How Customer Advisory Boards build the trust and integrity required for successful delivery of active threat protection services.
by Eldon Sprickerhoff
In today’s new reality of state-sponsored cybercrime, hacktivism, social engineering, industrial espionage, NSA surveillance and the ongoing delicate dance between security and privacy, the role of trust in a customer-vendor relationship has never been more critical to good business.
As a Canadian-based provider of active threat protection services since 2001, eSentire has been at the tip of the spear in defending our clients from determined and sophisticated advanced threat actors. We bring a rich heritage and reputation of always-on, effective threat protection delivery in the financial services market, conducting the majority of our business in the United States.
So it should come as no surprise, against the backdrop of drip-by-drip disclosures released by embattled government contractor Edward Snowden, that there is a broader degree of uncertainty, trust and general insecurity created by the assertions of NSA’s eavesdropping on everyone from respected world leaders to everyday chat room conversations.
The growing fervor has many C-level decision-makers scrambling for alternative methods to maintain the privacy and integrity of their intellectual property and ability to conduct business without third-party surveillance or fretting over the omnipresent threat of a cybersecurity breach.
In his recent Forbes commentary, Will Attestations Solve the Vendor Trust Problem, widely respected information security industry analyst Richard Stiennon argues that U.S.-based trust in IT vendors is waning, particularly among manufacturers of networking gear, driven by concerns over deploying devices potentially compromised by the NSA.
The ecosystem is sadly no longer trusted, and we believe it is incumbent on vendors to not only publicly attest to the integrity behind their software, but to build bridges like never before. As a managed threat protection company for 12 years, trust is in our DNA and our two-day Customer Advisory Board (CAB) meeting, mid-October in New York City only served to strengthen our relationships.
eSentire’s heritage and reputation has been built defending and protecting the alternative investment community, and hedge fund organizations in particular. We are expanding, growing north of 200 clients across the globe in intellectual property-based industries, including: technology, legal, and extractive (oil, gas, mining and chemicals).
Our meeting was more than just a two-day soiree to press the flesh with customers. Featuring keynote presentations from G. Mark Hardy, President, National Security Corporation, and Ed Ferrara, Principal Analyst, Forrester Research, the eSentire CAB meeting comprised meaningful feedback sessions, service demonstrations, panel discussions and meaningful one-on-ones with the companies entrusting us to protect their crown jewels.
In particular, participants discussed emerging trends in attacks, how to better leverage threat intelligence to quickly detect new forms of attacks on a macro scale, real-time reporting, and privacy issues around the use of BYOD devices and the company’s right and ability to monitor email and messaging traffic.
By fostering an environment for two-way dialogue we strengthened our foundation of trust, exchanged ideas, addressed concerns and gained useful input on how we can further calibrate and
refine what we do best.
So as advanced and insider threats mount in frequency, sophistication and scale, and forces beyond our control reshape the boundary lines of business, let’s take heed in the fundamentals of good business: a personal handshake, eyeball-to-eyeball conversation, and a formal reiteration to each client that we will always have their back, as we like to say, on a 24x7x365 basis.
Eldon Sprickerhoff is CTO and co-founder of Cambridge, Ontario-based eSentire, a leading provider of active threat protection services. He can be reached directly at
Managers Struggle to Deliver Real-Time Reporting
By Carol Tang
By Carol Tang
August 29, 2013
Asset managers historically have had to provide trade and performance data, but technology advancements don’t always make the job easier. Today, increased real-time reporting requirements in tandem with mounting changes to technology and regulations have made it a struggle for organizations to keep track of it all, experts say.
A lot has changed on multiple fronts of asset manager operations, from processing and risk management to the technology components, says Jim Suglia, head of U.S. investment management consulting at KPMG. “It’s mind-blowing for a lot of organizations.”
And it gets even more intricate for managers crafting alternative investments. “If you’re a private equity firm, your reporting requirements went from monthly reporting needs to suddenly real-time reporting needs,” Suglia says.
BNY Mellon Asset Servicing recently conducted a poll of its clients that invest in alternatives to name some of their top challenges in effective risk management. Inadequate real-time risk management capabilities and uncertainty around future regulations were among the greatest barriers, according to the study.
“Real-time reporting is a big word these days,” says Art Murphy, director of client development at the Abacus Group.
