Night Dragon Strikes

How many intrusions by Chinese hackers does it take and how much technology data has to be stolen before U.S. companies start seriously defending themselves?

‘Sloppy’ Chinese hackers scored data-theft coup with ‘Night Dragon’

Chinese hackers who were “incredibly sloppy” still managed to steal gigabytes of data from Western energy companies, a McAfee executive said today.

“They were very unsophisticated,” said Dmitri Alperovitch, vice president of threat research at McAfee, speaking of the attackers. “They were incredibly sloppy, made mistakes and left lots of evidence.”

The attacks, which McAfee has dubbed “Night Dragon” and had tracked since November 2009, may have started two years earlier. They are still occurring.

Night Dragon targeted at least five Western oil, gas and petrochemical companies, all multinational corporations, said Alperovitch, who declined to identify the firms. Some are clients of McAfee, which was called in to investigate.

According to McAfee, the attacks infiltrated energy companies’ networks, and made off with gigabytes of proprietary information about contracts, oil- and gas-field operations, and the details on the SCADA (supervisory control and data acquisition) systems used to manage and monitor the firms’ facilities.

See also:
McAfee: Night Dragon Cyber-Attack Unsophisticated but Effective
‘Night Dragon’ Attacks From China Strike Energy Companies
Oil Firms Hit by Hackers From China, Report Says
Chinese hackers targeted energy multinationals, claims McAfee
Night dragon attacks petrol companies
China-based hackers targeted oil, energy companies in ‘Night Dragon’ cyber attacks, McAfee says
Hackers in China have hit oil and gas companies: McAfee report
Chinese hackers steal “confidential information” of five global oil companies: McAfee
Chinese Technician Denies Knowledge of Hacking
China Hacks Big Oil
Chinese hackers break into five oil multinationals
Chinese hackers ‘hit Western oil firms’

Repeat after me, China is not our friend. They don’t create innovative technology, they steal it. Hacking in China is a state-sponsored industry. Furthermore, the oil and gas industry is critical infrastructure, vital to our national security.

/these were unsophisticated attacks, meant only to steal data, and these energy companies couldn’t defend against them, what will happen when Chinese hackers unleash much more sophisticated attacks against our energy infrastructure, with the intent to inflict maximum damage and destruction?

Typical Government Efficiency

And remember, this is the FBI, they’re on our first line of defense against terrorism.

Audit Cites FBI Technology Problems

The Federal Bureau of Investigation’s struggles with technology are expected to continue to eat up millions of dollars and still leave agents and analysts wanting for a seamless electronic system to manage investigations, according to a federal audit released Wednesday.

Justice Department Inspector General Glenn Fine said the FBI has already spent $405 million of the $451 million budgeted for its new Sentinel case-management system, but the system, as of September, was two years behind schedule and $100 million over budget.

Thomas Harrington, FBI associate deputy director, said the audit uses an outdated and “inflated cost estimate” that is “based on a worst-case scenario for a plan that we are no longer using.”

The FBI’s technology problems aren’t new, but they have potential consequences for the bureau’s efforts to prevent terrorist attacks, particularly at a time when the domestic terrorist threat is growing.

The Sept. 11, 2001, attacks exposed the FBI’s troubles with information sharing, and the bureau accelerated plans to replace its unwieldy case-management system with new software.

That technology project was called Trilogy and was supposed to deliver software called Virtual Case File that was to help FBI agents share investigative documents electronically. The inspector general called the project a fiasco and said the FBI and its contractors wasted $170 million and three years.

FBI Director Robert Mueller canceled Virtual Case File in 2005 and started a new project called Sentinel to be completed in 2009.

The system is supposed to provide agents and analysts with a secure Web-based system to search and manage evidence and get approvals for documents.

According to Mr. Fine’s audit, the system is still far from completion.

In July 2010, the FBI issued a stop-work order to contractor Lockheed Martin Corp. and decided to take over management of the completion of Sentinel.

FBI officials now say they can complete the system by September 2011, with additional spending of $20 million, according to the audit.

Mr. Fine found cause to doubt those estimates. He cited a review conducted by Mitre, a research group that is funded by the federal government, that estimates it will cost another $351 million to complete the system.

Read the report:

Status of the Federal Bureau of Investigation’s Implementation of the Sentinel Project,
Audit Report 11-01, October 2010

See also:
FBI Sentinel project is over budget and behind schedule, say IG auditors
FBI behind schedule, over budget on computer system
Report sharply critical of delays, costs of FBI case management system
IG report hits FBI Sentinel program
FBI Computer System Behind Schedule, Over Budget After $405 Million Spent
FBI computer system years late and way over budget
More Computer Woes at FBI, New System Late Over Budget
IG: FBI’s Sentinel program still off-track, over budget
FBI’s computer woes continue, auditors say
Report: FBI case management system still falls short
FBI’s Sentinel project $100 million over budget, 2 years behind schedule
Report Finds FBI Computer System Over Budget, Behind Schedule

Are you telling me that it takes more than five years and over a half billion dollars to design a case management system and it’s still not finished? And why is Lockheed Martin designing the software, when did they become known as software designers? Even Microsoft, as crappy as they are, could have probably put out a product that works in less time and for less money.

/if this FBI computer system disaster is an example of how the U.S. government operates in this arena, I can only shudder to think what will happen and how much it’ll cost when they decide to upgrade the homeland security and military computer networks