4 Comments

Summary:

A defense contractor faced repeated hacks from Chinese spies who gained access to terabytes of confidential data, Bloomberg reports. More security tools could help, and the government could do more to protect itself.

Hacking, virus
photo: alexskopje

QinetiQ North America, a prominent defense contractor to the U.S. government, endured extensive on-again-off-again hacks in 2007-2010 from spies in China, resulting in the loss of many terabytes of sensitive data, including more than 10,000 passwords, chip architecture for military robots and weapon information, according to an article from Bloomberg Thursday.

The hackers accessed confidential data across multiple facilities from laptops and servers alike, the article stated. To avoid being observed on a company network, in one instance the hackers siphoned out data in small quantities. And QinetiQ’s own employees apparently removed software put on their computers to detect malware after becoming frustrated with how it impacted the performance of their computers: with the IT department’s permission.

Depite the known hacks, the federal government awarded a cybersecurity contract to QinetiQ in 2012, according to the article. QinetiQ sells two cybersecurity products, the Knowledge Discovery Appliance and the Social Engineering Protection Appliance among other offerings, although the article noted that many defense contractors have also suffered from cyberattacks.

While federal agencies have investigated the hacks, QinetiQ retains its ability to work with military technology, according to the Bloomberg report, even though hacks have resurfaced many times over a several-year period, and even when it’s in the government’s best interest to shut down what has effectively served as a back door into federal networks. The article reported that “the State Department lacks the computer forensics expertise to evaluate the losses.” That’s pretty bad — and the problem might only get worse as the the federal government looks at ways to consolidate its IT footprint.

Following on a string of cyberattacks on companies earlier this year, the news of the QinetiQ hacks is another example of the need for better security protections for businesses and other organizations. It also calls into question whether the feds can do more to prevent cyberattacks.

And it points to an opportunity. If this is the golden age of enterprise IT, brought on by big disruptions such as cloud computing and the bring-your-own-device trend, security could become an even hotter space over the next few years for VCs to back.

Feature image courtesy of Shutterstock user alexskopje.

You’re subscribed! If you like, you can update your settings

  1. Ouch :( Being a corporate the security officer is probably in-line for a promotion!!

  2. The fix for this would be to teach them (and other defense contractors) to value security, by giving them no new contracts for a few years, but we apparently don’t believe in that kind of thing. Instead, we propose stupid legislation that wouldn’t have helped.

  3. Exactly when do you declare a cyber war, when you have no secrets left?

  4. Maybe the Feds should stop persecuting and alienating all the hacker community, If they didnt try and dirty deal and lie to everyone about things they might have some help. It seems the Govt soon will be calling out for help beyond some rich companies that have taken billions for years and called it security.

Comments have been disabled for this post