An Australian government agency official has admitted that 30GB of sensitive data about military planes and ships were stolen from a defence subcontractor.
Australian Signals Directorate incident response manager Mitchell Clarke, as ZDNet first reported, told the Australian Information Security Association conference in Sydney on Wednesday that “a significant amount of data was stolen”.
The haul included commercially sensitive data – but not classified — on military equipment like the F-35 Joint Strike Fighter, P-8 Poseidon surveillance plane and C-130 transport plane was stolen, along with information on “a few Australian naval vessels”.
The subcontractor was reportedly a “small Australian company with contracting links to national security projects”, and the hacker had been present in its systems from July 2016. But the ASD, which oversees cybersecurity in the public sector, was not informed until November 2016.
ASD staff codenamed the hacker “Alf”, after a long-running character on the television drama Home & Away, with the period between July and November referred to as “Alf’s mystery happy fun time”.
The federal minister for cybersecurity Dan Tehan revealed the breach earlier this week through the release of the Australian Cyber Security Centre’s 2017 Threat Report, but provided no detail specifically about the Alf incident.
Tehan told the ABC the person or group responsible was not known.
“It could have been a state actor, it could have been cyber criminals, and that’s why it was taken so seriously.”
Dan Slattery, senior information security analyst at tech security firm Webroot, said that the report should worry both the public and private sectors.
“While awareness of cyber-crime is certainly on the rise, so too is the threat that it poses, with the report claiming 47,000 cyber incidents took place in the past 12 months alone.”
Slattery said Webroot’s own research indicated a cyberattack on an Australian business with between 100 and 500 staff would cost an average of $1.9 million.