Se­cret files on jets and navy ships stolen in 'ex­ten­sive and ex­treme' hack

The Guardian Australia - - News / World News - Aus­tralian As­so­ci­ated Press

Se­cret in­for­ma­tion about new fighter jets, navy ves­sels and sur­veil­lance air­craft has been stolen from an Aus­tralian de­fence con­trac­tor.

The hack­ers had “full and un­fet­tered ac­cess” to the in­for­ma­tion for four months last year, be­fore the Aus­tralian Sig­nals Direc­torate was tipped about the breach in Novem­ber.

Christo­pher Pyne, the de­fence in­dus­try min­is­ter, has ad­mit­ted he has no idea who the hack­ers were but has stressed the stolen in­for­ma­tion was com­mer­cially sen­si­tive rather than “clas­si­fied” mil­i­tary in­for­ma­tion.

“It could be one of a num­ber of dif­fer­ent ac­tors,” Pyne told the ABC on Thursday. “It could be a state ac­tor, a non-state ac­tor.”

Mitchell Clarke, the Aus­tralian Sig­nals Direc­torate in­ci­dent re­sponse man­ager, told a con­fer­ence in Syd­ney on Wed­nes­day the hack­ers had tar­geted a small “mum and dad type busi­ness”, an aero­space en­gi­neer­ing com­pany with about 50 em­ploy­ees, in July last year.

He said the firm was sub­con­tracted four lev­els down from de­fence con­tracts.

“The com­pro­mise was ex­ten­sive and ex­treme,” he told the Aus­tralian In­for­ma­tion Se­cu­rity As­so­ci­a­tion na­tional con­fer­ence in au­dio ob­tained by a free­lance jour­nal­ist called Stil­gher­rian.

“It in­cluded in­for­ma­tion on the [F-35] joint strike fighter, C130 [Her­cules air­craft], the P-8 Po­sei­don [sur­veil­lance air­craft], joint di­rect at­tack mu­ni­tion [JDAM smart bomb kits] and a few naval ves­sels.”

He said the in­for­ma­tion hacked on the new navy ships in­cluded a di­a­gram in which you could zoom in down to the cap­tain’s chair and see that it was one me­tre away from the nav­i­ga­tion chair.

Clarke de­scribed the se­cu­rity breach as “sloppy ad­min”. The or­gan­i­sa­tion tar­geted was a small aero­space en­gi­neer­ing firm with dozens of em­ploy­ees. It had a num­ber of de­fence con­tracts, but only one IT staff mem­ber.

The con­fer­ence heard the hack­ers could have been state-spon­sored, or a crim­i­nal group. The hack­ers had used a tool called China Chop­per, favoured by Chi­nese hack­ers.

The Aus­tralian Sig­nals Direc­torate dubbed the hacker “Alf”, af­ter a char­ac­ter in TV soap opera Home and Away.

Alas­tair MacGib­bon, the spe­cial ad­viser to the prime min­is­ter on cy­ber se­cu­rity, also stressed the stolen in­for­ma­tion was only com­mer­cially sen­si­tive.

“Un­for­tu­nately, there are a range of ways that the at­tacker could have got in, in­clud­ing de­fault pass­words on cer­tain key parts of the IT in­fra­struc­ture of the tar­get com­pany,” he told the ABC on Thursday.

He would not say if the gov­ern­ment had for­mal re­quire­ments for con­trac­tors that pass­words are not set to de­fault.

“They weren’t di­rectly con­tracted to the depart­ment,” he said. “It is an im­por­tant dis­tinc­tion. My un­der­stand­ing is that they were ac­tu­ally work­ing for a larger de­fence con­trac­tor.

“This is a sup­ply chain is­sue. It is a third-party sup­ply chain is­sue. This is some­thing I’ve been speak­ing about for sev­eral years and it is im­por­tant”.

Pho­to­graph: Scott Bar­bour/Getty Im­ages

Mal­colm Turn­bull in­spects a joint strike fighter F-35 at the Avalon air show. Com­mer­cial in­for­ma­tion about the JSF was hacked.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.