Home » Budget Industry » China Has Stolen Vast Amounts of Navy Submarine, Missile Data in Multiple Breaches from Contractor’s Servers


China Has Stolen Vast Amounts of Navy Submarine, Missile Data in Multiple Breaches from Contractor’s Servers

The Los Angeles-class fast-attack submarine USS Olympia (SSN-717) on March 16, 2018. US Navy Photo

This story will be updated as new information becomes available.

Chinese government-sponsored cyber thieves stole hundreds of gigabytes of data related to sensitive Navy undersea warfare programs from a government contractor earlier this year, a defense official familiar with details of the breach told USNI News on Friday.

The official confirmed details reported in a Friday afternoon story in The Washington Post in which hackers took “614 gigabytes of material relating to a closely held project known as Sea Dragon, as well as signals and sensor data, submarine radio room information relating to cryptographic systems, and the Navy submarine development unit’s electronic warfare library.”

The data is described in the story as sensitive but not classified.

When contacted, Navy spokesman Lt. Marycate Walsh would not confirm the accuracy of the Post report but provided a statement on general cyber intrusions.

“We treat the broader issue of cyber intrusion against our contractors very seriously. If such an intrusion were to occur, the appropriate parties would be looking at the specific incident, taking measures to protect current info, and mitigating the impacts that might result from any information that might have been compromised,” she said.

The defense official told USNI News that the there were particular concerns over the type of data that was stolen from the contractor, which supported the Naval Undersea Warfare Center based in Newport, R.I. The official indicated data from other military services may have also been taken from the contractor’s servers. Indications from the multiple breaches that occurred in January and February showed that the servers on which the technical data was stored were not properly protected, the official said.

Of particular concern is information related to the Sea Dragon anti-ship missile program, a project of the Pentagon’s Strategic Capabilities Office that was being developed by submarine builder General Dynamics Electric Boat. The Pentagon and Navy did not tell USNI News which company affiliated with the Sea Dragon program had its servers hacked.

Like the SCO-led anti-surface modification to the Standard Missile-6, the program sought to give an unspecified sub-launched weapon an anti-ship capability.

While the technical data on its own may be unclassified, enough of it combined together could give U.S. adversaries like China or Russia an edge in developing similar capabilities, Bryan Clark, a naval analyst at the Center for Strategic and Budgetary Assessments and former aide to retired former Chief of Naval Operations Adm. Jonathan Greenert, told USNI News on Friday.

“It’s bad that we’re not treating unclassified sensitive information as carefully as we should,” he said.
“We’re talking about submarine-launched weapons that were in the pile of information. The Russians or the Chinese could take that information and reverse engineer [that system].”

  • Leroy

    Is there nothing our government and contractors can’t hide? What the heck is going on? Why are these computers connected to outside Inter-webs? This is outrageous – AGAIN!

    • Kim Chul Soo

      This is absurd that nothing can remain secret. Security is not rocket science, WTF?

  • I’m more interested in the Sea Dragon submarine launched antiship missile – are there any more details available?

    • mrsatyre

      Ask the Chinese.

      • publius_maximus_III

        Or the Israeli’s, who probably have their own “improved” model already operational by now.

    • Bubblehead

      Sadly that was my exact thoughts

      • DaSaint

        Me too!

  • mrsatyre

    It’s like little kids are in charge. Seriously what-the-f*ckery playing at soldiers.

    • Secundius

      And WHO Funded the “NSA” and then Curtailed the NSA on what it Can and Cannot do…

  • jerry

    NUWC and any organization with money in Newport is at abnormally high risk to performance issues.

  • fedupmd

    Who’s the contractor, again?

    • Zorcon, Fidei Defensor

      Because I don’t think it was a contractor. It was the NUWC Newport which means the government.

    • Centaurus

      I am the contractor…and I did it because the Chihuahua in my head told me to steal it for World Peace.

      • publius_maximus_III

        Damneth Thee, Taco Mongrel!

        • Centaurus

          Yo quero Taco Bell

  • muzzleloader

    This is unbelievable. Just how the h**l does this keep reaccuring? Outrageous. Beyond that, I have no words.

