Latest news with #ChengduJ-20
AllAfrica
a day ago
- Politics
- AllAfrica
The digital escort fraud: another major Pentagon security failure
Microsoft was caught with its pants down in a brilliant exposé by ProPublica that said that a major part of the Defense Department's Cloud Computer system was run by Chinese engineers and monitored by so-called digital escorts who supposedly looked out for any compromise of DOD information. Now, when Senator Tom Cotton called Defense Secretary Hegseth's attention to the mess, Microsoft withdrew the Chinese engineers and pretended everything was fixed. Nothing could be farther from the truth. Back in April, 2018 I participated at the Hudson Institute in a special panel review of the then-Pentagon plan to transition all its heritage computer databases to a single computer cloud. (Watch the full video here.) The Pentagon plan was to shut down the old computer systems after the cloud was up and running. DOD claimed that the cloud would be easier to maintain than a number of separate computers, and more secure. DOD's problem is that it has done a poor job on cyber security for years – and DOD contractors and sub-contractors, operating under weak departmental guidance, have been even worse. There have been many scandals as the so-called 'advanced persistent Cyber threat' has continued to get worse. A persistent cyber threat is one that operates in the shadows for long periods of time and steals vast quantities of sensitive information. At the time of the DOD cloud proposal, government and contractor computers were under constant attack from hackers. Some of these hackers were teams of Chinese and Russian operators, others came from domestic and international hackers who could sell the acquired information to different bidders, including terrorists. Still others were from rogue countries who are still engaged deeply in hacking, including from North Korea and Iran. Around the same time DOD determined that around 50 gigabytes or more F-35 stealth fighter jet data had disappeared. We know where it went: China. And we know the result: China was able to field a stealth fighter jet in record time. Chengdu J-20. F-35 stealth fighter jet data had disappeared. We know where it went: China. And we know the result: China was able to field a stealth fighter jet in record time. Of course it was not only the design information and other details that enabled China to be successful: China also conducts industrial espionage in depth, so its agents can penetrate US contractors and subcontractors and infiltrate their supplier networks. The US classifies some sensitive information, but actually quite a lot less than one might think. This enables contractors to work without the burden of cleared workers. We have seen numerous cases of people caught working in critical companies smuggling components needed by China either for further exploitation or use. In regard to cloud security in 2018 I said: DoD has laid down its own standards, if you want to call them that, or guidelines, if you want to call them that, on what it expects the security of a system that it's going to procure should look like. And basically what they've done, for the most part, is two things. One, of course, is to make sure the employees that are working in the cloud environment that's being proposed are cleared American employees. That, by the way, creates a significant problem in being able to find enough cleared American employees to do the job. And I'm not sure they are so readily available. But that is definitely a challenge, let's say, that's out there. And the second is to take some of the procedures that are used to secure DoD's existing computers and servers and equipment and apply that to the cloud. We understood, in 2018, that the cloud security problem was supposedly solved by using only security-cleared American employees. It seems that the pledge was violated by the Defense Department, which permitted foreign workers to support and service the DoD cloud so long as they were 'supervised.' The supervisors are called 'digital escorts.' The workers, so far at least in Microsoft's case, turn out to be Chinese. Chinese engineers work remotely in China, and it is probably a fair assumption that digital escorts allegedly monitor the work of the Chinese engineers, also remotely. In other words, the so-called escorts are virtual, they don't sit next to the Chinese operators. We do not know anything really about the qualifications of the digital escorts, or even if they understand the Cloud network they are supposedly protecting. They would have to understand the actual cloud software and the underlying processors, and they would need to follow guidelines on what might constitute any sort of breach of the protocols or data by the Chinese. Any clever operator in China could figure out how to insert malware into the cloud, but actually since they have full time access to it anyway there is no overpowering reason for them to do so. Instead they can just suck up all the data and run it through their supercomputers, or even their latest quantum computers. China leads the world in quantum computers, and if they really do work, they can smash encryption codes in seconds. DoD information in the cloud is supposed to be encrypted, or at least we are told that. But that may just be the outside of the system to keep out random hackers. The actual information may not actually be encrypted. That would mean a potential bonanza for China and a huge risk to US security. The original DOD contract was supposed to be to a single contractor. However, complaints from industry and the public – and from security experts, as in our panel discussio – pushed the department to support more than one cloud application (and also may have allowed for some backup if a cloud operation crashed, for whatever reason, although DoD has not told us about any backup). The question arises: If Microsoft was using Chinese engineers, were the other cloud providers doing the same thing, and did they have digital escorts, or something like them? Along with Microsoft, other participants in the DoD cloud contract, initially for $9 billion, were Amazon, Google and Oracle. All of them do business in China. Oracle has offices in Beijing. Amazon has offices in Beijing, Shanghai and Wuhan. Google has offices in Beijing, Shanghai and Shenzhen. Of course we do not know if DoD granted them the same deal they allowed for Microsoft, but it is important to find out. Or maybe DOD never agreed to digital escorts and Chinese engineers? We don't really know, but it is unlikely Microsoft could have hired Chinese engineers without some Defense Department input. If DoD never