A subcontractor for Australia’s Department of Defense (DoD) became the latest victim of hacking as commercially sensitive information about next generation spy planes and naval warships were reportedly stolen.
The Australian Cyber Security Centre (ACSC) reported the data theft as part of the 2017 Threat Report. Mitchell Clarke, Australian Signals Directorate (ASD) incident response manager, disclosed at the Australian Information Security Association (AISA) conference that “military equipment data and diagrams related to the country’s $14 billion Joint Strike Fighter program were included among 30 gigabytes of data stolen by the attacker”.
Clarke also reportedly stated that some of the stolen information was related to the U.S. International Traffic in Arms Regulations. The attacker used a tool called “China Chopper”, which is apparently popular among Chinese hackers and the breached contractor practiced “sloppy” security, using default logins and passwords.
“That ITAR data included information on the [F-35] Joint Strike Fighters, the C-130, the P-8 Poseidon, the JDAM –that’s a smart bomb – and a few Australian naval vessels,” Clarke noted.
The mysterious perpetrator has been nicknamed Alf, which is an allusion to a character Alf Stewart from Australian TV soap opera Home and Away character played by Ray Meagher.
As per a report published in ZDNet, the hacker infiltrated the 50-person aerospace engineering firm system in mid July 2016 and authorities were only alerted in November by a “partner organization”. In December 2016, the government cyber officials started fixing the system and referred the duration before they responded as “Alf’s Mystery Happy Fun Time”.
Meanwhile, Defense Industry Minister Christopher Pyne said “I am sure there is work being done on finding out who did it. It could be a number of different actors, it could be a state actor, a non-state actor, it could’ve been someone who was working for another company.”