Hackers steal 'sensitive data' from Aussie defence firm

SYDNEY • Sensitive data about Australia's F-35 stealth fighter and P-8 surveillance aircraft programmes were stolen when a defence subcontractor was hacked using a tool widely used by Chinese cyber criminals, officials said yesterday.

The 50-person aerospace engineering firm was compromised in July last year but the national cyber security agency, the Australian Signals Directorate (ASD), became aware of the breach only in November, technology website ZDNet Australia reported.

Some 30GB of "sensitive data" subjected to restricted access under the US government's International Traffic in Arms Regulations rules was stolen, ASD's Mr Mitchell Clarke told a security conference Wednesday according to ZDNet.

Mr Clarke, who worked on the case and did not name the subcontractor, said information about the F-35, the US' latest generation of fighter jets, as well as the P8, an advanced submarine hunter and surveillance craft, was lifted.

Another document was a wireframe diagram of one of the Australian navy's new ships, where a viewer could "zoom in down to the captain's chair".

The hackers used a tool called "China Chopper" which according to security experts is widely used by Chinese operators, and had gained access via an Internet-facing server, he said.

In other parts of the network, the subcontractor also used Internet-facing services that still had their default passwords "admin" and "guest".

Those brought in to assess the attack nicknamed the hacker Alf, after a character on the popular Australian soap opera Home And Away, Mr Clarke said. The three-month period when they were unaware of the breach was dubbed "Alf's Mystery Happy Fun Time".

Defence Industry Minister Christopher Pyne told reporters in Adelaide "the information they have breached is commercial".

"It is not classified and it is not dangerous in terms of the military," he said.

Mr Pyne added that Australia was increasingly a target for cyber criminals as it was undertaking a massive A$50 billion (S$53 billion) submarine project which he described as the world's largest.


A version of this article appeared in the print edition of The Straits Times on October 13, 2017, with the headline 'Hackers steal 'sensitive data' from Aussie defence firm'. Print Edition | Subscribe