Hackers working for the Chinese government compromised a US Navy contractor and stole a massive cache of highly sensitive data, including details about a planned supersonic anti-ship missile, American officials said Friday.
The hack, reported by the Washington Post, took place in January and February and resulted in more than 614 gigabytes of data being stolen. The contractor that was breached was not disclosed but reportedly worked with the US Naval Undersea Warfare Centre, a research and development group that works on submarines and underwater weapons.
Of particular interest in the treasure trove of stolen documents—all of which government officials said were unclassified, per The New York Times—were details about a project known as Sea Dragon. First proposed in 2012, the Post said Sea Dragon is part of a Pentagon initiative to adapt existing US military technologies for new applications. The US Defence Department described Sea Dragon as a weapon with “disruptive offensive capability” that will integrate “an existing weapon system with an existing Navy platform.”
While public details regarding the project are few and far between, the Pentagon has reportedly requested or used more than $300 million (£223m) for the Sea Dragon project since 2015. Underwater testing is planned to start this September.
The Post also reported that plans for a supersonic anti-ship missile were also stolen (it’s not clear if those plans are the same or related to the Sea Dragon project). The missile was intended to be introduced for use on US submarines by 2020.
Per the Post, the stolen files also contained the following:
Signals and sensor data, submarine radio room information relating to cryptographic systems, and the Navy submarine development unit’s electronic warfare library.
The breach certainly isn’t good—reportedly, data on hundreds of mechanical and software systems were stolen by the Chinese hackers—but the Times pointed out that it’s “hardly the largest, or the most sensitive” hack carried out in an escalating cyberwar between the US and China. That distinction likely belongs to the hack of the Office of Personnel Management—also tied to the Chinese government—which resulted in the personal information of as many as 25 million federal workers and contractors being compromised.
Still, the breach highlights the ongoing trouble the US federal government has had not just defending against breaches but also getting contractors to stop playing fast and loose with sensitive data. Last year, a defence contractor Booz Allen Hamilton left sensitive Pentagon files on an Amazon server with no password protection in place. Contractor VendorX left billions of social media posts scraped by the Pentagon on an unprotected server, and another contractor publicly exposed “highly sensitive” US military data.