The Associated PressWASHINGTON (AP) — Russian cyberspies pursuing the secrets of military drones and other sensitive U.S. defense technology tricked key contract workers into exposing their email to theft, an Associated Press investigation has found.
What ultimately may have been stolen is uncertain, but the hackers clearly exploited a national vulnerability in cybersecurity: poorly protected email and barely any direct notification to victims.
The hackers known as Fancy Bear, who also intruded in the U.S. election, went after at least 87 people working on militarized drones, missiles, rockets, stealth fighter jets, cloud-computing platforms or other sensitive activities, the AP found.
Employees at both small companies and defense giants like Lockheed Martin Corp., Raytheon Co., Boeing Co., Airbus Group and General Atomics were targeted by the hackers. A handful of people in Fancy Bear’s sights also worked for trade groups, contractors in U.S.-allied countries or on corporate boards.
“The programs that they appear to target and the people who work on those programs are some of the most forward-leaning, advanced technologies,” said Charles Sowell, a former senior adviser to the U.S. Office of the Director of National Intelligence, who reviewed the list of names for the AP. “And if those programs are compromised in any way, then our competitive advantage and our defense is compromised.”
“That’s what’s really scary,” added Sowell, who was one of the hacking targets.
The AP identified the defense and security targets from about 19,000 lines of email phishing data created by hackers and collected by the U.S.-based cybersecurity company Secureworks, which calls the hackers Iron Twilight. The data is partial and extends only from March 2015 to May 2016. Of 87 scientists, engineers, managers and others, 31 agreed to be interviewed by the AP.
Most of the targets’ work was classified. Yet as many as 40 percent of them clicked on the hackers’ phishing links, the AP analysis indicates. That was the first step in potentially opening their personal email accounts or computer files to data theft by the digital spies.
James Poss, who ran a partnership doing drone research for the Federal Aviation Administration, was about to catch a taxi to the 2015 Paris Air Show when what appeared to be a Google security alert materialized in his inbox. Distracted, he moved his cursor to the blue prompt on his laptop.
“I clicked on it and instantly knew that I had been had,” the retired air force major general said. Poss says he realized his mistake before entering his credentials, which would have exposed his email to the hackers.
Hackers predominantly targeted personal Gmail, with a few corporate accounts mixed in.
Personal accounts can convey snippets of classified information, whether through carelessness or expediency. They also can lead to other more valuable targets or carry embarrassing personal details that can be used for blackmail or to recruit spies.
Drone consultant Keven Gambold, a hacking target himself, said the espionage could help Russia catch up with the Americans. “This would allow them to leapfrog years of hard-won experience,” he said.
He said his own company is so worried about hacking that “we’ve almost gone back in time to use stand-alone systems if we’re processing client proprietary data — we’re FedEx’ing hard drives around.”
The AP has previously reported on Fancy Bear’s attempts to break into the Gmail accounts of Hillary Clinton’s presidential campaign, American national security officials, journalists, and Kremlin critics and adversaries around the world. U.S. intelligence agencies have concluded the hackers worked for the Kremlin and stole U.S. campaign email to tilt the 2016 election toward Donald Trump — all of which Russian leader Vladimir Putin has denied.
But the hackers clearly had broader aims. Fifteen of the targets identified by the AP worked on drones — the single largest group of weapons specialists.
Countries like Russia are racing to make better drones as the remote-control aircraft have moved to the forefront of modern warfare. They can fire missiles, hunt down adversaries, or secretly monitor targets for days — all while keeping human pilots safely behind computer controls.
The U.S. Air Force now needs more pilots for drones than for any other single type of aircraft, a training official said last year. Drones will lead growth in the aerospace industry over the next decade, with military uses driving the boom, the Teal Group predicted in November. Production was expected to balloon from $4.2 billion to $10.3 billion.
So far, though, Russia has nothing that compares with the new-generation U.S. Reaper, which has been called “the most feared” U.S. drone. General Atomics’ 5,000-pound mega-drone can fly more than 1,600 kilometers to deliver Hellfire missiles and smart bombs. It has seen action in Afghanistan, Iraq and Syria.
The hackers went after General Atomics, targeting a drone sensor specialist. He did not respond to requests for comment.
They also made a run at the Gmail account of Michael Buet, an electronics engineer who has worked on ultra-durable batteries and high-altitude drones for SunCondor, a small South Carolina company owned by Star Technology and Research. Such machines could be a useful surveillance tool for a country like Russia, with its global military engagements and vast domestic border frontier.
“This bird is quite unique,” said Buet. “It can fly at 62,000 feet [18,600 meters] and doesn’t land for five years.”
The Russians also appeared eager to catch up in space, once an arena for Cold War competition in the race for the moon. They seemed to be carefully eyeing the X-37B, an American unmanned space plane that looks like a miniature shuttle but is shrouded in secrecy.
In a reference to an X-37B flight in May 2015, Russian Deputy Prime Minister Dmitry Rogozin invoked the vehicle as evidence that his country’s space program was faltering. “The United States is pushing ahead,” he warned Russian lawmakers.Speech