Hackers steal data on the F-35, C-130, P-8 and JDAM from Australian defense contractor


By Dario Leone
Oct 16 2017
Share this article

“The compromise was extensive and extreme, it included information on the F-35, C-130, P-8, JDAM and few naval vessels,” Mitchell Clarke, Australian Signals Directorate manager

Sloppy cyber-security practices has allowed hackers to steal data on the F-35, C-130, P-8 and JDAM from an Australian defense contractor.

As reported by News.com.au, Dan Tehan, the minister in charge of cyber security, said that hackers spent months downloading sensitive information about Australia’s warplanes, navy ships and bomb kits.

Forensic investigations by the Australian Signals Directorate (ASD) found the company was using default passwords on its internet facing services.

But the hackers gained access by exploiting a vulnerability with the firm’s IT helpdesk portal.

As explained by Mitchell Clarke, ASD incident response manager, hackers targeted a small aerospace engineering company with about 50 employees in July last year. He said the firm was subcontracted four levels down from defence contracts. “The compromise was extensive and extreme,” Mr Clarke told the Australian Information Security Association national conference in audio obtained by a freelance journalist called Stilgherrian.
“It included information on the (F-35) Joint Strike Fighter, C-130 (Hercules aircraft), the P-8 Poseidon (surveillance aircraft), joint direct attack munition (JDAM smart bomb kits) and a few naval vessels.”

F-35A print
This print is available in multiple sizes from AircraftProfilePrints.com – CLICK HERE TO GET YOURS. F-35A Lighning II 56th OG, 61st FS, LF/12-5050 / 2014

According to Clarke the information hacked on the new Navy ships included a diagram in which you could zoom in down to the captain’s chair and see that it was one metre away from the navigation chair. He also described the security breach as “sloppy admin:” in fact the organisation not only had just one IT person but also that the person was new to the job.

Hackers steal data on the F-35, C-130, P-8 and JDAM from Australian defense contractor

An Australian Cyber Security Centre spokesperson said the information released by the ASD staffer, who actually works for the centre, was commercially sensitive but unclassified. “While the Australian company is a national-security linked contractor and the information disclosed was commercially sensitive, it was unclassified,” they said in a statement. “The government does not intend to discuss further the details of this cyber incident.”

Photo credit: Master Sgt. John Gordinier / U.S. Air Force and Royal Australian Air Force

Artwork courtesy of AircraftProfilePrints.com

Share this article

Dario Leone

Dario Leone

Dario Leone is an aviation, defense and military writer. He is the Founder and Editor of “The Aviation Geek Club” one of the world’s most read military aviation blogs. His writing has appeared in The National Interest and other news media. He has reported from Europe and flown Super Puma and Cougar helicopters with the Swiss Air Force.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share this article

Share this article
Share this article

Always up to date! News and offers delivered directly to you!

Get the best aviation news, stories and features from The Aviation Geek Club in our newsletter, delivered straight to your inbox.

Error: Contact form not found.

Share this article
Back to top
My Agile Privacy
This website uses technical and profiling cookies. Clicking on "Accept" authorises all profiling cookies. Clicking on "Refuse" or the X will refuse all profiling cookies. By clicking on "Customise" you can select which profiling cookies to activate. In addition, this site installs Google Analytics in version 4 (GA4) with anonymous data transmission via proxy. By giving your consent, the data will be sent anonymously, thus protecting your privacy. We and our selected ad partners can store and/or access information on your device, such as cookies, unique identifiers, browsing data. You can always choose the specific purposes related to profiling by accessing the advertising preferences panel, and you can always withdraw your consent at any time by clicking on "Manage consent" at the bottom of the page.

List of some possible advertising permissions:

You can consult: our list of advertising partners, the Cookie Policy and the Privacy Policy.
Warning: some page functionalities could not work due to your privacy choices