The new focus is driving firms, in some cases, to build information management systems simply to handle the flow of data. For instance, more firms are migrating toward a streamlined, dashboard-like operational system, where on one screen they can visualize the near-term compliance requirements they still have to meet, the names of managers who still have to sign their ethics agreements and the areas in their portfolios where they underperformed that day, he says.
Real-time reporting also significantly improves a firm’s ability to manage its cash flows by recording cash positions as they enter and exit trades, according to a recent report by Aberdeen Group. Such data visibility can improve cash flow management and is in fact a key strategic action, as cited by 54.5% of respondents, according to a poll Aberdeen conducted.
About 35.7% of respondents in Aberdeen’s survey reported they have already implemented real-time visibility and control for cash account balances. Half of the respondents expressed interest in adding these capabilities within the year.
One approach more asset managers appear to be embracing to address these real-time reporting needs is outsourcing their non-core technology needs to external organizations that provide back-end solutions to manage the data.
“It’s better to outsource because you can still have the best-in-class infrastructure for data, and as a fund can focus on how to add alpha without reinventing the wheel,” says Nancy Davis, a former director of derivatives at AllianceBernstein, who now is managing partner at Quadratic Capital, a global macro alternatives manager.
The trend is not toward a single, big outsourcing solution to support real-time reporting, however. Instead, technology firms that handle back-end technology functions are increasingly working with other specialist outfits for services such as security solutions, creating a web of outsourcers that combine forces to serve each manager’s needs.
Security firms that are linked to the real-time reporting functions of a manager can often head off wider problems because they are alerted almost immediately in the event of a malfunction. For instance, firms such as eSentire, which “secures” more than $1.2 trillion in assets under management, will track flare-ups at one firm and notify other firms in the space on how to protect their data in real time, according to the firm.
Though technology specialist firms have developed solutions to accommodate for growing real-time reporting needs, challenges remain as organizations work to smooth out the bumps. Murphy says some of the continuing technology-side obstacles include how to incorporate all of the moving pieces of data in real time to function in the most efficient way possible. Reported data rarely comes from just one system. Instead, it is usually fed from several functions, including accounting, fund administration and the execution management system (EMS). “At some point, this all needs to be aggregated,” he says.
More and more, firms will take a step back to address how their overarching data architecture fits into their portfolio management process, says Suglia.
It’s not a quick fix, he adds. “This is almost once in a generation. We’re talking about anywhere from a four- to seven-year journey.”
August 27, 2013
The New York Times Web site was unavailable to readers on Tuesday afternoon after an online attack on the company’s domain name registrar. The attack also forced employees of The Times to take care in sending e-mails.
The hacking was just the latest of a major media organization, with The Financial Times and The Washington Post also having their operations disrupted within the last few months. It was also the second time this month that the Web site of The New York Times was unavailable for several hours.
Marc Frons, chief information officer for The New York Times Company, issued a statement at 4:20 p.m. on Tuesday warning employees that the disruption — which appeared to be affecting the Web site well into the evening — was “the result of a malicious external attack.” He advised employees to “be careful when sending e-mail communications until this situation is resolved.”
In an interview, Mr. Frons said the attack was carried out by a group known as “the Syrian Electronic Army, or someone trying very hard to be them.” The group attacked the company’s domain name registrar, Melbourne IT. The Web site first went down after 3 p.m.; once service was restored, the hackers quickly disrupted the site again. Shortly after 6 p.m., Mr. Frons said that “we believe that we are on the road to fixing the problem.”
The Syrian Electronic Army is a group of hackers who support President Bashar al-Assad of Syria. Matt Johansen, head of the Threat Research Center at White Hat Security, posted on Twitter that he was directed to a Syrian Web domain when he tried to view The Times’s Web site.
Until now, The Times has been spared from being hacked by the S.E.A., but on Aug. 15, the group attacked The Washington Post’s Web site through a third-party service provided by a company called Outbrain. At the time, the S.E.A. also tried to hack CNN.
Just a day earlier, The Times’s Web site was down for several hours. The Times cited technical problems and said there was no indication the site had been hacked.
The S.E.A. first emerged in May 2011, during the first Syrian uprisings, when it started attacking a wide array of media outlets and nonprofits and spamming popular Facebook pages like President Obama’s and Oprah Winfrey’s with pro-Assad comments. Their goal, they said, was to offer a pro-government counternarrative to media coverage of Syria.
