Australian defence contractor hacked for fighter jet data

The data stolen in a 2016 breach included technical information on the multi-billion dollar F-35A Joint Strike Fighter program smart bombs and naval vessels

Hacker group codenamed 'Alf' after famous Home and Away character steals sensitive information about Australia's multi-billion dollar fighter jet program

Australia's peak cyber security agency called a hacker who stole gigabytes of confidential defence data from a national security contractor after Alf Stewart from the long-running Australian soap opera Home & Away. "One of the learning outcomes from this particular case study for at least the Australian government is that we need to find a way to start to be a little bit more granular in our contracting to mandate what type of security controls are required", Clarke said.

The breach began in July of past year, but the (ASD) was not alerted until November, hence the hacker might had access to the information for four months.

Defence industry minister Christopher Pyne told the ABC on Thursday he does not know who the hacker is and indicated he would not tell if he knew, "It could be a state actor, a non-state actor".

"It could have been a state actor, it could have been cyber criminals, and that's why it was taken so seriously", he said.

"It could be someone who was working for another company".

Mr Pyne said Australia has experienced an increase in cyberattacks at a time when it is carrying out a $39bn (€25.7bn) submarine project.

The Australian defence ministry is trying to downplay the 2016 hacking of a contractor that exposed data about Australia's Joint Strike Fighter programme.


But Mitchell Clarke, incident response manager at the Australian Signals Directorate, has described the hack as being "extensive and extreme".

The network reportedly had no protective DMZ, no regular patch schedule, and common local admin passwords on all servers and the hosts had internet-facing services.

Stephen Burke, founder and CEO at training firm Cyber Risk Aware said the incident is another example of IT admin not carrying out IT security best practices. This is not rocket science but does require resources. "Collectively, the industry needs to embrace a new approach to security", said German.

"We see this all the time". "This means that, in the inevitability of a breach occurring, the data to which hackers can gain access is constrained".

"Moreover, with trust built on the users and applications - rather than the infrastructure - it becomes possible for organisations to embrace a security model built on breach containment, rather than prevention and detection alone".

"It is a very important reminder to small and medium enterprises as well as the large contractors that they will not get work in defence industry if their cyber security is not up to standard", he said. On 22 March 2018, the event will come to the USA for the first time, taking place in one of the world's most prominent business cities: NY.

Latest News