Australia jet and navy data stolen in ‘extensive’ hack
Sensitive information about Australia’s defence programmes has been stolen in an “extensive” cyber hack.
About 30GB of data was compromised in the hack on a government contractor, including details about new fighter planes and navy vessels.
The data was commercially sensitive but not classified, the government said. It did not know if a state was involved.
Australian cyber security officials dubbed the mystery hacker “Alf”, after a character on TV soap Home and Away.
The breach began in July last year, but the Australian Signals Directorate (ASD) was not alerted until November. The hacker’s identity is not known.
“It could be one of a number of different actors,” Defence Industry Minister Christopher Pyne told the Australian Broadcasting Corp on Thursday.
“It could be a state actor, [or] a non-state actor.”
Mr Pyne said he had been assured the theft was not a risk to national security.
The hack was described as “extensive and extreme” by ASD incident response manager Mitchell Clarke.
It included information about Australia’s new A$ 17bn (£10bn; $ 13bn) F-35 Joint Strike Fighter programme, C130 transport plane and P-8 Poseidon surveillance aircraft, as well as “a few” naval vessels, he said.
Mr Clarke told a Sydney security conference that the hacker had exploited a weakness in software being used by the government contractor. The software had not been updated for 12 months.
The small aerospace engineering firm was also using default passwords, he said.
ASD officials began repairing the system in December.
A report by ZDNet said officials referred to the months before ASD intervention as “Alf’s mystery happy fun time”.
“For those visitors overseas to Australia, Alf is Alf Stewart from an horrific Australia soap opera called Home and Away. It’s just a thing we do,” Mr Clarke told his audience, according to BuzzFeed.