The group, which also disrupted The Financial Times in May, has consistently denied ties to the government and has said it does not target Syrian dissidents, but security researchers and Syrian rebels say they are not convinced. They say the group is the outward-facing campaign of a much quieter surveillance campaign focused on Syrian dissidents and are quick to point out that Mr. Assad once referred to the S.E.A. as “a real army in a virtual reality.”
In a post on Twitter on Tuesday afternoon, the S.E.A. also said it had hacked the administrative contact information for Twitter’s domain name registry records. According to Whois.com, the S.E.A. was listed on the entries for Twitter’s administrative name, technical name and e-mail address.
Twitter said that at 4:49 p.m., the domain name records for one image server, twimg.com, were modified, affecting the viewing of images and photos for some users. By 6:29 p.m. the company said, it had regained control, although as of early evening, some users were still reporting problems receiving images.
The social networking company, based in San Francisco, said no user information had been affected.
Mr. Frons said the attacks on Twitter and The New York Times required significantly more skill than the string of S.E.A. attacks on media outlets earlier this year, when the group attacked Twitter accounts for dozens of outlets including The Associated Press. Those attacks caused the stock market to plunge after the group planted false tales of explosions at the White House.
“In terms of the sophistication of the attack, this is a big deal,” Mr. Frons said. “It’s sort of like breaking into the local savings and loan versus breaking into Fort Knox. A domain registrar should have extremely tight security because they are holding the security to hundreds if not thousands of Web sites.”
By Richard Stiennon
Governments around the world have commandeered the Internet, as Bruce Schneier so succinctly points out in The Atlantic. How is that going to impact the IT security industry? This $60 billion industry researches, develops, and sells firewalls, anti-malware, authentication, encryption, and 80 other categories of products. With each advance in the threat levelrepresented by hackers, cyber criminals, and cyber spies there has been a new batch of vendors which come on the scene to counter threats that bypass previous technologies and spending has increased.
Spending on IT security is poised to grow tenfold in ten years. Every organization from the largest oil and gas refiner, to the smallest bank has underspent on security. Classic risk management methodologies call for trade-offs in security. Unlikely events, Black Swans, are not accounted for. This protect-against-the-known philosophy is what led to most defense contractors and even the Department of Defense being completely vulnerable to sophisticated targeted attacks from foreign spy agencies. The recent rapid growth of technology vendors to ward off cyber attacks is a blip compared to what is coming.
Even the most sophisticated Chinese cyber spies do not appear to be well funded. They use shelf ware and their teams work regular hours. The NSA on the other hand is shockingly replete with funds. The US Intelligence Community budget of $70 billion is twice the size of the Australian military budget. The NSA has donated $160 million to its sister agency, GCHQ, in the UK for intelligence gathering. The investment in creating Total Information Awareness over the last decade has stunned the industry.
There will be a response to this threat against all communications. That response will be hundreds of new IT security vendors cropping up all over the world. Thanks to a dramatic increase in distrust of US companies this boom in technology will not be centered on Silicon Valley. Just as the draconian anti-encryption measures of the ‘90s drove development offshore, major cloud providers will have to push their engineering and research into countries that are more open and considerate of privacy and transparency.
As engineers do, great minds around the world are today figuring out the technology to route around surveillance. The market is there. Funding will be readily available. It will be the ultimate irony if a tech giant like Huawei becomes a trusted provider of infrastructure because there is less chance that its executives are secretly working with the NSA.
What is needed to re-establish trustable communications? Roger Grimes sums up the difficulty, although his conclusion, to not use the Internet, is defeatist. Look to these technologies to experience a boom:
Encryption: Encryption predates the Internet, and yes code making and breaking was what the NSA was created for, but encryption technology is in the hands of private enterprise and is the easiest part of the solution.
Certificate Management: The reason most people and most enterprises do not use encryption, other than SSL for web access and WPA for wifi, is that key and certificate management is cumbersome. That is already changing with companies like Entrust and Venafi rolling out certificate discovery and management tools. Even SSH has introduced key management for its secure remote access tool.
Authentication: Having encryption and good certificate management is useless against a sophisticated attacker unless measures are taken to protect those keys. One of the primary measures is two factor authentication. Attackers know to target credential repositories like Active Directory. Keys should be well protected. Signing certificates should be air-gapped and access to them should require at least two-party authentication, like in a missile silo.
All the rest. Protecting keys, certificates, and the infrastructure to contain them involves everything the IT security industry has provided to date. Firewalls, IPS, anti-malware, vulnerability management, patching, etc. account for $60 billion in spending today.
The hard part. The scariest part of the surveillance state is that it has tapped the backbone of the Internet. Every connection from every computer and smart phone can be logged. Even encrypted packets have to have clear text headers to be routed over the Internet. The surveillance state can garner amazing amounts of intelligence from collecting this meta data. A journalist and his source can be connected, an attorney and her client, or a CFO and an acquisition candidate, or a Congressperson and his lobbyist, are all subject to linkage analysis.
There are several systems today that seek to obfuscate Internet communications, but they are becoming increasingly suspect as even Tor was recently compromised in a major bust. Making multiple encrypted hops to avoid tracking is expensive in terms of latency and download times. New protocols and technology will need to be developed and new infrastructure rolled out.
What does this mean for the growth of the IT security industry? It means a ten fold increase in spending and a doubling in the number of products and services.
Look at the numbers. The very best IT organizations report spending 6-8% of their budget on security. That is going to have to double in the short term to counter the threat of the surveillance state, just to account for the deployment and management of encryption everywhere. Telecom costs will rise dramatically to pay for the new infrastructure to obfuscate traffic. Those are the thought leading enterprises. All the rest have to play catch up. Gartner sizes the entire IT spend at $3.3 trillion and security infrastructure spending at $60 billion in 2012 with an 8.4% growth rate. In order to counter the surveillance state that growth rate will need to quadruple to 24%. Extrapolated to ten years IT security spending will be $639 billion by 2023 – a tenfold increase.
Growth rates of this magnitude are going to change the IT landscape, not just security. The ramifications are well worth contemplating.
Investors. Now would be a very good time to make strategic investments in IT security companies, as many Private Equity companies are beginning to recognize. Even poorly managed companies can thrive in a fast growth environment.
Policy makers. Politicians, think tanks, and NGOs have to become well educated in the implications of a surveillance state and the technologies being developed to counter the new reality. Voting for legislation to make the use of countervailing technology illegal may fly in the face of popular sentiment.
Universities. This type of growth will have far reaching impacts on the job market for college graduates. Computer science departments will have to teach secure software development practices and graduate security specialists. Reach out to large technology vendors for research grants to develop secure communications and networking infrastructure.
Businesses. The surveillance state is going to have a dramatic impact on your operating costs as you rush to re-comply with your audit regimes.
Security vendors. Revise your product road maps today to account for a dramatic increase in demand for surveillance proof technology. Cyber crime, cyber espionage, and even cyberwar, are no longer the next big thing.
Security practitioners. Learn what end-to-end security and zero-trust means. Look at your architectures to see what investment it will take to get to these end states.
Consumers. Pay attention to the new spate of vendors that will rise to replace the Lavabits and SecureCircles. They may be off-shore. In the meantime start using proxies for web browsing and and switch to the two factor authentication offered by the major web services.
Google, Yahoo!, Facebook, and Twitter. It’s up to you to fix a problem we now know you were complicit in creating. Push back on the legal and legislative side while at the same time put your best minds to work on the problem of regaining the trust of your users.
NSA. Under the veil of secrecy and a compliant legislature and judiciary you have profited tremendously from an intelligence bubble. That bubble will burst. Ten years from now you will not have access to all communications of all people. Make plans for winding down the surveillance state. You have already done untold damage to the country you are striving to protect. If you continue the current path you will bankrupt us.
LAWRENCEVILLE, NJ, July 17 2013 – Edison Ventures today announced $5.5 million investment in a $7.0 million total financing round in Ontario, Canada based eSentire. Existing investor VentureLink joined Edison in the round. The proceeds will be used to increase sales and marketing, expand product development to address markets beyond financial services eSentire combines behavior-based technology with seasoned security professionals to provide a unique managed services offering. To date, the company has focused exclusively on serving the financial services market, specifically hedge funds. With Edison’s investment, eSentire will continue to penetrate the hedge fund sector and, expand into other markets.
Lenard Marcus, Edison Principal who led the investment noted, “eSentire’s behavioral based technology and focus on monitoring the network continuously enables the company to provide advanced cyber security. We were most impressed with the company’s focus on 24/7 network monitoring and tracking employee behavior. Many companies have learned that their greatest threats come from internal, “trusted” staff. Companies across all industries require a solution such as eSentire’s given the heightened threat of cyber crime and the advances hackers have made.”
eSentire’s CEO J.P. Haynes stated, “eSentire is a rapidly growing company with a unique value proposition. We are excited to have Edison on board. In additional to the financing, their understanding of the marketplace and deep network will enable us to accelerate our go to market activities and add depth to the product and executive management team.”
eSentire will join Edison’s Enterprise 2.0 investment sector which encompasses enterprise software, cloud computing, SaaS applications, storage systems and data analytics. Notable exits include Best Software, E-Transport, POMS, and Visual Networks. Other recent investments in this sector include CallCopy a provider of contact center software and KEMP the leading provider of application delivery and control software to the small and medium business segment.
About Edison Ventures
Established in 1986, Edison partners with entrepreneurs, service providers and other financing sources to build successful companies. Edison provides capital and value-added services to late stage ($5 to 20 million revenue), information technology businesses. Initial investments range from $5 to 10 million. Edison typically serves as sole or lead investor. In addition to providing expansion capital, Edison funds management buyouts, recapitalizations, spinouts and secondary stock purchases.
Edison’s investment professionals are based in Lawrenceville, NJ, New York, NY, McLean, VA, Needham, MA, and Cleveland, OH. Industry specialties include Healthcare IT, Financial Technology, Interactive Marketing & eCommerce and Enterprise 2.0. Edison’s successes include Best Software, Gain Capital, Liberty Tax, Marcam, Mathsoft, Neat, Tangoe, Visual Networks, Vocus and many other information technology leaders, which have a combined market value exceeding $5 billion. Edison Ventures currently manages over $700 million and actively making new investments. For more information on Edison Ventures, please visit www.edisonventures.com and follow us on Twitter @edisonventure.
The SEC voted this week to lift an 80-year-old rule by U.S. securities regulators banning hedge funds from advertising. These alternative investment funds may now leverage a higher profile through television advertising and social media. This could mean large funds promote themselves during sporting events and perhaps the smaller funds will find unique publicity tactics to attract investment.
While yesterday’s vote by the Securities and Exchange Commission to end a ban on advertising for private offerings means we might have to endure a whole new category of ads during the Super bowl, the real risk is the increased threat profile these funds will incur. Hackers and thieves who were previously unaware of the lucrative assets hidden in these below-the-radar alternative funds now have a whole new pond in which to fish.
The financial services industry is already considered a prime target of cyber espionage. A recent report by Verizon Security found that 37% of all data breaches in the U.S. involve the financial-services industry.
While DDoS attacks at the hands of hacktivists make headlines, most of the attacks are driven by greed. Many go unknown or are never reported. Most breaches lead to either stolen market research and investment strategies that can be monetized, or simply swiping funds straight off.
What's worse is that many hedge funds consider themselves safe. They rely on anti-virus and firewall technology and assume a perimeter minded defense would keep them protected. In most cases, the types of successful attacks are novel (called zero-day) and evade anti-virus systems. Once in, they call home to a command-and-control (C2) server to download a weaponized payload. This internally originated traffic appears legitimate and goes straight through the firewall.
So now what? The entire industry in moving to managed threat prevention that provides active defense against advanced, targeted attacks. Behavior-based threat mitigation detects never seen before attacks by identify anomalies in traffic patterns. This can take the form of unusual destination IPs (in countries with which the firm has no business), odd times of day, bursts in traffic volumes, or suspicious protocols.
Before running to draft up some swanky TV spots, we recommend that hedge funds invest some time reviewing their security profile. Perform a vulnerability assessment to ensure that your anti-virus software is up to date and that your firewall is properly configured. Identify your critical assets and create least privileges to minimize who can access them.
Ideally, hedge funds should invest in a security solution that is monitored by security experts around the clock. Out-sourced IT services such as Managed Security Services Providers (MSSP) offer DEVICE management which isn't good enough to defend against advanced, targeted attacks. Funds need to manage THREATS in real-time. Consider Continuous Monitoring as a Service (CMaaS).
Our resources library contains information on reducing your threat profile, security checklists, and preventing a cyber breach.
This articles comes from our colleagues at Morgan Stanley. Jessica Ceppi's article on the investment in cyber security by hedge funds underpins a growing trend as their target profile broadens.
Managers are spending increasing amounts of time and money fending off cyber attacks.
One multi-billion-dollar fund operator said its computer systems detect anywhere from 1,000 to 25,000 attempted strikes each day, typically from hackers in China and North Korea. The attacks aren’t specifically aimed at the firm, but rather are part of ongoing efforts to hack into the systems of U.S. financial institutions. Indeed, a cyber security study that Verizon published in April found that 37% of all data breaches in the U.S. involve the financial-services industry.
