Chinese Hackers Steal Sensitive Data on U.S. Subs and Missiles from Military Contractor, Report Says
A contractor may not have done enough to protect vital U.S. military data. Read Full Yahoo News Article Here.
For insight into this shocking revelation, we asked Salvatore Stolfo, CTO of Allure Security, for comment. Allure specializes in technology that tracks the flow of documents in and out of the company (or government agency) firewall. Sal is a tenured Columbia University professor in computer science who founded Allure with a $10M DARPA grant to research ways to stop data from leaking from government agencies.
According to Sal, “The government and its defense contractors ought to know better on how to protect our nation’s secrets.The question I have is, how long did it take for the contractor to notice the theft, and how long did that contractor take to inform the government of the breach? Fast time-to-detection is necessary to secure our nation’s secrets. Placing the data on unsecured networks is obviously not best practices, especially when working with a third-party contractor. Once that happens, agencies have no way of knowing who is accessing this information. There is technology on the market that should be used whenever government agencies are working with contractors. For example, had deception technology been used to plant convincing fakes, or decoy documents, alongside real documents, the theft would have netted the attackers bogus materials along with real materials, causing them to be uncertain as to what they actually did steal. Also, the use of beacons could have detected in real time when unsanctioned individuals were attempting to remotely open or download the files.”