Secret Data on Australian Fighter Jets and Navy Ships Stolen in a “Methodical, Slow and Deliberate” Hack
Hackers stole sensitive and restricted technical data about F-35 stealth fighter and P-8 surveillance aircraft programmes in Australia when a defence subcontractor's network was breached. Officials said on Thursday that the tool used to gain access was widely used by Chinese cybercriminals.
Joint Strike Fighter plans stolen in a cyberattack in Australia
The breach happened in July 2016 but the Australian Signals Directorate (ASD) was only alerted by an unnamed "partner organization" in November that an attacker had gained access to the network of a 50-person aerospace engineering firm, a contractor of the Department of Defence. The data stolen included classified information on the F-35 Joint Strike Fighter, the P-8 Poseidon maritime patrol aircraft, the C-130 transport aircraft, the Joint Direct Attack Munition (JDAM) smart bomb kit, and a few Australian naval vessels.
A report by ZDNet suggests that some of the information stolen was restricted under the International Traffic in Arms Regulations (ITAR), "the US system designed to control the export of defence- and military-related technologies."
Investigators are calling this hacker "Alf" after a character on Australian soap "Home and Away" that's quite popular in the country. The time period between July and November when the contractor was unaware of the hack is being called "Alf's Mystery Happy Fun Time." The tool used by hackers is being dubbed "China Chopper," which the security experts say has been widely used by Chinese attackers. The attacker(s) also gained access to some parts of the networks thanks to the military subcontractor's use of default login credentials like "admin" and "guest" as passwords.
While the tools may have been widely used by Chinese, attribution isn't usually that easy. "It could be one of a number of different actors," Christopher Pyne, the defence industry minister, said. "It could be a state actor, a non-state actor."
The latest disclosure comes just a day after Dan Tehan, the minister for cybersecurity, revealed that the country is facing a growth in cyberattacks, saying that cybersecurity needs to be relevant for "mums and dads" and communities.
The targeted contractor had a number of defence contracts but just one IT staff member on its team. Mitchell Clarke, an incident response manager who worked on the case, warned that the Australian government needs to "find a way to start to be a little bit more granular in our contracting to mandate what type of security controls are required" by the contractors.