Published: Fri, October 13, 2017
Health Care | By Alberto Manning

Aircraft, weapons data stolen from Australian defense contractor

Aircraft, weapons data stolen from Australian defense contractor

"Given that hackers were able to roam the network long enough to siphon off 30GB of sensitive data, it highlights that there is a fundamental element of cyber-security missing".

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

Late past year a hack was perpetrated on what is called a "partner organization" that worked with the Australian Signals Directorate (ASD).

About 30 gigabytes of data was stolen - including details of the Joint Strike Fighter aircraft and P-8 Poseidon surveillance plane.

Investigator Mitchell Clarke, an incident response manager for the ASD, worked on the investigation and states that one of the stolen pieces of data was a wireframe diagram of "one of the navy's new ships".

The hackers used a tool called "China Chopper" which according to security experts is widely used by Chinese operators, and had gained access via an Internet-facing server, he said.

Fortunately for the country, the data while extremely sensitive, was not classified.

The sub-contractor also had no protective DMZ [de-militarised zone] network and no regular patching process.

More news: Australian real estate agent tosses shark out of oceanside pool

"It could have been a state actor, it could have been cyber criminals, and that's why it was taken so seriously", he said.

Tehan told the ABC the person or group responsible was not known.

At the moment, QinetiQ Australia has 350 specialist staff located across Australia who use their know-how to deliver value solutions to Australian defence and government organisations across air, land, sea and information domains as well as the rail and mining industries.

The theft of the data in the hack was reported publicly as part of the 2017 Threat Report issued by the Australian Cyber Security Centre (ACSC).

The attack on the defense contractor was carried out by a "malicious cyber adversary", it said. The incident, Pyne concluded, was a "salutary reminder" about cyber security.

"But, more importantly, this is an example of other large firms not carrying out adequate third-party risk assessments. It could be a state actor, a non-state actor, it could have been someone who was working for another company". This is not rocket science but does require resources.

Australian Strategic Policy Institute head of cyber policy Fergus Hanson said Canberra had to be demanding on companies entrusted with secret data like defence contractors.

Around 30GB of commercially sensitive data has been compromised in a hack on an Australian government contractor, including details about new fighter planes and navy vessels.

Like this: