- Bella Thorne claims Tana Mongeau ‘broke girl code’ in a series of messy tweets Thursday 7:00 PM
- Redditors keep this data engineer’s plants alive for him Thursday 5:20 PM
- Professor writes article defending ‘Asian romantic preference’—and no one is here for it Thursday 4:57 PM
- Ditch Pornhub and support adult content creators instead Thursday 4:46 PM
- Fans grieve Kyoto Animation Studio fire with #PrayforKyoAni Thursday 4:18 PM
- Netflix’s ‘Secret Obsession’ isn’t just terrible—it’s boring as hell Thursday 3:30 PM
- Instagram expands experiment of hiding likes to 6 more countries Thursday 3:20 PM
- Man asks woman to stop speaking Spanish on a plane—and bystanders start speaking Spanish Thursday 12:55 PM
- Schumer calls on FBI, FTC to investigate FaceApp Thursday 12:41 PM
- Netflix loses subscribers—but hopes some tentpole shows can save it Thursday 12:10 PM
- Man utterly roasted for saying women can’t ask for equality in revealing clothing Thursday 12:07 PM
- Instagram struggles to remove photos of Bianca Devins’ dead body Thursday 11:14 AM
- ‘Storm Area 51’ creator says its gotten so big he’s worried about the FBI Thursday 10:49 AM
- Everyone loves Q baby, the baby who apparently supports QAnon Thursday 9:53 AM
- Thread about ‘depression meals’ is inspiring lots of relatable answers Thursday 9:36 AM
A report from the Government Accountability Office (GAO) found that Pentagon weapons are woefully underprepared in the face of a cyberattack. Equipment such as F-35 jets and missile systems is vulnerable to hacking.
“In recent cybersecurity tests of major weapon systems [the Department of Defense] is developing, testers playing the role of adversary were able to take control of systems relatively easily and operate largely undetected,” the report says. The agency discovered “mission-critical cyber vulnerabilities” in almost every weapon system being developed.
Many of these security issues center around the fact that so many systems and devices are connected to the internet. On many Pentagon weapons systems that use open source or commercial software programs, the organization didn’t bother changing the default passwords—a huge and very simple security faux pas. The GAO also found that the Pentagon was using poor password practices across the board, as well as unencrypted communications.
In the GAO’s investigation, it found that in one instance, a two-person team was able to hack and gain complete control of a weapons system they were testing in only one hour. In another case, a tester was able to guess an administrator password in less than 10 seconds.
At this point, the GAO isn’t making any recommendations on what the Department of Defense should do next. The organization has been warning the Pentagon about these types of weapons system security vulnerabilities for more than 20 years. One part of the issue may be that these security assessments aren’t taken seriously. Another problem is that in some cases the findings apply to classified systems, which can make it difficult to share information and knowledge.
Officials that the GAO met with, however, reported feeling that their systems are indeed secure. Some GAO test results were even discounted, believed to be unrealistic of hackers’ true abilities in the wild. This could show a dire lack of understanding about networking security that the U.S. government needs to remedy, stat.
Christina Bonnington is a tech reporter who specializes in consumer gadgets, apps, and the trends shaping the technology industry. Her work has also appeared in Gizmodo, Wired, Refinery29, Slate, Bicycling, and Outside Magazine. She is based in the San Francisco Bay Area and has a background in electrical engineering.