  • THOR HAMMERSTRONG

    Very suspicious.This might be a deliberate leak .Could be a sophisticated computer virus disguised as weapons program . If that’s what this is kudos to the folks in the pentagon . The Chinese are about to spend a lot of money and energy figuring out why their computers stopped working. The military wouldn’t be talking about an actual hack publicly. This was a bait and the middle shitdom took it.

    • sferrin

      Yeah, I wouldn’t bet on it. I wonder if anybody has even received a slap on the hand yet.

  • Duane

    I would like to understand what this term “unclassified, but sensitive” means. If the information could be used to practically reverse engineer an important weapon system (as claimed by the government contractor in this story), then it seems clear that the info ought to be classified at least “secret”, if not higher.

    This story does not add up.

    • Zorcon, Fidei Defensor

      Unclassified but sensitive is code for CYA.

      • Duane

        It is not code for anything. US government laws that govern classification of documents are not clever little exercises in rhetoric.

        The stolen info is unclassified, period.

        • Zorcon, Fidei Defensor

          Still have not been to WalMart to get a sense of humor?

    • publius_maximus_III

      Perhaps the information stolen confirmed the existence of something classified, but not the substance of it?

  • sferrin

    Hmmm. I say WTF and it gets deleted. Others say WTF and it stays. Apparently pointing out “Sea Dragon” is just Tomahawk with antiship capability (that it had years ago and was retired) is verboten as well. Jesus.

    • publius_maximus_III

      I have given you a protective VOTE UP, sferrin, since I possess the Disqus magical shield of comment invulnerability. Why, I can even openly question Sam’s authority to cu

    • Ken N

      How do you know the Sea Dragon is just an anti-ship Tomahawk?? The source that broke the story, WP, is saying Sea dragon is supersonic.

      • Secundius

        “The Drive” is making a “Probable” claim that the Sea Dragon is nothing more than a Submarine Launched SM-6 Missile…

  • Kypros

    Infuriating that this was allowed to happen.

  • Paul Stanley

    Methinks many DOD contractors use a “colander” as their firewalls. But, then again, it is my belief that the US Govt and its many contractors are many years behind in their required cybersecurity protection schemes. The task (protecting data, screening users, limiting access, etc.) is daunting. Perhaps some just shrug their shoulders and de facto trust their luck. Unfortunately, these ner-do-wells keep rolling craps and exposing US data. It ain’t their family secrets and they don’t care. If they “blow it” they arer hailed by the press as patriots. Maybe some of the contractors need to sent to GTMO – a nice Caribbean spot with beautiful traded winds. .

    • publius_maximus_III

      You don’t get to be low bidder by climbing to the top of the heap.

  • Corporatski Kittenbot 2.0

    Inevitable when every IT product contains components built by the Chinese Communist Party and its pseudo-capitalist corporate entities.

    • publius_maximus_III

      The Iranians learned the hard way not to trust everything cyber, as their computer-controlled centrifuges over-sped to destructive failure.

      • Zorcon, Fidei Defensor

        You have to admit, that must have been a sight to behold?

  • Jffourquet

    If we cannot protect information store on computers from hacking then it is time to take these computers off line. No more e-mails, no more internet, just stand alone computers w/o external drives or ports for external drives. This is crazy. Nothing is safe from hackers. We are too complacent! It is time for drastic action to protect classified information!

    • publius_maximus_III

      The convenience of employees working from home has trumped the need for protection of our nation’s secrets. Just as those in the military waive certain rights as citizens due to their specialized employment, so should those military contractors entrusted with portions of our national security. Chinese, Russian, and other operatives no longer need to physically break into such facilities to gather information. They can just monitor the transmissions beyond the physical boundaries. The Chinese breach of the OPM’s personnel data files, putting anyone who ever held a security clearance at risk for future family safety blackmail, should the need arise for information in their area of expertise, has taught us absolutely nothing — business as usual. Frank Abagnale tells us passwords will soon be a thing of the past, something better is on the way. I hope they come up with that something better soon. What we have now is simply not working.

  • Glenwood

    China is not our friend. We should offset any Bond payments with value of Intellectual property theft.

