Exclusive: The U.S. Navy is investigating whether a cyber attack on the USS John McCain’s steering controls may have led to the destroyer’s crash with an oil tanker. Could China or Russia be involved?
The USS John McCain was on a routine voyage to Singapore through the Straits of Malacca on Saturday after conducting a sensitive “freedom of navigation mission” in the South China Sea. The Malacca Strait connects the Pacific and Indian Oceans and is the main thoroughfare for trade between the world’s biggest economies. Nearly 100,000 vessels pass through it each year, accounting for about one-quarter of the world’s traded goods. With so much traffic, it’s not the kind of route one sails without every precaution.
“When you are going through the Strait of Malacca, you can’t tell me that a Navy destroyer doesn’t have a full navigation team going with full lookouts on every wing and extra people on radar,” Jeff Stutzman, chief intelligence officer at Wapack Labs told McClatchy.
As the USS John McCain, entered the strait, the 338-man crew on the bridge faced multiple system failures. First the main steering mechanism failed to respond. Then, the back up system failed. The ship’s rudder was completely unusable.
Still, the experienced crew on board should have been able to guide the ship by altering the speed of the ship’s propellers. Perhaps they were trying that when the unthinkable happened. The 600-ft Liberian flagged oil tanker Alnic MC smashed into the warship’s rear left. The “rear-end collision” is an indicator the US vessel was not at fault. Satellite tracking also shows the Alnic MC unexpectedly veered sharply left at around that time.
The Alnic MC ripped into the USS John McCain’s side below the waterline and bore into the warship’s hull. Water flooded the machinery, communication rooms, sleeping quarters and an area on the vessel known as “shaft alley”. Ten crew members were reported missing, presumed drowned. Four injured sailors were medically evacuated to Singapore with non-life threatening injuries. The fifth sailor did not need further medical attention.
After the McCain limped back to shore, the US navy called for a rare one or two day pause in operations.
This is the third major accident involving a naval vessel from the Japanese-based Seventh fleet and the fourth incident involving U.S. vessels in the Pacific Ocean around Japan Singapore and China:
- On January 31, the USS Antietam ran aground while sailing along the Japanese coastline.
- On May 9, the USS Lake Champlain was struck by a South Korean fishing boat.
- On June 17, seven US sailors died after a container ship collided into the USS Fitzgerald into the USS Fitzgerald.
“I don’t believe in coincidence,” Itay Glick, a cybersecurity expert and former Israeli intelligence agent told Australian media. “Both USS McCain and USS Fitzgerald were part of the Seventh Fleet, there is a relationship between these two events and there may be a connection.” he said.
Russian-based hackers recently tested a GPS “spoofing” device to trick 20 ships in the Black Sea into believing they were somewhere else.
Surprisingly, hacking a marine vessel is relatively easy. A group of cybersecurity researchers recently discovered “the configuration of certain ships’ satellite antenna systems leaves them wide open to attack,” Jack Morse wrote in Mashable. “Anyone who gained access to the system in question, and was so inclined, could manually change a ship’s GPS coordinates or possibly even brick the boat’s navigation system entirely by uploading new firmware.”
On June 22, a Russian-based hacker was able to infiltrate the GPS systems of 20 vessels in the eastern part of the Black Sea. The hackers were able to reprogram the ships’ navigation equipment, making it appear that the vessels were 20 miles inland, near an airport.
“We saw it done in, I would say, a really unsubtle way, a really ham-fisted way. It was probably a signal that came from the Russian mainland,” says Todd Humphreys of the University of Texas. On June 27, a worldwide hack of shipping giant A.P. Moller-Maersklead forced the company to deploy manual tracking of vessels.
Even car and passenger planes can be easily hacked and controlled remotely. Security experts recently took control of a Jeep Cherokee from ten miles away; the hackers were able to turn off the engine and apply the brakes, veering the car off the road. They did this via the software built into the dashboard of the manufacturer Fiat Chrysler’s cars. “There is already a lot of interest in cyber protection of cars and autonomous vehicles. We can deduce from that, there might be a way to control ships and airplanes,” Mr Glick told Australian media. “Whenever control of the vessel is done by computer, or navigation is done by computer, there is a big risk for a cyber attack on that computer.”