approved, then it is another example of a security failure. If they did approve, of course, it is also a security failure. Either way it is a disaster. Hegseth understands the digital escort issue is a big deal, but he cannot just accept Microsoft's decision to end China's participation in the Defense Department cloud. Hegseth needs to back a full scale inquiry and investigation. We need an assessment of how much damage was done and, potentially, what programs may have possibly been compromised. Such an investigation has to assess just how long the Digital Escort system has been in place. How long has China had access to the Defense Department's computer heartland? Hegseth needs to find out what the other contractors are doing and if they are using foreign workers. Finally there is a serious question about outsourcing American security to private contractors, especially those who are not core defense contractors and who depend on foreign revenues to support their bottom line. Companies that are mainly commercial are inherently a risk because they lack a security culture and always want to expand into markets that can prove difficult and risky. Putting trust in them raises more than eyebrows. Stephen Bryen is a special correspondent to Asia Times and a former US deputy undersecretary of defense for policy. This article, which originally appeared in his Substack newsletter Weapons and Strategy, is republished with permission.
Time of India
4 days ago
- Politics
- Time of India
Has China stolen another American defense secret after the F-35 as Salt Typhoon hacks US National Guard for a year?
China faces scrutiny over cyber espionage. A US state's Army National Guard network suffered a breach. The group Salt Typhoon is suspected. Maps and data were stolen. The breach occurred between March and December 2024. Concerns rise about critical infrastructure vulnerability. Beijing denies involvement. The incident raises alarms about cybersecurity. Tired of too many ads? Remove Ads Tired of too many ads? Remove Ads What is Salt Typhoon Tired of too many ads? Remove Ads How China allegedly stole F-35 technology for Chengdu J-20 China is once again under scrutiny for cyber espionage, just a year after being accused of stealing F-35 stealth fighter technology through cyber breaches to build its Chengdu J-20. The latest breach surfaced after a Department of Homeland Security memo revealed that a US state's Army National Guard network was thoroughly hacked by a Chinese cyberespionage group nicknamed " Salt Typhoon ."The memo obtained by Property of the People, a national security transparency nonprofit, said the hackers "extensively compromised" the unnamed state Army National Guard's network between March and December 2024 and exfiltrated maps and "data traffic" with counterparts' networks in "every other US state and at least four US territories."The National Guard and the Department of Homeland Security's cyber defense arm, CISA, did not immediately return messages. News of the memo was first reported by NBC Typhoon has emerged as one of the top concerns of American cyber defenders. US officials allege that the hacking group is doing more than just gathering intelligence; it is positioning itself to paralyze US critical infrastructure in the case of a conflict with China. Beijing has repeatedly denied being behind the memo, which said it drew on reporting from the Pentagon, said that Salt Typhoon's success in compromising states' Army National Guard networks nationwide "could undermine local cybersecurity efforts to protect critical infrastructure," in part because such units are often "integrated with state fusion centers responsible for sharing threat information, including cyber threats."According to the internal document obtained by NBC through the national security transparency nonprofit Property of the People via a Freedom of Information Act (FOIA) request, Salt Typhoon compromised the National Guard, which "likely provided crucial data to Beijing that could facilitate the hacking of other states' Army National Guard units and possibly many of their state-level cybersecurity partners.""If the PRC-associated cyber actors that conducted the hack succeeded in the latter, it could hamstring state-level cybersecurity partners' ability to defend US critical infrastructure against PRC cyber campaigns in the event of a crisis or conflict," the document document further revealed that the yearlong attack, which involved the compromise of a US state Army National Guard's network, collected network configuration and data traffic, as well as "its counterparts' networks in every other US state and at least four US territories, according to a Department of Defense (DOD) report." The breach also included network diagrams and administrator scope of the attack could be beyond bespoke networks into state cyber-defense posture and personal information belonging to state cybersecurity personnel. "Salt Typhoon's success in compromising states' Army National Guard networks nationwide could undermine local cybersecurity efforts to protect critical infrastructure," the document read.'In some 14 states, Army National Guard units are integrated with state fusion centers responsible for sharing threat information, including cyber threats. In at least one state, the local Army National Guard unit directly provides network defense services," it further Typhoon, an advanced persistent threat (APT) linked to the Chinese government, breached the National Guard. The Department of Homeland Security (DHS) documents have revealed that Salt Typhoon is a high-profile cyber-espionage group that has targeted a wide range of victims, mainly in the telecommunications group was found to have breached a number of major telco vendors, such as Verizon, T-Mobile, and AT&T, predominantly through a Cisco vulnerability."In -, Salt Typhoon used its access to a US state's Army National Guard network to exfiltrate administrator credentials, network traffic diagrams, a map of geographic locations throughout the state, and PII of its service members, according to DOD reporting," the document Chinese Chengdu J-20 is suspected of using stolen F-35 technology after cyber breaches hit Lockheed Martin and an Australian defense contractor. The J-20's Electro-Optical Targeting System looks similar to the F-35's, raising concerns that advanced sensor tech was in 2017, the J-20 features airborne early warning and standoff missile launch and now uses a homegrown WS-15 engine that lets it reach speeds near Mach 2. These incidents show why F-35 subcontractors need strong cybersecurity, as some believe parts of the fighter's design were taken during at least one cyber breach.
