F35 Fighter Data Stolen In Hack On Australian Contractor

Georgia Reed
October 13, 2017

Some 30GB of "sensitive data" subjected to restricted access under the USA government's International Traffic in Arms Regulations rules was stolen, ASD's Mr Mitchell Clarke told a security conference Wednesday according to ZDNet. "One of the learning outcomes from this particular case study for at least the Australian government is that we need to find a way to start to be a little bit more granular in our contracting to mandate what type of security controls are required", Clarke said.

Experts at the Australian Signals Directorate (ASD) codenamed the hacker "Alf" after the character from the television drama Home and Away.

At the moment, QinetiQ Australia has 350 specialist staff located across Australia who use their know-how to deliver value solutions to Australian defence and government organisations across air, land, sea and information domains as well as the rail and mining industries.

Minister for Defence Industry Christopher Pyne said the government is unsure of the identity of the hacker and whether they are state or non-state actor. It's unclear whether another country or non-state actor was behind the breach but the hackers used China Chopper, a Chinese language webshell, to access the company's system.

The company had used default logins and passwords such as "admin" and "guest" and had only one person working on IT.

Mr Clarke said the information hacked on the new Navy ships included a diagram in which you could zoom in down to the captain's chair and see it was one metre away from the navigation chair.

George Weah awaits Liberia presidential election result
Weah's party and the party of Alexander Cummings, a former Coca-Cola executive, to lodge complaints with the elections commission. About 2.2 million Liberians, slightly less than half of the country's population, registered to vote.

"Given that hackers were able to roam the network long enough to siphon off 30GB of sensitive data, it highlights that there is a fundamental element of cyber-security missing".

The secret information was restricted under the International Traffic in Arms Regulations (ITAR), the U.S. system created to regulate the export of defence and military-related technologies, according to Mitchell Clarke, an incident response manager at the ASD who worked on the case. But he said the attackers gained entry by exploiting a 12-month-old vulnerability in the software that the contractor had failed to patch.

"Today, while presenting at a conference in Sydney, an ASD official disclosed information about the theft of data from an Australian company", a spokesman for the Australian Cyber Security Centre said. "The ASD and the cyber security office immediately swung into action", he said.

Australian Strategic Policy Institute head of cyber policy Fergus Hanson said Canberra had to be demanding on companies entrusted with secret data like defence contractors.

Mr Clarke described the security breach as "sloppy admin".

The password to enter the enter the company's web portal was "admin" and the guest password was "guest", according to ZDNet, which first reported the story. Breach detection times are not reducing. "Which means that, in the inevitability of a breach occurring, the data to which hackers can gain access is constrained".

Other reports by

Discuss This Article