Security Breach Sees Secrets Stolen From International, $1.1 Trillion Joint Strike Fighter Project

12th oct 2017

A mystery hacker codenamed after a larrikin Australian soap opera character has been revealed as stealing sensitive, high-level information about a $1.1 trillion defence project created by an alliance including Australia, the U.S, UK and Canada.

The data about Australia’s warplanes and navy ships was stolen from an Adelaide Defence subcontractor which had one I.T. specialist and used extremely easy passwords.

Given the name “ATP ALF” — in reference to a +30 year character from the long-running Australian beachside TV program, “Home and Away” — the hacker had managed to sit inside the system of the contractor for months before detection in November 2016, and stole information about programs such as the $17 billion F-35 Joint Strike Fighter project, the C-130 Hercules transport plane and the $4 billion P-8 Poseidon maritime surveillance aircraft project.

A state actor has not been ruled out and it has been reported that a hacking tool, known as the Chinese Chopper, was used. The stolen data was not classified military information, but it was described as “commercially sensitive”.

The hack was discovered by a major Defence contractor.

A hacker a government agency has named ‘Alf’ (after the Home and Away character) has stolen sensitive Defence info https://t.co/awUKATLwgV
— Bevan Shields (@BevanShields) October 11, 2017

Intelligence agency, the Australian Signals Directorate (ASD) revealed details of the hack, through the technology news website ZDNet, on Wednesday, after it was flagged on Tuesday by the minister for cyber security, Dan Tehan.

According to Mitchell Clarke, an ASD incident response manager, the stolen documents for a Navy ship could let a viewer, “zoom in down to the captain’s chair and see that it’s, you know, one metre away from nav chair”.

The subcontractor was revealed as using software that hadn’t been updated for 12 months as well as username-password combinations, “admin-admin” and “guest-guest”.

The many months between where the hacker was left to his own devices was referred to ‘Alf’s Mystery Happy Fun Time’.

Not an SME – a defence supply chain. Vendors are threat vectors. https://t.co/lxCk9WqDe7
— Tim Watts MP (@TimWattsMP) October 11, 2017

Defence industry minister Christopher Pyne told the ABC on Thursday he does not know who the hacker is and indicated he would not tell if he knew, “It could be a state actor, a non-state actor. It could somebody working for another company”. He described the contractor as a small enterprise and rejected any implication that the Turnbull Government was to blame for the hack.

 

 

source/read more : http://www.huffingtonpost.com.au/2017/10/11/adelaide-security-breach-sees-secrets-stolen-from-international-1-1-trillion-joint-strike-fighter-project_a_23240582/?utm_hp_ref=au-homepage

Leave a Reply

Your email address will not be published. Required fields are marked *

SPAM/MORON CHECK: * Time limit is exhausted. Please reload CAPTCHA.