Report: U.S. military weapon systems and computers are ridiculously easy to hack


#1

Originally published at: https://boingboing.net/2018/10/11/report-u-s-military-weapon-s.html


#2

One team reported that they caused a pop-up message to appear on users’ terminals instructing them to insert two quarters to continue operating.

Yeah, I always carried loose change into battle, back in days of yore…


#3

It’s a good thing we know our congresspeople (and their offices) haven’t been compromised by a hostile foreign power like Russia, and we’re certain their communications equipment is secure against hardware attacks (from back-doors added during their manufacture).

/s?


#4

Have you’ve seen the way the US government develops software??

Or rather, you should see…


#5


#6

Like making sausage, eh?


#7

It’s almost as if any idiot can call themselves an IT expert.


#8

Damn, don’t out me like that ]:


#9

But the military propaganda commercials keep telling me the U.S. Armed Forces are leading the way in cyber warfare. How can they be wrong? Jesus H christ… if its a computer and its firewall bounds on the outside world and the cloud, its vulnerable.


#10

Are those plans for modernizing the missile silos with their 9-inch floppy drives still progressing?

ICYMI:


#11


#12

I would have chosen “I want a cookie!” (https://en.wikipedia.org/wiki/Cookie_Monster_(computer_program))


#13

#14

If the Cyclons come, we’re fucked.

battlestar-galactica-phone-2


#15

I think the US government generally develops software like anyone else for which software isn’t their business.


#16

Well, they can’t have my two obuli. What if I buy the farm and need to pay the ferryman?


#17

I suspect that many big-budget government projects - especially military - are handled pretty much the same way: just deliver a product knowing that if it has problems, then Uncle will pay more to fix it.


#18

Part of the problem is:security is a process, not a product, and you have to think about it all the time. So you can’t have “Secure” as a feature, or testing point on a compliance checklist.


#19

I would never have assumed military IT to be better secured than any other big organisation’s IT (which is to say, not very well). That’s not how it works. As @Chipsa says, security is a process, and as a rule, the only time that process is properly attended to is when everyone involved with a system is highly conscious of the risk of an attack.

I might expect systems at a bank or a big email provider to be competently secured, because those systems have people actively trying to break into them every day. People on bases surrounded by fences and armed guards don’t feel vulnerable, and for that reason don’t think it’s really a problem to have their “Useful Passwords” spreadsheet on a shared drive.

(The flip side of saying that “security is not a feature” is that it’s equally silly to go on about alleged nuclear floppy disks as if that proves something. A floppy-disk-based system that works is better than a brand-new system that doesn’t)


#20

This topic was automatically closed after 5 days. New replies are no longer allowed.