- The internet is mocking Robert Mueller’s report deadline Friday 7:53 PM
- Instagram blocks some anti-vax hashtags—but still has far to go Friday 6:20 PM
- Study: Netflix released more originals than licensed titles last year Friday 2:26 PM
- Laura Ingraham, Dinesh D’Souza slam journalist for having a job Friday 1:40 PM
- Netflix is testing a cheap-as-hell mobile-only plan Friday 1:08 PM
- Astrology app Co-Star’s bizarre push notifications are now a meme Friday 12:18 PM
- ‘The Dirt’ offers a sanitized history of Mötley Crüe—but why? Friday 11:42 AM
- ‘The Dirt’ director Jeff Tremaine on Mötley Crüe’s long, difficult road to Netflix Friday 11:30 AM
- Here’s video of yet another alleged gunman looking for YouTuber Adam22 Friday 11:09 AM
- 12 mugs that are absolutely purr-fect for cat enthusiasts Friday 10:58 AM
- Jared Kushner used WhatsApp for official White House business Friday 10:50 AM
- Unsettled Tom memes are on the rise Friday 10:36 AM
- Trans student nominated for prom king told by administration to run for queen Friday 10:07 AM
- Trump turns on his favorite cable news network Friday 8:56 AM
- Skillshare is offering new users one month of premium for less than $1 Friday 8:34 AM
A report from the Government Accountability Office (GAO) found that Pentagon weapons are woefully underprepared in the face of a cyberattack. Equipment such as F-35 jets and missile systems is vulnerable to hacking.
“In recent cybersecurity tests of major weapon systems [the Department of Defense] is developing, testers playing the role of adversary were able to take control of systems relatively easily and operate largely undetected,” the report says. The agency discovered “mission-critical cyber vulnerabilities” in almost every weapon system being developed.
Many of these security issues center around the fact that so many systems and devices are connected to the internet. On many Pentagon weapons systems that use open source or commercial software programs, the organization didn’t bother changing the default passwords—a huge and very simple security faux pas. The GAO also found that the Pentagon was using poor password practices across the board, as well as unencrypted communications.
In the GAO’s investigation, it found that in one instance, a two-person team was able to hack and gain complete control of a weapons system they were testing in only one hour. In another case, a tester was able to guess an administrator password in less than 10 seconds.
At this point, the GAO isn’t making any recommendations on what the Department of Defense should do next. The organization has been warning the Pentagon about these types of weapons system security vulnerabilities for more than 20 years. One part of the issue may be that these security assessments aren’t taken seriously. Another problem is that in some cases the findings apply to classified systems, which can make it difficult to share information and knowledge.
Officials that the GAO met with, however, reported feeling that their systems are indeed secure. Some GAO test results were even discounted, believed to be unrealistic of hackers’ true abilities in the wild. This could show a dire lack of understanding about networking security that the U.S. government needs to remedy, stat.
Christina Bonnington is a tech reporter who specializes in consumer gadgets, apps, and the trends shaping the technology industry. Her work has also appeared in Gizmodo, Wired, Refinery29, Slate, Bicycling, and Outside Magazine. She is based in the San Francisco Bay Area and has a background in electrical engineering.