Hacker codenamed in honour of ‘Alf’ from Home and Away stole sensitive data about Australian military projects

Commercially sensitive information on the $14 billion Joint Strike Fighter program, Australia’s next fleet of spy planes and several of its naval warships have been stolen by hackers who breached a Department of Defence contractor, a government official has revealed.

A manager at the Australian Signals Directorate – the government’s main national security cyber spies – told a conference in Sydney on Wednesday that the hackers stole 30 gigabytes of data including on the Defence projects.

ASD incident response manager Mitchell Clarke told the Australian Information Security Association conference that the ASD had codenamed the hacker ‘Alf’ after the Home and Away character played by Ray Meagher.

A spokesperson for the Australian Cyber Security Centre, for which Mr Clarke works, said the data was commercially sensitive but was not classified.

Mr Clarke told the conference that “the compromise was extensive and extreme”. Dan Tehan, the Minister Assisting the Prime Minister for Cyber Security, had on Tuesday highlighted the case as a significant breach, though he did not provide details.

Mr Clarke also didn’t rule out that a foreign government was behind the incident.

He said the company “had a significant amount of data stolen … and most of that data was defence-related” and that some of it related to the US International Traffic in Arms Regulations, which verifies the security credentials of firms dealing in US military and defence exports.

“That ITAR data included information on the the [F-35] Joint Strike Fighters, the C-130, the P-8 Poseidon, the JDAM –that’s a smart bomb – and a few Australian naval vessels,” Mr Clarke said, according to a copy of the audio provided by freelance technology journalist Stilgherrian, who first reported the story.

“We found one document [that] was like a Y-diagram of one of the Navy’s new ships and you could zoom in down the captain’s chair and see that it’s one metre away from the nav [navigation] chair and that sort of thing.”

The P-8 Poseidon is the RAAF’s soon-to-arrive fleet of new spy planes.

Mr Clarke described the hack as “a very good exfil [exfiltration] for the actor”.

He indicated the hackers could have been a criminal group or state-sponsored hackers. He said they used a hacking tool called China Chopper, which is reportedly widely used by Chinese hackers.

The small aerospace engineering firm of about 50 employees, which had contracts on a number of Defence projects, had just one IT staff member who had been in the job nine months, which Mr Clarke described as “sloppy”.

“There’s no way this one IT person could have done everything perfectly across the whole domain.”

The firm had used default logins and passwords “admin” and “guest”.

The hackers had “full and unfettered access” to the system and read emails of the chief engineer, the finance officer and a contracting engineer.

The ASD was tipped about the breach by “a partner organisation” in November last year. The hack occurred in July 2016.

He said that the company didn’t believe ASD and national Computer Emergency Response Team investigators when they arrived because they don’t carry credentials. The company rang both the ASD and CERT hotlines but both organisations said they were not aware that their representatives were approaching the company.

Mr Clarke also said ASD’s incident response team was “getting busier and busier as time goes on and we have less and less people so it’s getting difficult for us and we’re seeing I guess a really large workload”.


Leave a Reply