QinetiQ North America (QQ) a world leading defense technology and security company providing satellites, drones and software services to the U.S. Special Forces deployed in Afghanistan and Middle East suffers humiliation as intelligence officials confirmed that China was able to steal the U.S. classified documents and pertinent technological information - all this because of QinetiQ's faulty decision-making.
Bloomberg reports China's spying on US from 2007 to 2012 making use of the faulty security in QinetiQ's database.
Internal investigations reveal that China's spying from 2007 to 2012 has lay on the line of QinetiQ's drones, satellites, the U.S. Army's combat helicopter fleet, and military robotics, Bloomberg reports. Spokesman for QinetiQ refuses to comment on the issue saying that the company does not allow discussing its policy on security measures. Documentations on this 5-year long hacking in the company was never meant to be publicized until 2011 when a group dubbed as Anonymous exposed a portion of the cachet in public. HBGary executives and Day confirmed the legitimacy of the leaked information.
Bloomberg News has outlined how China's spying transpired in a span of 5 years.
QinetiQ committed the first mistake as it restricts its investigation on the first discovery of the spying. An agent of Naval Criminal Investigative Service had then called the attention of the company when two people were apparently losing classified information from their laptops. According to investigator Brian Dykstra, QinetiQ treated the first hint of spying as a simple case of its computer system being infected with a virus. Dystra was only allowed to run his investigation within four days in spite of him warning QinetiQ to investigate further about the hacking.
QinetiQ's second mistake was to refuse spending big portion of its resources to continue with further investigation albeit NASA's alert in January 7 2008 that hackers are trying to gain access to its system from one of QinetiQ computers.
QinetiQ continued to treat the hacking as isolated cases even though more vulnerability were being brought to their attention - its corporate network could be accessed from a parking lot just by using a Wi-Fi connection, Russian hackers are stealing classified information from QinetiQ secretary's computer and are directly transmitted to a Russian Federation.
In February 2008 China had already gained total access on QinetiQ's drone and robotics technology. The group Anonymous had leaked data to the public exposing hackers' break-in in QinetiQ's TSG computers.
Come 2009, China has almost its complete control over TSG's computers stealing 1.3 million pages of documents and 3.3 million pages of Microsoft Excel containing TSG's code and engineering data. At this point QinetiQ's code and trade secrets are practically gone said Phil Wallisch Senior Security Enginner at HBGAry.
Even with these major errors, QinetiQ continued to commit far worse mistake when it did not make use of a very simple device requiring those employees working from home to secure unique codes. Months prior to the problem, QinetiQ was already forewarned to undergo an affordable system fix to secure employee's codes but QinetiQ had carelessly ignored the warning.
April - June 2010
By this time, it was obvious that QinetiQ can no longer recover from their mistakes as hackers penetrate their system deeper and deeper into the system - hackers rifled 14 servers to access advance robotic design in a Pittsburgh location, raid QinetiQ's Hunstville Alabama-based inventory of supposedly highly confidential weapon and source code technology and have broaden their cyber attack beyond TSG.
In June 2010, the hackers where practically out and about at QinetiQ's most confidential files - production facilities and engineering labs including systems in New Mexico where QinetiQ's engineers were working on a satellite-based espionage.
The problem was by now totally out of control as FBI had already come into the picture informing QinetiQ that its defense contractor was now losing data and malicious malwares continued to penetrate the system making the hackers' presence permanently embedded into the system.
The hackers reached as far as the computers of QinetiQ's chief operating officer, division vice president and important engineers and software architects.
The strongest blow on QinetiQ was when hackers acquired military robots software that could aid China with its own robotic programs and penetrating the maintenance program for Army's combat helicopter fleet.
According to Abdel Bayoumi, leader for the Condition Based Maintenance Center at the University of South Carolina, all obtained data made it possible for the hackers to access aircrafts PIN.
He said that that the hackers were by this time are already knowledgeable of each of the U.S. combat helicopters' information on deployment, performance, flight hours and durability. Consequently hackers were able to penetrate the Army's Redstone Arsenal also through the now extremely wrecked QinetiQ's computer system.
Big federal agencies such as FBI, Pentagon and Naval Criminal Investigative Service had finally take the matter on their hands, though the State Department who has the right to revoke QinetiQ charter has yet to shed light on the matter.
In an ironic twist, with all of QinetiQ's faulty decisions and failures that had put the U.S. in danger, the company received a $4.7 cyber-security from the U.S. Transportation Department.
QinetiQ has yet to announce effort to recover from this mess. Reports whether the company could be penalize has yet to surface.