Hackers were able to sabotage a vital flight system in the F-15 fighter jet at the Def Con cybersecurity conference over the weekend.
With authorization from the U.S. military, seven highly vetted hackers were given physical access to the F-15 for the first time at the conference, The Washington Post reported Wednesday.
The hackers were able to find sensitive weaknesses in the fighter jet. If those vulnerabilities were ever exploited by U.S. enemies, it could have completely shut down the Trusted Aircraft Information Download States, which collects data from video cameras and sensors white the F-15 is in flight.
“They were able to get back in through the back doors they already knew were open,” said Will Roper, the Air Force’s top acquisition official, according to the Post.
Roper told the Post at the conference, which took place Aug. 8 to Aug. 11 at a Cosmopolitan hotel in Las Vegas, that he expected the results to be about this bad.
The hackers were even able to find bugs the U.S. Air Force tried but failed to fix last November at a similar conference, that time, without actually physically touching the device.
The U.S. military has become more open to ethical hackers, Roper said, and they’re willing to let them find vulnerabilities in their systems before enemies, like Russia, Iran or North Korea.
“There are millions of lines of code that are in all of our aircraft and if there’s one of them that’s flawed, then a country that can’t build a fighter to shoot down that aircraft might take it out with just a few keystrokes,” he said.
“We want to bring this community [ethical hackers] to bear on real weapons systems and real airplanes,” Roper added. “And if they have vulnerabilities, it would be best to find them before we go into conflict.”
The United States’ Defense Digital Service (DDS), an elite tech unit that consults with other parts of the federal government, opened ethical hacking competitions in 2016, with names like “Hack the Pentagon” and “Hack the Air Force.”
The DDS has had about a dozen hacking competitions so far, according to the Post.
Brett Goldstein, the DDS director, said the latest competition offered the same system to be hacked twice in order to find more weaknesses.
“That’s important because security is a continuous process,” he said. “You can’t do an exercise and say, ‘Oh, we found everything’ and check the box. You need to constantly go back and reevaluate.”
This latest development comes after North Korean hackers were able to steal wing designs for the F-15 in 2016, The Wall Street Journal reported.
North Korean hackers were also able to steal photos of parts of spy planes from a South Korean company, according to authorities in Seoul.
According to the Korean National Police Agency, more than 40,000 documents related to the defense industry were stolen.
