Sensitive Australian defence data stolen by hacker
More than 30 gigabytes of sensitive Australian Defence Force (ADF) data has been stolen by a hacker, it was revealed today, Xinhua news agency reported.
The hacker, going by the codename "Alf," stole information about Australia's US$13.2 billion Joint Strike Fighter (JSF) programme and US$3.1 billion P-8 surveillance plane project from an Adelaide-based defence contractor.
The Australian Signals Directorate (ASD) said that the hacker had "full and unfettered access" to the information for four months in 2016 before the breach was detected in November.
Australian Defence Industry Minister Christopher Pyne (photo) admitted that the government still did not know who carried out the hack.
"I don't know who did it... it could be one of a number of different actors. It could be a state actor, a non-state actor," Pyne told Australian radio today.
"It could be someone who was working for another company."
The username and password combination used to access the company's system was the default "admin" and "guest."
Reminder to take cybersecurity seriously
Pyne said the incident was "reminder to everyone in the industry and the government" to take cybersecurity seriously but said holding the government responsible for the breach was a "stretch".
"I don't think you can try and sheet blame for a small enterprise having lax cybersecurity back to the federal government. That is a stretch," Pyne said.
"You don't know that we've tendered a major defence contract to a small enterprise with poor cybersecurity protections, you don't know that. The contractor could well have been working for a prime (contractor)."
The government stressed that the information stolen was commercially sensitive but not classified.
Mitchell Clarke, an ASD incident response manager, said that the company that was breached was small, employing 50 people and with only one Information Technology (IT) expert.
"The compromise was extensive and extreme," Clarke said.
"A significant amount of data was stolen from them, and most of the data was defence related."