Chinese state-sponsored hackers have exploited vulnerabilities in Microsoft software to breach sensitive systems around the world, including those of the U.S. government agency that oversees nuclear weapons
I’m picturing some American general about to order a nuke strike when just as he reaches for the controls his WindowsTM control panel choose that moment to auto-update and reboot.
All the control systems that actually launch the nukes are air-gapped and cannot be hacked by typical methods. They only stopped using floppy disks in 2019. This is just saying that some DoE offices got hacked, which really means nothing.
You’d need something like a stuxnet-level worm, and even then, I can guarantee you that those consoles are secure enough that nobody is going to plug a random USB stick they found in a parking lot into them. Further, nobody would reveal that news, either China or the US, because you wouldn’t tell your enemy that either you broke their MAD abilities or that they broke your MAD abilities.
So, in layman’s terms, could you please explain this development then?
I would hope that bare minimum, China could at least monitor nuclear production/storage/launch facilities, and have one or more backdoors to see what is going on, even if they can’t immediately destroy or scramble nukes.
Computers in offices used by the NNSA were compromised. Those computers themselves are not tied into any of the controls involving nuclear weapons, but are used in offices, some of which may have been on bases with launch sites. There may have been some intelligence that could be gained from these computers that may describe some things like operations at nuclear facilities, or supply chains. All of the computers involved are almost certainly being wiped, so there will be no ongoing backdoors.
It must also be noted that there’s a decent chance that this was just hackers unaffiliated with the Chinese government doing a ransomware attack on whatever they could find using the microsoft sharepoint vulnerability, and that this just happened to hit this department.
Ah. That fucking sucks, but it’s not nothing, at least.
Part of me was/is hoping, that given how lax security, intelligence, and expertise at anything anglo and Amerikkkan related, that there still might be backdoors that the crackkkers couldn’t find or wipe yet, but I wouldn’t hold my breath, and you sound way more knowledgeable than me on stuff like this.
I always appreciate those that remain grounded and comparatively calm about potentially exciting news, rather than getting extremely excited, like me.
Doesn’t the UK have submarines that literally are supposed to fire nukes if they can’t contact home base when they surface (which can be months between surfacing)?
I wonder if the US has the same. If so, yeah you can’t kneecap that with hackers.
Doesn’t the UK have submarines that literally are supposed to fire nukes if they can’t contact home base when they surface (which can be months between surfacing)?
when a new prime minister comes in, they write a letter that contains their orders for if this happens, there were(?) three options:
- Launch your nukes
- Sail to the nearest allied nation and place yourself at their disposal (usa or australia)
- Use your own discretion (“you’re on your own lmao”)
the letter is then sealed and placed in the sub commanders safe, to be opened only when it happens
Yep, they’re part of the nuclear triad, which consists of land-based ICBMs, submarine-based missiles, and aircraft carrying nuclear bombs.
It seems a while back I read something about POC about exploitation of airgapped systems without physical access, but can’t remember how.
I feel like it’s certainly possible, you do occasionally hear stories of outlandish hacks. That said, I’d say it’s not very likely, and for it to actually matter they’d have to simultaneously hit not only every US missile launch site, but also every nuclear sub and bomber.
I just searched and I think this is what I recall https://arxiv.org/pdf/2110.00104. However, I skimmed through a post of 14 ways!
For over a decade, Microsoft had been funneling work through American “digital escorts” — low-pay workers with security clearances but often possessing limited technical expertise — who input commands from more skilled China-based engineers into U.S. Department of Defense networks, a recent ProPublica investigation found. Microsoft announced on July 18 that it would halt the practice after national security and cybersecurity experts raised concerns that these engineers could gain access to sensitive government data.
This is fucking pathetic. Americans are so dumb they have to sit there and ask Chinese engineers to guide them step by step in how to do their jobs every day.
CIA agents in 2025: “how do I convert pdf”
Pdf files are one of the few things, where CIA agents have actual experience.
There’s no combo more iconic than MS and security vulnerabilities.
Wonder if those systems were even any good. How old are the weapons?
Too old for leo
