QinetiQ, a UK-based defense contractor suffers humiliation as intelligence officials confirmed that China was able to steal the U.S. classified documents and pertinent technological information all this because of QinetiQ's faulty decision-making.
QinetiQ North America (QQ) a world leading defense technology and security company providing satellites, drones and software services to the U.S. Special Forces deployed in Afghanistan and Middle East.
The hacking was so extensive that external consultants ended up more or less working permanently inside the firm to root out malicious software and compromises on an ongoing basis. In one of the attacks, that took place in 2009, the hackers raided at least 151 machines of the firm’s Technology Solutions Group (TSG) over a 251-day period, stealing 20 gigabytes of data before being blocked.
As the White House moves to confront China over its theft of U.S. technology through hacking, policy makers are faced with the question of how much damage has already been done. 1.3 million pages of documents, including ones containing highly sensitive military information, were stolen at the time.
The agent had stumbled upon the breach as part of a separate investigation but apparently left out many key details including the fact that other contractors were being hit. Through 2008, is said to have treated the continuing pattern of hacks traced to its buildings as isolated incidents, including the compromise of 13,000 server passwords that attackers were used to help steal huge amounts of classified military engineering data.
QinetiQ committed the first mistake as it restricts its investigation on the first discovery of the spying. Even when NASA warned the firm that it was being attacked by hackers from one of QinetiQ’s computers the firm apparently continued to treat incidents in isolation.
The hackers were able to exploit unpatched security flaws and other vulnerabilities across QNA to infiltrate multiple divisions of the company including Cyveillance, the company's cybersecurity unit. In 2010, HBGary, the security firm hacked in 2011 by Anonymous, was hired by QinetiQ along with Terremark to investigate the attacks. HBGary almost immediately identified malicious software on most of QinetiQ’s computers.
The spying on QinetiQ and other defense contractors appears aimed at helping China leapfrog the U.S.’s technologically advanced military, foregoing years of research and development that would have cost billions of dollars