Restricted Australian defence data hacked
China steals “significant” data from an Australian defence contractor.
The signals intelligence agency has revealed about 30 gigabytes of restricted information on the F-35 Joint Strike Fighter, the P-8 submarine hunters and Australian naval vessels was stolen in a hacking attack. The hacker had access to the data for three months before the Australian Signals Directorate became aware of it. The ASD referred to the period — between July and November 2016 — as “Alf’s Mystery Happy Fun Time”, in a reference to a Home and Away character.
Source: News Corp
The federal minister responsible for cyber security, Dan Tehan, revealed this week a hacker understood to be based in China had stolen “significant” data from an Australian defence contractor.
At an industry conference in Sydney yesterday, ASD employee Mitchell Clarke provided details about the hack on a 50-person aerospace engineering firm that subcontracts to the Defence Department.
“That … archive contained about 30 gigabytes of defence and other commercially sensitive data. A lot of the data was ITAR, ITAR is the US International Traffic in Arms Regulations,” Mr Clarke told the Australian Information Security Association conference, according to audio provided to The Australian by freelance journalist Stilgherrian.
“That ITAR data included information on the Joint Strike Fighters, the C-130, the P-8 Poseidon, the JDAM — that’s a smart bomb — and a few Australian naval vessels, to the point where we found one document (that) was like a wire-diagram of one of the navy’s new ships and you could sort of like zoom in down the captain’s chair and see that it’s 1m away from the (navigation) chair and all that sort of thing.”
Mr Clarke labelled the company as “sloppy” and revealed it relied on one IT employee who had only been in the job for nine months.
He said the hacker could have easily accessed the data.
“It turns out the actor didn’t even have to exploit the vulnerability of this service. When it was set up it was set up with default credentials and they were never changed. Admin: Admin got you into the web admin portal and you could hit that from the internet, guest: guest as well, obviously,” he said.
Mr Clarke said departments routinely told ASD they had found remote-control webshells on their computer servers.
“It really makes me cry every time a government department calls up and says ‘hey ASD just letting you guys know we have a China trouble webshell or whatever webshell on our server but don’t worry we’ve deleted it, it’s good to go’,” he said.
Mr Clarke also said the hacked company’s IT helpdesk portal was out of date.
He said this type of practice would not be unusual for a government organisation.
A spokesman for the Australian Cyber Security Centre said the information disclosed by Mr Clarke was not “top secret” or “secret”.
“While the Australian company is a national-security linked contractor and the information disclosed was commercially sensitive, it was unclassified. The government does not intend to discuss further the details of this cyber incident,” he said.