Australian F-35 fighter jets & navy data stolen in massive hacking operation

Share

At least 30GB of sensitive data has been stolen by the hackers in the cyber-attack on the contractor of the government, the stolen data includes details about the new fighter jets and navy vessels.

Mr Tehan said it was unclear who launched the incursion, but the Government was not ruling out a foreign government.

Defence industry minister Christopher Pyne told the ABC on Thursday he does not know who the hacker is and indicated he would not tell if he knew, "It could be a state actor, a non-state actor".

Clarke said the "methodical, slow and deliberate", choice of target suggested a nation-state actor could be behind the attack, according to Reuters. "It could be a state actor, a non-state actor, it could have been someone who was working for another company".

"While the Australian company is a national-security linked contractor and the information disclosed was commercially sensitive, it was unclassified", they said in a statement on Wednesday evening.

The Australian defence ministry is trying to downplay the 2016 hacking of a contractor that exposed data about Australia's Joint Strike Fighter programme.

"The compromise was extensive and extreme", Mr Clarke said. The attacker had apparently gained and continued to have access for an extended period of time and the report says that the hacker "remained active on the network at the time".

More news: Theresa May will urge European Union to be flexible over Brexit talks

Mr Clarke described the security breach as "sloppy admin".

According to Burke, basic IT controls such as not using the same local admin username and password across all servers, patching vulnerabilities on servers and applications that are found by running regular vulnerabilities assessments, monitoring network traffic and key asset process activities would have gone a long way in preventing this intrustion. This is not rocket science but does require resources.

However, he added that the theft did not pose any sort of risk to national security.

As cyber security experts backed the minister's call, Mr Pyne deflected blame from the government, arguing ultimate responsibility lies with the company that was breached. "The ASD and the cyber security office immediately swung into action", he said. Breach detection times are not reducing. "This means that, in the inevitability of a breach occurring, the data to which hackers can gain access is constrained".

"It is a very important reminder to small and medium enterprises as well as the large contractors that they will not get work in defence industry if their cyber security is not up to standard", he said.

The Women in IT Awards is the technology world's most prominent and influential diversity program.

Share