16 Aug 2019, Military.com | By Oriana Pawlyk
Hackers have successfully infiltrated a data system in an F-15 Eagle fighter jet. But it was with the approval of the Defense Department — this time, at least.
An ethical hacker group, contracted through the U.S. Air Force and the Defense Digital Service (DDS), was able to infiltrate the fourth-gen jet’s Trusted Aircraft Information Download Station, known as the TADS. The news was first reported by The Washington Post.
The TADS collects imagery and other information from the jet’s sensors, Dr. Will Roper, assistant secretary of the Air Force for acquisition, technology and logistics, told the Post at the annual DEFCON hacker convention in Las Vegas.
The goal was to find the system’s cyber weaknesses, he said in the interview.
- Air Force Wants a ‘Nerd Cyber Swat Team’ at Pentagon
- Air Force’s New Intelligence Chief Explains Vision for Future of ISR
- Beyond BRRRT: Airpower Alone Won’t Secure Victory, Goldfein Says
“They were able to get back in through the back doors they already knew were open,” he said.
“There are millions of lines of code that are in all of our aircraft and, if there’s one of them that’s flawed, then a country that can’t build a fighter to shoot down that aircraft might take it out with just a few keystrokes,” Roper explained.
The group didn’t hack an F-15 per se, explained Air Force spokeswoman Capt. Cara Bousie.
“It was an independent system that is used on an F-15, but it was the system, removed from aircraft, that they were operating on,” she told Military.com on Friday. A DDS spokesperson was unable to identify the third-party hacker group by press time.
It is unknown whether the TADS could be hacked the same way in flight.
Bousie said the hacking effort gives the Defense Department a new way of looking at its technological systems and how it can best patch, harden or apply appropriate upgrades to subvert malign actors.
It’s now up to the DoD “to see how to best protect against and fix these vulnerabilities,” she said.
For the last several years, the Defense Department has weighed better cyber protections on its projects and networks in the face of increased hacking attempts from adversaries such as Russia, China, North Korea and Iran.
In 2016, officials started the “Hack the Pentagon” initiative, run by the DDS, in an attempt to discover where the DoD should beef up its cyber defenses.
The DoD in October expanded the program, awarding $34 million to three companies, HackerOne, Bugcrowd and Synack, to identify security flaws.