  • publius_maximus_III

    Take a stroll through the halls of any U.S. grad school these days, and I think you might have a different opinion. They’re growing their own crop, in our fields.

  • OddMan

    Kinda buried the lead.
    “The data is described in the story as sensitive but not classified.”

    • proudrino

      No. The Chinese stealing data from contractor’s servers is the lead even if the information isn’t classified.

      The real question is why the Navy doesn’t do more to protect ALL its information.

  • The_Usual_Suspect61

    Name the contractor. Shame and embarrass them, so this never happens again. There need to be stiff criminal and economic penalties for their lax security practices. Yes, the Chinese stole the files, but the contractor was complacent, complicit, or just plain negligent.

  • SDW

    It’s not surprising that this occurred at NUWC. When doing some work for and at NUWC Newport I used a document in which Maxwell’s Equations were classified. I pointed this out to someone of significant authority and he had an ensign look it up. Since the classification guide (DD-254) said all equations in the area addressed by the document were to be classified CONF/No-Forn unless explicitly marked at a higher level, he, although authorized to change it, would not downgrade the equations. I still won’t say which doc it was or which program but it was very disappointing.

    It was my experience that when everything has a restricted access–even obviously inappropriate–the general attitude and diligence suffers since no one respects the classification system overall. I can’t say that this was the situation but it could be. That and mindless retention on an improper, net-accessible computer VPN could easily explain the basic why it was available.

  • proudrino

    “It’s bad that we’re not treating unclassified sensitive information as carefully as we should,” he said.

    “We’re talking about submarine-launched weapons that were in the pile of
    information. The Russians or the Chinese could take that information
    and reverse engineer [that system].”

    Bad isn’t the word I would use Mr. Clark. Criminal is more in the ballpark.

  • Ctrot

    Who was this contractors IT manager, Hillary Clinton?

  • Chesapeakeguy

    I’m pulling for this to be a case of some serious disinformation being ‘allowed’ to be hacked by the ChiComs so their subs might start malfunctioning when we need them to! After all, it is reported that this was not classified info. A lot of this sure seems ‘convenient’ for the ChiComs. And imagine anyone’s surprise that the ChiComs and/or Russians and/or the Iranians and/or the whole darned WORLD might be trying to get hold of information that might benefit their respective militaries. I mean, that’s never happened before, right?

    Hmmm. This is from the article: “The official indicated data from other military services may have also been taken from the contractor’s servers. Indications from the multiple breaches that occurred in January and February showed that the servers on which the technical data was stored were not properly protected, the official said.”.

    Soooo, I just GOTTA ask the obvious: did this company employ someone from the Hillary Clinton campaign to handle computer security for them? LOL..

  • MDK187

    I think the Navy just sabotaged the SCO’s other dildo-project here.

  • .Hugo.

    (flagged my message? no problem, you will be flagged too)
    .
    that’s right, when you can’t really quote any serious infringement after all.
    .
    and because china honors patents with updated laws, china’s inbound fdi is always in a positive growth. 🙂

    • Zorcon, Fidei Defensor

      Never flagged anyone in my life except a SPAMMER. You are incorrect.

      • .Hugo.

        oh sure, that’s why you can only mark my message as spam to hide it.
        .
        unfortunately i can do the same to you and repost too. 🙂
        .
        .

        • Zorcon, Fidei Defensor

          Wasn’t me Comrade.

          • .Hugo.

            denial is what you people are good at, i understand. 🙂
            .

          • Zorcon, Fidei Defensor

            No need to deny that which I am not guilty of. Whatever fulfills your fantasy is OK though.

          • .Hugo.

            glad to see you are submitting to your own failure. 🙂
            .

          • Zorcon, Fidei Defensor

            I submit to nothing.

          • .Hugo.

            yes you do submit to failure. 😉

  • .Hugo.

    maybe that’s why the u.s. has lost so much credibility too after snowden exposed its massive spying network, even on its so-called “allies”.
    .
    we know today china has more domestic pending patent applications than the u.s. too, when you say it has no innovation…..

    • Zorcon, Fidei Defensor

      Steal idea, modify, get international patent. Great business strategy

      • .Hugo.

        you really think patent can be applied that way? then prove it. 🙂
        .

        .