Hackers steal 'sensitive data' from Aussie defence firm

Ebony Scott
October 13, 2017

Australian Signals Directorate incident response manager Mitchell Clarke revealed to a conference on Wednesday an aerospace engineering company with about 50 employees was compromised a year ago. The hacker, he said, was codenamed Alf, after a well-known character, Alf Stewart, from the Australian TV soap opera Home and Away.

Clarke said the "methodical, slow and deliberate", choice of target suggested a nation-state actor could be behind the attack, according to Reuters. "It could be someone who was working for another company", Christopher Pyne told the broadcaster on Thursday.

An aerospace engineering firm that subcontracts to the Australian Department of Defence was hacked into and restricted information on several advanced defence systems stolen in 2016. In 2011 for example, a major Japanese defence contractor was hacked.

According to Mitchell Clarke, an ASD incident response manager, the stolen documents for a Navy ship could let a viewer, "zoom in down to the captain's chair and see that it's, you know, one metre away from nav chair". The attacker had apparently gained and continued to have access for an extended period of time and the report says that the hacker "remained active on the network at the time".

"The compromise was extensive and extreme", Mr Clarke told the Australian Information Security Association national conference in audio obtained by freelance journalist Stilgherrian.

Stephen Burke, founder and CEO at training firm Cyber Risk Aware said the incident is another example of IT admin not carrying out IT security best practices.

House passes $36.5B of aid for Puerto Rico, hurricane-hit states
Puerto Rico lost population and jobs after Congress eliminated special tax breaks in 2006, making it more hard to repay its debts. Ch-ch-check out the strongest reactions (below)! Just 17% of the US territory has power, according to the island's government .

Wenger: Sanchez, Ozil could leave Arsenal in January
He could not guide his country to World Cup qualification, and Wenger admits he does not know the effect it will have on the player.

Palestinian Authority, Hamas Reach Reconciliation Deal After 10-Year Feud
The Fatah official stressed that President Mahmoud Abbas instructed the delegation not to return without a reconciliation deal. But one central issue has yet to be discussed: the fate of Hamas' militant wing and cache of rockets and weapons.

As cyber security experts backed the minister's call, Mr Pyne deflected blame from the government, arguing ultimate responsibility lies with the company that was breached.

Even without this exploit, the company still had used the default username and passwords for many of its logins.

"Fortunately the data that has been taken is commercial data, not military data", he said. "Collectively, the industry needs to embrace a new approach to security", said German.

"Moreover, with trust built on the users and applications - rather than the infrastructure - it becomes possible for organisations to embrace a security model built on breach containment, rather than prevention and detection alone".

Clarke described the breach Wednesday at an information security conference in Sydney, saying only one person managed all IT-related functions at the small business, and had only been in the position for nine months as staff turnover was high, ZDNet reports. "This means that, in the inevitability of a breach occurring, the data to which hackers can gain access is constrained".

Other reports by GizPress

Discuss This Article