in that area, except for submarines, because the Chinese don’t have a lot of anti-submarine warfare capability. The idea is that we are going to rely heavily on submarines in the early effort of any conflict with the Chinese.”

As for stealing an electronic warfare library, James Stavridis, a retired admiral who served as supreme allied commander at NATO, told the Post, that the data “could give the Chinese ‘a reasonable idea of what level of knowledge we have about their specific [radar] platforms, electronically and potentially acoustically, and that deeply reduces our level of comfort if we were in a close undersea combat situation with China.’”

Stavridis added that the stolen signals and sensor data could give China knowledge about “when we would know at what distance we would be able to detect their submarines.”

Officially, a U.S. Navy spokesperson released only this statement about the hacks to Reuters: “Per federal regulations, there are measures in place that require companies to notify the government when a ‘cyber incident’ has occurred that has actual or potential adverse effects on their networks that contain controlled unclassified information. It would be inappropriate to discuss further details at this time.”

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.