Title: Chinese Exfiltrate Sensitive Military Technology
Release Date: 2015-01-17
Description: These three undated NSA slides describe alleged Chinese cyberattacks against US military targets, codenamed BYZANTINE HADES: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
Document: (U) Acquired radar design
- (U) Numbers and types of
modules
(U) Detailed engine
schematics
(U) Methods for cooling gases
(U) Leading and trailing edge
treatments
(U) Aft deck heating contour
maps
1 am/ tprp>hvtes of data
Him
race
ft* CMS
Bat
®s-w»ir sis?u
(S//REL) Chinese
Technoloav
TOP SECRET//COMINT//REL USA, FVEY
7
TOP SECRET//COM INT//REL USA, FVEY
(S//REL) BYZANTINE HADES Causes Serious Damage to DoD Int
(S//REL) (S//REL) Resources Expended Towards * At least +30,000 lncidents/ + 500 Significant Intrusions in DoD Systems * At least +1600 Network Computers Penetrated * At least 600,00 User Accounts Compromised * +$100 Million to Assess Damage, Rebuild Networks
Response to Attacks (S//REL) Personnel, Network, Logistics Data, Compromises • USPACOM: Air Refueling Schedules (CORONET) USTRANSCOM: Single Mobility System (SMS) • U.S. Air Force: 33,000 General/Field Grade Officer Records • Navy: Over 300,00 User ID/Passwords Compromised • Navy: Missile Navigation and Tracking Systems • Navy: Nuclear Submarine/Anti-Air Missile Designs
(S//REL) Science & Technology Export Controlled • International Traffic and Arms Restrictions (ITAR) Data • Contractor Research & Development • Defense Industrial Espionage - B2, F-22, F-3 5, Space-Based Laser, Others (S//REL)
Data
i
/REL) Estimated Equivalent of Five Libraries of Cong
(50 Terabytes)
TOP SECRET//COMINT//REL USA, FVEY
8
U) Cyber AttaekE
Adversary Malware
Design Process
SIGINT-Enabied Countermeasure intn.Jo
Mitigates Adversary Intrusion 'tdvers
DEPLOY
PLAN
r \r V'
• < • *
timeline 1
ATTACK
Adversary Malware
Depioyment/Attack Process
Tailored Countermeasure
Developed & Deployed
SIGINT Discovers
Adversary Intentions
Countermeasure Development
(S//REL) How do we use SIGINT to discover Malware during the
design process?
(S//REL)
TOP SECRET//COMINT//REL USA, FVEY