US military logistics arm breached by China-linked hackers

US government inquiry finds Transcomm contractors had their systems hacked by groups linked to the Chinese government

A US government inquiry has revealed that contractors to the organisation responsible for deploying troops and military equipment had their IT systems hacked by groups related to the Chinese government.

Contractors serving military organisation US Transportation Command (Transcom) were hacked at least 20 times in a single year, according to a Senate Armed Services Committee report.

The report said this shows there are vulnerabilities in the system used by the military to deploy troops and equipment. It described threats to transportation systems and gaps in reporting requirements.

The Inquiry into cyber intrusions affecting US Transportation Command contractors report said Transcom was “largely unaware of computer compromises by China of contractors that are key to the mobilisation and deployment of military forces”. 

This, it reported, was the result of gaps in reporting and a lack of information sharing among government bodies.

“These peacetime intrusions into the networks of key defence contractors are more evidence of China’s aggressive actions in cyber space,” said Senate Armed Services Committee chairman Carl Levin. 

“Our findings are a warning that we must do much more to protect strategically significant systems from attack and to share information about intrusions when they do occur.”

The report said that in a 12-month period beginning 1 June 2012, there were about 50 intrusions or other cyber events into the computer networks of Transcom contractors. It said at least 20 of those were successful intrusions attributed to an advanced persistent threat (APT), all of which it attributed to China.

Findings included: 

  • A Chinese military intrusion into a contractor between 2008 and 2010 that compromised emails, documents, user passwords and computer code;
  • An intrusion in 2010 by the Chinese military into the network of a contractor in which documents, flight details, credentials and passwords for encrypted email were stolen; 
  • A Chinese military intrusion in 2012 into multiple systems on board a commercial ship contracted by Transcom.

In response to the investigation, the committee recommended addressing reporting gaps and improving the way in which the department disseminates information about cyber intrusions.

Read more on IT for government and public sector