The Pentagon's next-gen weapons systems currently under development by the Department of Defense (DoD) are woefully vulnerable to cyberattacks, according to a Tuesday report by the US Government Accountability Office (GAO).
GAO testers "playing the role of adversary" discovered "mission critical cyber vulnerabilities in nearly all weapon systems that were under development."
"Using relatively simple tools and techniques, testers were able to take control of systems and largely operate undetected, due in part to basic issues such as poor password management and unencrypted communications," said GAO officials.
In one case, it took a two-person test team just one hour to gain initial access to a weapon system and one day to gain full control of the system they were testing.
Some programs fared better than others. For example, one assessment found that the weapon system satisfactorily prevented unauthorized access by remote users, but not insiders and near-siders. Once they gained initial access, test teams were often able to move throughout a system, escalating their privileges until they had taken full or partial control of a system.
In one case, the test team took control of the operators' terminals. They could see, in real-time, what the operators were seeing on their screens and could manipulate the system. They were able to disrupt the system and observe how the operators responded.
Another test team reported that they caused a pop-up message to appear on users' terminals instructing them to insert two quarters to continue operating.
Multiple test teams reported that they were able to copy, change, or delete system data including one team that downloaded 100 gigabytes, approximately 142 compact discs, of data.
Warnings ignored
Despite years of repeated warnings, cybersecurity surrounding weapons systems has been surprisingly ignored. In 1991, the National Research Council reported "as computer systems become more prevalent, sophisticated, embedded in physical processes, and interconnected, society becomes more vulnerable to poor system design, accidents that disable systems, and attacks on computer systems. Without more responsible design and use, system disruptions will increase, with harmful consequences for society. "
More at: https://www.zerohedge.com/news/2018-...ngly-easy-hack
Connect With Us