Military Aviation


“The compromise was extensive and extreme, it included information on the F-35, C-130, P-8, JDAM and few naval vessels,” Mitchell Clarke, Australian Signals Directorate manager

Sloppy cyber-security practices has allowed hackers to steal data on the F-35, C-130, P-8 and JDAM from an Australian defense contractor.

As reported by, Dan Tehan, the minister in charge of cyber security, said that hackers spent months downloading sensitive information about Australia’s warplanes, navy ships and bomb kits.

Forensic investigations by the Australian Signals Directorate (ASD) found the company was using default passwords on its internet facing services.

But the hackers gained access by exploiting a vulnerability with the firm’s IT helpdesk portal.

As explained by Mitchell Clarke, ASD incident response manager, hackers targeted a small aerospace engineering company with about 50 employees in July last year. He said the firm was subcontracted four levels down from defence contracts. “The compromise was extensive and extreme,” Mr Clarke told the Australian Information Security Association national conference in audio obtained by a freelance journalist called Stilgherrian.
“It included information on the (F-35) Joint Strike Fighter, C-130 (Hercules aircraft), the P-8 Poseidon (surveillance aircraft), joint direct attack munition (JDAM smart bomb kits) and a few naval vessels.”

This print is available in multiple sizes from – CLICK HERE TO GET YOURS. F-35A Lighning II 56th OG, 61st FS, LF/12-5050 / 2014

According to Clarke the information hacked on the new Navy ships included a diagram in which you could zoom in down to the captain’s chair and see that it was one metre away from the navigation chair. He also described the security breach as “sloppy admin:” in fact the organisation not only had just one IT person but also that the person was new to the job.

An Australian Cyber Security Centre spokesperson said the information released by the ASD staffer, who actually works for the centre, was commercially sensitive but unclassified. “While the Australian company is a national-security linked contractor and the information disclosed was commercially sensitive, it was unclassified,” they said in a statement. “The government does not intend to discuss further the details of this cyber incident.”

Photo credit: Master Sgt. John Gordinier / U.S. Air Force and Royal Australian Air Force

Artwork courtesy of

Dario Leone

Dario Leone is an aviation, defense and military writer. He is the Founder and Editor of “The Aviation Geek Club” one of the world’s most read military aviation blogs. His writing has appeared in The National Interest and other news media. He has reported from Europe and flown Super Puma and Cougar helicopters with the Swiss Air Force.

Recent Posts

The ringmaster’s Grand Finale: Legendary German Ace Adolf Galland recalls his last combat mission

Legendary German Ace Adolf Galland By far the best-known of Germany’s World War II fighter… Read More

5 hours ago

Impressive video shows 509th Bomb Wing and 131st Bomb Wing performing mass fly-off of 12 B-2 Spirit bombers

Mass fly-off of 12 B-2 stealth bombers Filmed on Apr. 15, 2024 15 at Whiteman… Read More

5 hours ago

Alligator blocks USAF KC-135 Stratotanker, fights with FWC Officers at MacDill AFB

Alligator blocks KC-135 Stratotanker Taken on Apr. 22, 2024 the curious photos in this post… Read More

1 day ago

South Korean F-4 Phantom IIs conduct final live-fire training of AGM-142 Popeye before retirement

South Korean F-4 Phantom IIs conduct final live-fire training Ahead of the official retirement of… Read More

1 day ago