Fighter jets, navy ship data hacked

In a major cyber-security breach, information on Australia's jet fighters, spy planes, warships and smart bombs was stolen from a defence sub-contractor a year ago.

Top secret technical information about new fighter jets, navy vessels, and surveillance aircraft has been stolen from an Australian defence contractor.

Intelligence agency, the Australian Signals Directorate (ASD) revealed details of the hack, through the technology news website ZDNet, on Wednesday, after it was flagged on Tuesday by the minister for cyber security, Dan Tehan.

A state actor has not been ruled out and it has been reported that a hacking tool, known as the Chinese Chopper, was used.

A report by ZDNet suggests that some of the information stolen was restricted under the International Traffic in Arms Regulations (ITAR), "the U.S. system created to control the export of defence- and military-related technologies".

Investigator Mitchell Clarke, an incident response manager for the ASD, worked on the investigation and states that one of the stolen pieces of data was a wireframe diagram of "one of the navy's new ships".

The Australian Signals Directorate dubbed the hacker "ALF", after a character in TV soap opera Home and Away. The ASD appears to have a sense of humor about the breach, dubbing the three months when the hacker had unfettered and unknown access to the network "Alf's Mystery Happy Fun Time". Clarke said that this would have made it easier for the hacker to access all the sensitive data on the firm's servers, because the firm used common username and passwords on every machine in the firm, and once it had the initial passwords, that was all it needed. "Government departments are notorious for doing this", he said.

Australia's admission of the damaging data breach in July 2016 was included as part of the 2017 Threat Report from the Australian Cyber Security Centre (ACSC).

"Today, while presenting at a conference in Sydney, an ASD official (who works for the ACSC) disclosed information about the theft of data from an Australian company", the spokesperson said. The stolen data was not classified military information, but it was described as "commercially sensitive".

Defence Industry Minister Christopher Pyne told reporters in Adelaide "the information they have breached is commercial". "It could be a state actor, a non-state actor". "It could somebody working for another company".

"I don't think you can try and sheet blame for a small enterprise having lax cyber security back to the Federal Government", he told RN Breakfast.