India.com
25-06-2025
- Business
- India.com
Big blow to Pakistan as China may not give J-35A stealth fighter jet to Islamabad soon, may deliver the jet first to...
Big blow to Pakistan as China may not give J-35A stealth fighter jet to Islamabad soon, may deliver the net first to.. J-35A Stealth Fighter Jet: Pakistan, China's close ally, may not be the first country to acquire the Dragon's fifth-generation stealth fighter Shenyang J-35A. A report published in Air Forces Monthly, which is a leading military aviation magazine published by Key Publishing Ltd in Stamford and Lincolnshire, rejects earlier reports saying that Pakistan Air Force (PAF) would receive its first batch of 40 J-35A fighter aircraft by August 2025. As per the magazine, another country, whose name has not been disclosed, will be the first recipient of China's fifth-generation fighter jet. Notably, delivery of the J-35A to Pakistan is expected to be delayed until 2026 or later, and it will also take two to three years for completion of the order. Notably, the fifth-generation stealth fighter has entered Low-Rate Initial Production (LRIP). J-35A Stealth Fighter Jet The fifth-generation stealth fighter jet is developed by Shenyang Aircraft Corporation, which was unveiled in November last year at the Zhuhai Air Show. J-35A is a twin-engine, multi-role fighter jet which is known for its stealth feature. It is the second fifth-generation stealth jet of China after the Chengdu J-20. The J-35A is specifically designed for precision strike mission and loaded with advanced Active Electronically Scanned Array (AESA) radars and stealth-optimised airframe. It is also designed to be compatible with long-range missiles like the PL-17. Framed as a more affordable export option compared to US's F-35, the J-35A is designed to strengthen the People's Liberation Army Air Force (PLAAF) and act as a major export offering for partner nations such as Pakistan. Pakistan's Interest In J-35A Pakistan started showing interest in J-35A in December last year. As per several reports, Islamabad had ordered approx 40 J-35A fighter jets with a defence package including KJ-500 AEW&C aircraft and HQ-19 surface-to-air missile systems. Promoted as a game-changer for the PAF, the deal was anticipated to offer a short-term technological advantage over IAF, which is not expected to field a fifth-gen fighter until its homegrown Advanced Medium Combat Aircraft (AMCA) becomes operational around 2030. Not only that Pak's pilots reportedly started training on the fifth-generation stealth fighter in August 2024 in China. However, the latest report from Air Forces Monthly, citing sources, states that an unnamed country, possibly Egypt, Algeria, or Saudi Arabia, may become the first to acquire the J-35A during its LRIP phase. The report doesn't specify why China holds Pak's order, but suggests that Beijing is prioritising other customers. If the report is true, PAF will start receiving J-35A in 2026, with the full order of 40 jets completed between 2028 or 2029. The identity of the unnamed country could carry a major geopolitical weight. If a Middle Eastern like – Saudi Arabia or Egypt acquires the J-35A fighter aircraft, it may indicate China's ambition to extend its defence reach beyond its traditional partners like Pakistan, reshaping regional power dynamics.
