A hacker has obtained sensitive information on Australian spy planes and warships, after infiltrating a subcontracting firm with a hacking tool popular in China.
Australian defence intelligence has been compromised with a hacking tool understood to be popular in China.
The hacker obtained sensitive information on the government’s $14 billion investment on a new fleet of spy planes and naval warships.
It turns out the actor didn’t even have to exploit the vulnerability of this service. When it was set up it was set up with default credentials and they were never changed.
The Australian reports that the hacker had access to the data for three months — between July and November 2016 — before the Australian Signals Directorate (ASD) was alerted that an attacker had infiltrated the network of a 50-person aerospace engineering firm that subcontracts to the Department of Defence.
Mitchell Clarke, incident response manager at the ASD – the government’s main national security cyber spies – made the revelations at an Australian Information Security Association conference in Sydney yesterday.
Mr Clarke explained that the ASD had codenamed the hacker ‘Alf’ after the iconic Australian Home and Away character played by Ray Meagher, but that betrays the seriousness of the matter, with Mr Clarke reporting that Alf stole 30 gigabytes of the restricted intelligence.
He said “the compromise was extensive and extreme”, however a spokesperson for the Australian Cyber Security Centre said it was not classified information.
“That ITAR data included information on the the [F-35] Joint Strike Fighters, the C-130, the P-8 Poseidon, the JDAM –that’s a smart bomb – and a few Australian naval vessels,” Mr Clarke said, according to a copy of the audio provided by freelance technology journalist Stilgherrian, who first reported the story.
Mr Clarke labelled the subcontracting firm as “sloppy”, saying one IT employee who had only been in the job for nine months was tasked with the security.
“It turns out the actor didn’t even have to exploit the vulnerability of this service. When it was set up it was set up with default credentials and they were never changed.”
He indicated the hackers could have been a criminal group or state-sponsored hackers. He said they used a hacking tool called China Chopper, which is reportedly widely used by Chinese hackers.
Explaining the sensitivity of the stolen documents, Mr Clarke revealed: “We found one document [that] was like a Y-diagram of one of the Navy’s new ships and you could zoom in down the captain’s chair and see that it’s one metre away from the nav [navigation] chair and that sort of thing.”
This comes after news broke this week that US-South Korean intelligence had been stolen, possibly by North Korean hacker.