The US Defense Department is under constant attack by enemy hackers and utilizes vulnerable software.
The U.S. military is a tougher nut for hackers to crack than a car or plane, but it hasn’t stopped many from trying and succeeding. The Department of Defense alone experiences 41 million scans, probes and attacks per month. “The Navy Networking Environment consists of more than 500,000 end user devices; an estimated 75,000 network devices (servers, domain controllers); and approximately 45,000 applications and systems across three security enclaves,” Vice Adm. Jan Tighe, commander of U.S. Fleet Cyber Command told congress in 2015.
In recent years, the military has sought an operational advantage over its enemies by creating a more connected eco-system. It has contracted private Silicon Valley companies to link formerly isolated systems together. Once independent systems now rely on each other to link together our warfighters, ships, submarines, aircraft, land-based command centers and distant satellites.
One such system is Palantir, which has close ties to former National Security Adviser Lt-General Michael Flynn (a compromised Russian asset) and is founded by Peter Thiel, the PayPal founder who is allied to mercenary Erik Prince. Palantir has been criticized for its security vulnerability.
Speaking at a defense conference in 2015, Navy Secretary Ray Mabus said, “We’ve got to pay a whole lot of attention to this, cyber is in everything now,” he said. “It’s not just weapons systems. It’s in every system because we are so networked.” Mabus said the navy intended to replace IBM servers used for its Aegis combat system after China’s Lenovo bought IBM. “If there’s a danger or potential danger with a platform, you’ve got to take a look at that.”
In March, U.S. counterintelligence officials warned that Russians had embedded malware into messages sent to the Defense Department’s 10,000 Twitter users. The message topics were specifically targeted to users’ unique interests – from sports to entertainment – but when clicked, the links took users to a Russian-controlled server that downloaded a malware allowing Russian hackers to take control of the victim’s phone or computer. The Department of Defense until recently also used Kaspersky Lab, a Russian built anti-virus software which has a built-in “back door” allowing Russian Intelligence to access vital networks.
China and Russia have the capability to carry out a hack on a vessel; US Navy investigates possibility of cyber attack.
It’s not just Russia which has the capability of hacking navigation systems, as it did in the Black Sea last month. The location of the recent U.S. naval crashes in the Pacific Ocean suggest a possible link to China. When the USS John McCain was struck in the Straits of Malacca on Saturday, it was returning from a what the navy terms a “freedom of navigation” mission. This means it came within 12 nautical miles of an artificial island built by China in the “South China Sea”.
Nine days before the crash of the USS John McCain which may have killed 10 sailors, a US Navy official told Reuters the warship traveled close to Mischief Reef in the Spratly Islands. China has territorial disputes with its neighbors over the area, and the U.S. considers the man-built island an attempt to impede global trade and travel. The “freedom of navigation” mission undertaken by the USS John McCain was the third this year and comes at a time that the U.S. is seeking China’s help in North Korea.
Itay Glick, the cybersecurity expert and former Israeli intelligence agent believes countries like Russia and China may have the capability to launch an attack on the warships. “China has capabilities, maybe they are trying things, it is possible,” he said.
While the U.S. Navy initially dismissed the idea of a cyber attack, CBS News now reports Admiral Scott Swift told a news conference the navy is looking at “all possible causes for the collision…including a cyber attack on the ship’s controls”. Chief of Naval Operations US Admiral John Richardson also tweeted “[Regarding the] possibility of cyber intrusion or sabotage, [there are] no indications right now … but review will consider all possibilities,” he tweeted.
Any investigation would have to consider two possible cyber attacks. The first on the navigation system of the oil tanker Alnic MC’s navigation system would have veered the ship off path and into the USS John McCain. The second would have disabled the USS McCain’s steering capability and its backup prior to the crash.
Who would have the capability of such a coordinated dual attack? Likely only a nation state like Russia or China with grudges to bear and the cyber warfare capability to expedite such an attack. Why? Other than the human, financial and tactical toll, such an attack would weaken America’s resolve at a time of crisis or could even provoke U.S. retaliation.