Hackers steal data on the F-35, C-130, P-8 and JDAM from Australian defense contractor

“The compromise was extensive and extreme, it included information on the F-35, C-130, P-8, JDAM and few naval vessels,” Mitchell Clarke, Australian Signals Directorate manager

Sloppy cyber-security practices has allowed hackers to steal data on the F-35, C-130, P-8 and JDAM from an Australian defense contractor.

As reported by News.com.au, Dan Tehan, the minister in charge of cyber security, said that hackers spent months downloading sensitive information about Australia’s warplanes, navy ships and bomb kits.

Forensic investigations by the Australian Signals Directorate (ASD) found the company was using default passwords on its internet facing services.

But the hackers gained access by exploiting a vulnerability with the firm’s IT helpdesk portal.

As explained by Mitchell Clarke, ASD incident response manager, hackers targeted a small aerospace engineering company with about 50 employees in July last year. He said the firm was subcontracted four levels down from defence contracts. “The compromise was extensive and extreme,” Mr Clarke told the Australian Information Security Association national conference in audio obtained by a freelance journalist called Stilgherrian.
“It included information on the (F-35) Joint Strike Fighter, C-130 (Hercules aircraft), the P-8 Poseidon (surveillance aircraft), joint direct attack munition (JDAM smart bomb kits) and a few naval vessels.”

F-35A print
This print is available in multiple sizes from AircraftProfilePrints.com – CLICK HERE TO GET YOURS. F-35A Lighning II 56th OG, 61st FS, LF/12-5050 / 2014

According to Clarke the information hacked on the new Navy ships included a diagram in which you could zoom in down to the captain’s chair and see that it was one metre away from the navigation chair. He also described the security breach as “sloppy admin:” in fact the organisation not only had just one IT person but also that the person was new to the job.

An Australian Cyber Security Centre spokesperson said the information released by the ASD staffer, who actually works for the centre, was commercially sensitive but unclassified. “While the Australian company is a national-security linked contractor and the information disclosed was commercially sensitive, it was unclassified,” they said in a statement. “The government does not intend to discuss further the details of this cyber incident.”Hackers steal data on the F-35, C-130, P-8 and JDAM from Australian defense contractor

Photo credit: Master Sgt. John Gordinier / U.S. Air Force and Royal Australian Air Force

Artwork courtesy of AircraftProfilePrints.com

This site uses Akismet to reduce spam. Learn how your comment data is processed.