Express Tribune
09-06-2025
- Business
- Express Tribune
Chinese defence stocks surge as Pakistan buys J-35 stealth jets
Listen to article Shares of Chinese defence firms jumped Monday after reports of Pakistan's plans to purchase advanced J-35 stealth fighter jets from China, according to a Bloomberg report. AVIC Shenyang Aircraft Co., the J-35's manufacturer, hit its 10% daily limit in Shanghai trading, extending gains for a third straight session. Aerospace Nanhu Electronic Information Technology Co. also saw a surge, rising as much as 15%. The rally followed a formal statement on social media from Pakistan confirming its intent to acquire the jets, after weeks of unofficial reports. Pakistani officials had earlier indicated that pilots were already in China undergoing training ahead of expected deliveries. J-35 fighter jet offers stealth, long-range, and deep-strike capabilities China's J-35A fifth-generation fighter jet, soon to be delivered to Pakistan, features stealth technology, advanced sensors, and deep-strike capabilities that could significantly boost Pakistan's air power, according to defence analyst Brandon J. Weichert. Developed by Shenyang Aircraft Corporation, the J-35A is China's second fifth-gen aircraft after the Chengdu J-20. It is equipped with an active electronically scanned array (AESA) radar, electro-optical targeting systems, and advanced avionics to enhance situational awareness and targeting precision. Designed to evade detection, the aircraft's stealth profile reduces its radar cross-section. It is compatible with long-range PL-15 and PL-17 air-to-air missiles, offering a major advantage in beyond-visual-range combat. Powered by Russian RD-93 or Chinese WS-19 turbofan engines, the J-35A can reach speeds of up to 1,367 mph. Deliveries to Pakistan could begin by August, with pilots already undergoing training in China. The jet is expected to replace Pakistan's aging fleet of F-16s and Mirages. Weichert notes that the J-35A's capabilities will enable Pakistan to better counter Indian air defences and conduct deep-strike missions, potentially shifting the regional aerial balance.
India.com
30-05-2025
- Business
- India.com
China's indigenous fighter jet is giving tough competition to US's F-35, its name is.., top features include..
After the collapse of the USSR(Union of Soviet Socialist Republics), the global power balance has been gradually shifting. Russia is not as influential as it once was and cannot compete with the United States in every area. At the same time, China is growing significantly and is seen as a rising global power. Along with its economic growth, China has also made steady progress in modern military technology. In both these areas, China is now becoming a strong competitor to the United States. The role of air forces plays a significant role in today's warfare. Undoubtedly, the U.S. holds the pole position in this regard. Meanwhile, China is making every possible effort to match the global superpower. Recently, the United States announced the development of a sixth-generation fighter jet. Notably, both the U.S. and China possess fifth-generation fighter jets. While the U.S. Air Force is equipped with the F-22 Raptor, China's Air Force also has the Chengdu J-20 fighter jet. Both of these are fifth-generation aircraft. Surprisingly, the Chengdu J-20 has a unique feature that is also found in the Rafale fighter jet. Referred to as 'Mighty Dragon,' China's Chengdu J-20 fighter jet is the first fifth-generation stealth fighter aircraft. It was developed by the People's Liberation Army Air Force (PLAAF). According to the news 18 Hindi report, the key roles of the J-20 are to establish air superiority and enhance long-range strike capabilities. Furthermore, the aircraft strengthens China's strategic presence in sensitive regions like the South China Sea and the Taiwan Strait. Going by the media reports, a new tailless stealth jet has recently appeared on social media platforms, seen flying alongside the J-20S. This has led to speculation that China may be working on a sixth-generation fighter jet, although there is no official confirmation yet. Speaking of its Stealth Capabilities, the J-20 is designed to evade radar detection, featuring a low radar cross-section and technologies that reduce its infrared signature. Going by the News18 Hindi report, the J-20 is powered by two Shenyang WS-10C turbofan engines, which enable it to reach a maximum speed of Mach 2 and offer an approximate range of 5,500 kilometers. Speaking of its features, the J-20 features a modern digital glass cockpit, equipped with multi-spectral sensors, a helmet-mounted display, and an electro-optical targeting system (EOTS). These systems provide the pilot with 360-degree situational awareness, enhancing combat effectiveness. The J-20 is armed with a range of advanced weapons, including PL-10, PL-12, PL-15, and PL-21 air-to-air missiles, laser-guided bombs, and anti-radiation missiles, making it capable of engaging various threats in the air, reported News18Hindi. The J-20 is equipped with an Active Electronically Scanned Array (AESA) radar system, a key feature of fifth-generation fighter jets. Notably, the Rafale fighter jet is also believed to use a similar radar system. The United States had strongly criticized the J-20 Mighty Dragon, claiming that China copied American technology to create a duplicate of the F-22 Raptor. This aircraft is known as the J-20 Mighty Dragon.