In response, hedge fund companies are devoting more technology resources to bolstering their computer firewalls. One large management firm said it now spends a tenth of its technology budget on detecting and preventing cyber attacks—and that doesn’t include salaries for its IT staffers. Meanwhile, a cottage industry of cyber security consultants and software developers, including IGX Global, eSentire, Dell SecureWorks and TopPatch, is trying to capitalize on managers’ vulnerabilities.
“We are a blatant target,” said the chief technology officer at a Greenwich, Conn., fund shop. “It’s a matter of time before somebody here at the firm is hacked.”
The heightened concern comes as operating budgets already are being squeezed by new compliance obligations as well as ever-increasing technology costs. Measuring the full extent of the problem is difficult because most firms are reluctant to discuss the issue, even with their clients.
“The industry is extremely private about hacking incidents,” said Chiranjeev Bordoloi, founder of New York-based TopPatch. “They don’t want any publicity on breaches, as you can imagine.”
In addition to installing or updating security software, managers are taking other steps to guard against electronic invasions. Some are training staff to recognize “spear phishing” e-mails, in which the sender assumes the identity of a client in an effort to access information or withdraw funds. Others are performing so-called penetration tests after outsiders visit an office to ensure their systems’ defenses haven’t been weakened.
One large management firm with a staff of several hundred said it would soon begin interviewing employees to determine if their use of personal electronics such as cell phones and home computers could be compromising the firm’s computer networks.
View original article.
During their June 07 summit between U.S. President Obama will reportedly ask China President Xi Jinping to provide assurances that his government will seriously consider concerned raised by the U.S. about alleged hacking efforts coming from within China. The cyber security discussion will be a key topic during the summit being held in California.
An unidentified U.S. official told Reuters that Obama will ask that Xi "abide by international norms and affirm clear rules of the road." The president also wants to make clear to Xi that any cyber attacks originating from China are the government's responsibility. It's believed that for years, China has been hacking into U.S. government and company servers and gaining access to classified information. Over the last several months, however, more of the details on that alleged hacking has come to light, indicating that China has ramped up efforts to steal information.
President Xi's response will be interesting considering over the last few months, China has been using its government media outlets to ramp up rhetoric against the U.S. China has said that the U.S. is actively targeting its own government networks, and that its threats outweigh those presented by China.
The BBC reports that the FBI and Microsoft have broken up a global cyber network of hijacked personal computers, collectively known as the Citadel, considered responsible for stealing more than $500 million from bank accounts, including those at American Express, Bank of America, PayPal, HSBC, Royal Bank of Canada and Wells Fargo. Co-ordinated efforts by police, tech firms and banks in 80 countries, shutdown a network of about 1,000 computers running botnets controlled by Citadel. The FBI believe that the Citadel network remotely installed key logging programs on about five million computers to acquire user login and passwords to online banking accounts.
The network was spread around the globe,with heavy concentration in North America, Western Europe, Hong Kong, India and Australia. The FBI is working with Europol and police forces in many other countries to track down and identify the 81 "lieutenants" that helped the ring leader, named Aquabox, keep Citadel running.
The Washington Post reported that designs for many of the United States' most advanced weapons systems have been compromised by Chinese hackers, according to a report prepared for the Pentagon and to officials from government and the defense industry. The weapons system designs breached included programs critical to U.S. missile defenses and combat aircraft and ships; assets that play a key role in defending Asia, Europe and the Persian Gulf.
The designs included those for the advanced Patriot missile system (PAC-3); an Army system for shooting down ballistic missiles, known as the Terminal High Altitude Area Defense (THAAD); and the Navy’s Aegis ballistic-missile defense system. Also identified in the report are vital combat aircraft and ships, including the F/A-18 fighter jet, the V-22 Osprey, the Black Hawk helicopter and the Navy’s new Littoral Combat Ship, which is designed to patrol waters close to shore. The list even includes the F-35 Joint Strike Fighter (however, the F-35 hack has been legend for years).
This report, comes on the heals of the Australian Broadcasting Corporation report that classified blueprints for the headquarters of the Australian Security Intelligence Organization (ASIO) had been stolen by hackers using servers in China. The ABC's program, Four Corners, also reported that an Australian company that supplies military communication equipment had also been compromised. With the designs, hackers could potentially eavesdrop on, or prevent secure transmissions between Australian forces and her allies.