2 min

The U.S. Department of Defense, the Pentagon, is going to deploy a new generation of weapon systems. These systems appear to be very easy to hack. The systems have moderate passwords, employees communicate without using encryption and there are many unresolved bugs.

This is stated in a report by the US Government Accountability Office (GAO). The agency is responsible for monitoring, evaluating and investigating services for Congress. A study was carried out into the expenses that the Pentagon intends to make, worth $1.66 trillion. Depending on the outcome of that research, that money will be promised.

Role of the enemy

According to the new report, the GAO testers played the role of enemy. They found a range of vulnerabilities in the new weapon systems. The employees of GAO used relatively simple tools and techniques and were able to take over systems. For the most part, this was done without the employees being noticed. This was partly due to problems such as bad passwords and unencrypted communication.

The report contains a number of shocking conclusions. For example, two GAO employees only needed one hour to gain access to a weapons system. Within a day, they had full control of the system. Remarkably often, if GAO employees tried to gain access to a system, they could often upgrade their own privileges.

Multiple test teams reported that they could copy, change and delete system data. One of the teams was able to download a hundred gigabytes of data, approximately equal to 142 cds. In a reaction to the teams, Pentagon staff stated that the test results were unrealistic in some cases.

Weapon systems not adapted

The GAO states that all the tests it carried out related to weapon systems that are still under development. The hackers have therefore not been given access to weapons systems that are currently in use and that can be used against the United States. But there is a warning: when the new weapon systems are put into use, the threat is very real.

It doesn’t look good unless they see it as a wake-up call and take serious action, says Christina Chaplin, one of the GAO employees who helped compile the report for the ZDNet site. However, the problems are not yet being tackled very energetically.

For example, one of the test reports showed that only one of the 20 cyber vulnerabilities found in a previous test was actually addressed. The test team could use the same vulnerabilities to take over the system. When asked why the systems weren’t adapted, the representatives said that the solution had been identified, but for some reason it hadn’t been implemented. They pointed out a contractor as the guilty party.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.