This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at https://www.theguardian.com/australia-news/2017/oct/12/secret-files-on-jets-and-navy-ships-stolen-in-extensive-and-extreme-hack
The article has changed 6 times. There is an RSS feed of changes available.
| Version 3 | Version 4 |
|---|---|
| Secret files on jets and navy ships stolen in 'extensive and extreme' hack | Secret files on jets and navy ships stolen in 'extensive and extreme' hack |
| (4 months later) | |
| Information about F-35 joint strike fighter was taken in cyberattack on Australian defence contractor, official reveals | |
| Australian Associated Press | |
| Wed 11 Oct 2017 21.56 BST | |
| Last modified on Wed 11 Oct 2017 23.49 BST | |
| Share on Facebook | |
| Share on Twitter | |
| Share via Email | |
| View more sharing options | |
| Share on LinkedIn | |
| Share on Pinterest | |
| Share on Google+ | |
| Share on WhatsApp | |
| Share on Messenger | |
| Close | |
| Secret information about new fighter jets, navy vessels and surveillance aircraft has been stolen from an Australian defence contractor. | Secret information about new fighter jets, navy vessels and surveillance aircraft has been stolen from an Australian defence contractor. |
| The hackers had “full and unfettered access” to the information for four months last year, before the Australian Signals Directorate was tipped about the breach in November. | The hackers had “full and unfettered access” to the information for four months last year, before the Australian Signals Directorate was tipped about the breach in November. |
| Christopher Pyne, the defence industry minister, has admitted he has no idea who the hackers were but has stressed the stolen information was commercially sensitive rather than “classified” military information. | Christopher Pyne, the defence industry minister, has admitted he has no idea who the hackers were but has stressed the stolen information was commercially sensitive rather than “classified” military information. |
| “It could be one of a number of different actors,” Pyne told the ABC on Thursday. “It could be a state actor, a non-state actor.” | “It could be one of a number of different actors,” Pyne told the ABC on Thursday. “It could be a state actor, a non-state actor.” |
| Mitchell Clarke, the Australian Signals Directorate incident response manager, told a conference in Sydney on Wednesday the hackers had targeted a small “mum and dad type business”, an aerospace engineering company with about 50 employees, in July last year. | Mitchell Clarke, the Australian Signals Directorate incident response manager, told a conference in Sydney on Wednesday the hackers had targeted a small “mum and dad type business”, an aerospace engineering company with about 50 employees, in July last year. |
| He said the firm was subcontracted four levels down from defence contracts. | He said the firm was subcontracted four levels down from defence contracts. |
| “The compromise was extensive and extreme,” he told the Australian Information Security Association national conference in audio obtained by a freelance journalist called Stilgherrian. | “The compromise was extensive and extreme,” he told the Australian Information Security Association national conference in audio obtained by a freelance journalist called Stilgherrian. |
| “It included information on the [F-35] joint strike fighter, C130 [Hercules aircraft], the P-8 Poseidon [surveillance aircraft], joint direct attack munition [JDAM smart bomb kits] and a few naval vessels.” | “It included information on the [F-35] joint strike fighter, C130 [Hercules aircraft], the P-8 Poseidon [surveillance aircraft], joint direct attack munition [JDAM smart bomb kits] and a few naval vessels.” |
| He said the information hacked on the new navy ships included a diagram in which you could zoom in down to the captain’s chair and see that it was one metre away from the navigation chair. | He said the information hacked on the new navy ships included a diagram in which you could zoom in down to the captain’s chair and see that it was one metre away from the navigation chair. |
| Clarke described the security breach as “sloppy admin”. The organisation targeted was a small aerospace engineering firm with dozens of employees. It had a number of defence contracts, but only one IT staff member. | Clarke described the security breach as “sloppy admin”. The organisation targeted was a small aerospace engineering firm with dozens of employees. It had a number of defence contracts, but only one IT staff member. |
| The conference heard the hackers could have been state-sponsored, or a criminal group. The hackers had used a tool called China Chopper, favoured by Chinese hackers. | The conference heard the hackers could have been state-sponsored, or a criminal group. The hackers had used a tool called China Chopper, favoured by Chinese hackers. |
| The Australian Signals Directorate dubbed the hacker “Alf”, after a character in TV soap opera Home and Away. | The Australian Signals Directorate dubbed the hacker “Alf”, after a character in TV soap opera Home and Away. |
| Alastair MacGibbon, the special adviser to the prime minister on cyber security, also stressed the stolen information was only commercially sensitive. | Alastair MacGibbon, the special adviser to the prime minister on cyber security, also stressed the stolen information was only commercially sensitive. |
| “Unfortunately, there are a range of ways that the attacker could have got in, including default passwords on certain key parts of the IT infrastructure of the target company,” he told the ABC on Thursday. | “Unfortunately, there are a range of ways that the attacker could have got in, including default passwords on certain key parts of the IT infrastructure of the target company,” he told the ABC on Thursday. |
| He would not say if the government had formal requirements for contractors that passwords are not set to default. | He would not say if the government had formal requirements for contractors that passwords are not set to default. |
| “They weren’t directly contracted to the department,” he said. “It is an important distinction. My understanding is that they were actually working for a larger defence contractor. | “They weren’t directly contracted to the department,” he said. “It is an important distinction. My understanding is that they were actually working for a larger defence contractor. |
| “This is a supply chain issue. It is a third-party supply chain issue. This is something I’ve been speaking about for several years and it is important”. | “This is a supply chain issue. It is a third-party supply chain issue. This is something I’ve been speaking about for several years and it is important”. |
| Australian defence force | |
| Hacking | |
| Coalition | |
| Australian politics | |
| Share on Facebook | |
| Share on Twitter | |
| Share via Email | |
| Share on LinkedIn | |
| Share on Pinterest | |
| Share on Google+ | |
| Share on WhatsApp | |
| Share on Messenger | |
| Reuse this content |