A defence contractor was hacked and more than 30 gigabytes of commercially sensitive data involving the nation’s naval and air force projects was stolen, the government’s to cyber security organisation has revealed.
The Australian Signals Directorate told a conference in Sydney yesterday about the hack following Tuesday’s release of the Australian Cyber Security Centre’s 2017 Threat Report, which first mentioned the issue, saying it involved a significant attack on a small aerospace engineering company with links to national security projects.
Security officials at the ASD first became aware of the breach in November 2016 following a tip off.
ZD-Net reported yesterday that the hack included technical information on several new acquisitions the government is currently spending tens of billions of dollars on to bolster the nation’s defence capability, including the the F-35 Joint Strike Fighter, the P-8 Poseidon surveillance and C-130 transport aircraft, a smart bomb kit and some naval vessels.
Mitchell Clarke, an incident response manager at the ASD, said the information was restricted under US-designed arms trafficking regulations, but was commercial rather than top secret. He believes the attack was either state-sponsored or from a criminal group.
But most of the material taken was defence-related and he called the attack “extensive and extreme”. The hackers used a popular Chinese tool called China Chop to gain access, and were able to read emails and data across the 50-person company’s IT systems.
The ASD team named the attacker Alf after the Home and Away character played by Ray Meagher and believe the attack began in July 2016. Cyber security minister Dan Tehan said earlier this week that officials believe the attack originated in China. Clarke and the ASD dubbed the three-month breach “Alfs Mstery Happy Fun Time”.
The company’s security protocols were not strong and managed by a single person. The default passwords were still in place on systems connected to the internet, the ASD found.
The hackers initially gained access via a 12-month-old vulnerability in the company’s IT Helpdesk Portal. which Clarke said “isn’t uncommon”.
ZD-Net raises the issue of compliance with the International Traffic in Arms Regulations (ITAR) security certification required for contractors dealing in US arms exports, but Clarke told the Australian Information Security Association conference the application was basic and the Australian government needs to consider mandating higher levels of security for contractors.
Details of the breach come as the government works to improve national cyber-security, recognised that hacking and cyber-attacks are the new front in global espionage.