Australia defence hack

Australian officials admitted that sensitive data about Australia’s F-35 stealth fighter and P-8 surveillance aircraft programs were stolen by hackers.

Background

Cybercrimes have been on the rise in the recent years. One of the earliest cyberattacks took place in 1988 with the Morris Worm. Robert Tappan Morris created the Morris Worm, one of the first worms to be transmitted through computers. He was a student of Cornell University and said that he had only wanted to determine the vastness of the cyber world. As a result, about 6,000 computers were compromised.

In 2017, there have been multiple large scale cyberattacks. In May 2017, the WannaCry ransomware cryptoworm paralyzed hundreds of thousands of systems across the world. It ended up affecting over 230,000 computers and the attack spread over 150 countries.

In September 2017, the credit agency Equifax revealed that a large-scale data breach had taken place in the company. An unauthorized third party was able to gain access and the information of over 145 million customers was compromised. Similarly, America’s Securities and Exchange Commission in America has quietly admitted that EDGAR, its corporate filing system was hacked in 2016.  In October 2017, reports emerged that South Korean systems were hacked and sensitive military secrets were stolen. Details can be found here.

Analysis

Australian officials admitted that sensitive data about Australia’s F-35 stealth fighter and P-8 surveillance aircraft programs were stolen by hackers. The breach occurred when a defence subcontractor was hacked. The hackers reportedly used a tool called China Chopper. This is widely used by Chinese cyber criminals.  

The government revealed that 30gb worth of data has been compromised as a result of this hack. However, authorities affirmed that the data stolen was commercially sensitive but does not pose a threat to the nation’s security.

Defence Industry Minister Christopher Pyne was enigmatic on the breach. He said that the government could not confirm on whether or not it was carried out by a state-actor. He noted, “It could be one of a number of different actors. It could be a state actor, a non-state actor. Fortunately, the data that was taken was commercial data, not military data, but it is still very serious and we will get to the bottom of it.” Information about new fighter planes and navy vessels were reportedly breached.

Mitchell Clarke, the Australian Signals Directorate Incident Response Manager, noted that the hackers had targeted a small “mum and dad type business”. The company has not been named but authorities revealed that it was an aerospace engineering company with about 50 employees. The breach reportedly took place in July of last year. The firm was subcontracted four levels down from defence contracts.

He revealed, “The compromise was extensive and extreme. It included information on the [F-35] joint strike fighter, C130 [Hercules aircraft], the P-8 Poseidon [surveillance aircraft], joint direct attack munition [JDAM smart bomb kits] and a few naval vessels.”

Alastair MacGibbon, the special adviser to the prime minister on cyber security, also stressed the stolen information was only commercially sensitive.  “Unfortunately, there are a range of ways that the attacker could have got in, including default passwords on certain key parts of the IT infrastructure of the target company. They weren’t directly contracted to the department. It is an important distinction. My understanding is that they were actually working for a larger defence contractor. This is a supply chain issue. It is a third-party supply chain issue. This is something I’ve been speaking about for several years and it is important”.

The hacker has been dubbed “Alf” by the law enforcement agency. “Alf” reportedly took advantage of a weakness in the company’s software that had not been updated in 12 months. The company had also been using default passwords. 

Assessment

Our assessment is that it is extremely important for enterprises to realise that one of the biggest risk in digital security is the ability to protect the chain of custody of vendors that are used by contractors. The biggest challenge is to assess the security protocol of all sub vendors. We strongly recommend a thorough supply chain audit as hackers will always look to penetrate the weakest point in the chain of custody.