"Defence data stolen from firm using 'admin' and 'guest" as credentials

A hacker group codenamed'Alf after the Home and Away character has broken into a defence contractor and stolen sensitive data on military projects

A mystery hacker codenamed after a larrikin Australian soap opera character has been revealed as stealing sensitive, high-level information about a $1.1 trillion defence project created by an alliance including Australia, the U.S, United Kingdom and Canada.

About 30GB of data was compromised in the hack on a government contractor, including details about new fighter planes and navy vessels.

Some 30GB of "sensitive data" subjected to restricted access under the US government's International Traffic in Arms Regulations rules were stolen, ASD's Mitchell Clarke told a security conference Wednesday according to ZDNet. It did not know if a state was involved.

At a cyber security conference in Sydney yesterday Australian Signals Directorate incident manager Mitchell Clarke said that ASD was tipped off in November 2016 that a hacker had infiltrated the network of an engineering sub-contractor for the Defence Department.

"While the Australian company is a national security-linked contractor and the information disclosed was commercially sensitive, it was unclassified. It could be someone who is working for another company".

Mr Pyne said he had been assured the theft was not a risk to national security.

The federal government has admitted it still doesn't know who managed to hack top secret technical information about new fighter jet and navy vessels previous year.

The subcontractor was revealed as using software that hadn't been updated for 12 months as well as username-password combinations, "admin-admin" and "guest-guest". The three month period where they were unaware of the breach they dubbed "Alf's Mystery Happy Fun Time".

"For those visitors overseas to Australia, Alf is Alf Stewart from an horrific Australia soap opera called Home and Away. It's just a thing we do", he said.

The government distanced itself from the Adelaide-based firm, saying it had most likely been employed by another contractor.

"Companies like QinetiQ are making important investment decisions now to set themselves up for success in the future and to take advantage of these opportunities", said Pyne.

"Fortunately the data that has been taken is commercial data, not military data", he said.

"The information we collect through the ASD is very highly classified, secret, confidential information", he said.

Pyne added that Australia was increasingly a target for cyber criminals as it was undertaking a massive Aus$50 billion ($39 billion) submarine project which he described as the world's largest.

Last year, Australia announced a surge in defence spending, a move that reflects concern over military expansion in the region.

Related:

Comments


Other news