An estimated 30GB of data was compromised in a hack on an Australian government subcontractor, which included sensitive details about new fighter planes and navy vessels. According to government officials, the data was commercially sensitive but it was not classified and the breach is not thought to be a risk to national security.
The breach is believed to have started as early as July 2016 but the Australian Signals Directorate (ASD), Australia’s domestic spy agency, was not informed until November of the same year. The timeline indicates that the hacker may have had access to the system for as many as three months before being discovered. At this point, the hacker’s identity is still unknown but is being referred to as “Alf” after a character on an Australian soap opera.
Among the compromised data was information on Australia’s F-53 Joint Strike Fighter program, some navy vessels, the C130 transport plane, and the P-8 Poseidon surveillance aircraft. Detailed information on the blueprints and make-up of the military vehicles was made publicly available and gathered by the hacking group.
Although the identity of the hacker is still unknown, government officials confirmed that the hack occurred through an Adelaide-based subcontractor. The subcontractor was hacked through a vulnerability in their system, which had not been updated in 12 months. The vulnerability is not uncommon and was hacked through a backdoor called a “Chinese Chopper remote shell.” In addition to the vulnerability, which the subcontractor has since patched, the ASD revealed that their internet-facing services retained their default passwords.
According to the Australian Cyber Security Threat Report of 2017, there were 734 cyber incidents affecting private sector systems of national interest and critical infrastructure providers.