GO
Loading...

Defense networks vulnerable to cyberattack: Expert

The U.S. government shutdown that began Oct. 1 leaves cybersecurity experts fearing the Department of Defense's computer networks may be more at risk. While Democrats and Republicans continue to battle it out, foreign adversaries may be taking advantage of the shutdown.

"Military systems are growing more complex and more intertwined daily, making them more vulnerable and on top of that, we have these ongoing issues with budgets. There was first the sequester, which cut deep into IT modernization accounts, and now there is the government shutdown," said Bob Gourley, the editor of CTOVision.com. Gourley has analyzed the U.S. military's security, including working on the most recent Defense Science Board report.

The full economic impact may not be known for months, but according to Gourley, the Pentagon's cybernetworks are vulnerable, which could lead to larger problems in the future.

A Department of Defense spokesman said by e-mail that the DOD has continued maintain critical IT operations and is ready to respond to cyber incidents.

"While the shutdown has been disruptive to our mission and many civilians remain furloughed, personnel who support key missions and activities remain on duty. These missions include sustaining critical IT capabilities and maintaining our network defenses," the spokesman said.

Authorities, with good reason, are always braced for cyberbreaches. The DOD is attacked daily, and sometimes successfully.

A Department of Defense spokesman wrote in an e-mail: "We have full confidence in the integrity of the department's networks and systems upon which we conduct critical operations. Recent reports about cyber intrusions does not change that assessment."

In May, The Washington Post reported that according to a classified report issued by the Defense Science Board, Chinese hackers had access to classified weapons systems designs. The breach included missile design systems and the plans for combat ships and aircraft.

(Watch: FBI's new attack plan)

Gourley explained the very real consequences of the breaches. "If they steal our software, they can learn how to reverse engineer and create their own software to support their own weapons systems."

He further compared the breach to the U.S. funding adversary nations' military research and development.

Russia also has successfully hacked the U.S. military, according to security experts.

In 2008, attacks breached the U.S. Central Command in Afghanistan. Flash drives with malicious code were inserted into military computers. The Pentagon has not disclosed what was taken.

James Lewis, senior fellow and director of the Technology and Public Policy Program at the Center for Strategic and International Studies, said a similar attack could have serious consequences. "If it had happened in a war, we would have lost," he wrote in an email.

(Read more: The average investor's guide to war)

Thomas Samson | AFP | Getty Images

Hackers upped the ante in 2011. "In a single intrusion this March, 24,000 files were taken," former Deputy Defense Secretary William J. Lynn III said in a speech in July 2011.

For this attack, hackers targeted employees of a defense contractor.

"As long as there are humans in these enterprises, humans trying to deceive our good people, adversaries will be able to get in through this route. They send a very carefully crafted email that looks like it may come from your boss or a co-worker or someone else that you want to read," Gourley said.

(Read more: US charges six in biggest credit card hack on record)

When the employees opened the legitimate seeming emails, they inadvertently gave foreign hackers access to thousands of military files. The Pentagon has not disclosed what specifically was contained in the files.

—By CNBC's Jennifer Schlesinger. Follow her on Twitter @jennyanne211.

Featured

Contact Hacking America

  • CNBC's senior correspondent and lead investigative reporter, Scott Cohn also appears on "NBC Nightly News with Brian Williams," "Today" and on MSNBC.

  • “Squawk on the Street” Co-Anchor

  • CNBC Washington Reporter

Investigations Inc.: Cyber Espionage

  • When a person enters information on a website, like an email or credit card, it gets stored in that company’s data base. Those web-based forms are a simple tool for users, but they are also another way hackers can exploit a company’s system. Instead of inputting a name into the website, cyber spies can put in a specially crafted text that may cause the database to execute the code instead of simply storing it, Alperovitch said. The result is a “malicious takeover of the system,” he said.

    By attacking business computer networks, hackers are accessing company secrets and confidential strategies and creating huge losses for the overall economy.

  • China is working feverishly to counteract its slowest GDP growth in recent years, and one of the ways it’s doing so, say U.S. officials, is through the theft of American corporate secrets.

  • US businesses are enduring an unprecedented onslaught of cyber invasions from foreign governments, organized crime syndicates, and hacker collectives, all seeking to steal information and disrupt services, cybersecurity experts say.

Technology

Technology Explained