QinetiQ, a UK-based defense contractor, has its fingers all over some of the US Defense Department's most sensitive systems. The company's subsidiaries provide robots, diagnostic systems, intelligence systems for satellites, drones, and even "cyber-security" to the US Department of Defense. The parent company, which was created as a privatized spinoff of the British Defense Evaluation and Research Agency—what was the UK's equivalent of the US Defense Advanced Research Projects Agency—is often cited as the inspiration for James Bond's "Q."
But for at least three years, QinetiQ was apparently unintentionally supplying its expertise to another customer: China. In multiple operations, hackers tied to the People's Liberation Army have had the run of QinetiQ's networks, stealing sensitive data from them and even using them to launch attacks on the systems of government agencies and other defense contractors. Emails uncovered by the hack of security firm HBGary revealed that Chinese hackers had the run of the company's networks starting in 2007.
Bloomberg's Michael Riley and Ben Elgin report that in one effort that lasted for over three years, "Comment Crew"—the group tied to the recent hacking of the New York Times and other news organizations, plus a host of attacks on other defense contractors and technology businesses—managed to gain access to "most if not all of the company's research." The company was notified on multiple occasions by government agencies of ongoing breaches, starting with a report from the Naval Criminal Investigative Service in December of 2007 that "a large quantity of sensitive information" was being stolen from two computers at the company's US subsidiary, QinetiQ North America (QNA). A month later, NASA informed QNA that one of the company's computers was being used in a cyberattack on its network.