Top secret Australian military data has been stolen from an Australian defence contractor by hackers. The data includes sensitive information about the $14 billion Joint Strike Fighter program, new fighter jets, navy vessels and spy planes.
Information on the (F-35) Joint Strike Fighter, C130 (Hercules aircraft), the P-8 Poseidon (surveillance aircraft) and joint direct attack munition (JDAM smart bomb kits) was stolen in the hack.
The Australian Signals Directorate incident response manager Mitchell Clarke revealed that the hacker, dubbed ‘ALF’ in reference to a character from the popular Australian soap Home and Away, had targeted a small aerospace engineering company in July last year.
Mr Clarke described the hack as “extensive and extreme” and the security breach as “sloppy admin,” revealing that the hacked organisation has just 50 employees and just one individual responsible for their IT.
The firm had used default logins and passwords such as admin and guest, making it easy for the hackers to gain access to the Australian military data. Hackers were said to have gained “full and unfettered access” to the system and were able to read sensitive emails from those high up in the company.
30 gigabytes of data were stolen but Mr Clarke stated that whilst the data was commercially sensitive it was not in fact classified. Foul play by a foreign government has not been ruled out.
To read more about this story, follow the link below:
Top secret information about fighter jets, navy ships stolen after defence contractor hacked
Top secret technical information about new fighter jets, navy vessels, and surveillance aircraft has been stolen from an Australian defence contractor. Dan Tehan, the minister in charge of cyber security, on Tuesday confirmed the hacking of an unnamed contractor but did not reveal specific details.
How Cyber Essentials Can Help
The first step to keeping your organisation safe from cyber-attack is to be certified with Cyber Essentials. Certification to the Government’s Cyber Essentials Scheme is a mandatory requirement for organisations wishing to win business with the MOD, and can help your organisation prepare and defend itself against malicious cyber-attacks, regardless of the sector you operate in.
