Published: Thu, October 12, 2017
IT | By Lester Massey

"Defence data stolen from firm using 'admin' and 'guest" as credentials

Hackers spent months downloading sensitive information about Australia's warplanes, navy ships and bomb kits.

The hacker has been named after Alf Stewart from the long-running soap Home and Away.

A manager at the Australian Signals Directorate - the government's main national security cyber spies - told a conference in Sydney on Wednesday that the hackers stole 30 gigabytes of data including on the defence projects.

"Fortunately the data that has been taken is commercial data, not military's not classified information,"Defence Industry Minister Christopher Pyne told Australian Broadcasting Corporation (ABC) Radio".

Mr Clarke said the hack was "extensive and extreme" and took advantage of "sloppy" security at the contractor.

As first reported by technology news site ZDNet, Clarke said that the hacker, who the ASD gave the codename "Alf", was able to obtain around 30GB of data, including technical information on the $16 billion F-35 joint strike fighter, as well as other aircraft and naval vessels.

Mr Tehan said it was unclear who launched the incursion, but the Government was not ruling out a foreign government.

Data on the F-35 Joint Strike Fighter, P-8 Poseidon surveillance aircraft and C-130 transport plane was stolen.

Australia has agreed to buy 72 Lockheed Martin Corp Joint Strike Fighter planes.

Clarke described the hack as "a very good exfil [exfiltration] for the actor".

The aerospace engineering firm in question had an IT department consisting of just one person who had been working there for nine months.

ASD when they investigated the hack found a China Chopper remote shell, a backdoor commonly used by Chinese hackers, and Clarke said that ASD found that the Alf hacker had been attempting to use this exploit on a number of Australian IT companies. He said the organisation only had one IT person and that person had only been in the job for a short while.

The hack was discovered by a major Defence contractor.

The ASD was tipped about the breach by "a partner organisation" in November a year ago.

The secret information was restricted under the International Traffic in Arms Regulations (ITAR), the United States system created to regulate the export of defence and military-related technologies, according to Mitchell Clarke, an incident response manager at the ASD who worked on the case.

Like this: