Latest

CDF provides clear-eyed assessment of nation’s resilience, preparedness

Chief of the Defence Force Admiral David Johnston AC has used an address to the ANU National Security College Conference to provide a...

Joint-capabilities

Information sharing of cyber threats vital to national security

Opinion: Modern conflict shows cyber operations and rapid intelligence sharing are essential to national resilience, but Australia...

Land

New Zealand announces NZ Special Service Medal for personnel deployed to assist Ukraine

The New Zealand government has announced it will award a New Zealand Special Service Medal to Defence personnel who have deployed ...

Land

New Panther S firefighting vehicles arrive to protect defence bases across Australia

Eight new Rosenbauer Panther “S” 6x6 firefighting vehicles have been delivered from Europe three months ahead of schedule to p...

Joint-capabilities

Aussie space firm Spiral Blue secures UK defence LiDAR export to boost bilateral ‘space bridge’

Australian space technology company Spiral Blue has secured its first international export of a space-grade LiDAR system, deliveri...

Air

Rheinmetall, Boeing partner on MQ-28A Ghost Bat in potential export deal

German defence giant Rheinmetall AG has joined forces with Boeing Australia to offer the MQ-28 Ghost Bat as a ready-made solution ...

VIEW ALL

F-35 and naval vessels information stolen in cyber hack

Joint-capabilities

11 October 2017

By: Defence Connect

Restricted technical information of the F-35 Joint Strike Fighter (JSF), Australian naval vessels and defence aircraft was stolen from an Australian defence contractor last year.

Following the reveal of the theft yesterday with the release of the Australian Cyber Security Centre's annual threat report, Australian Signals Directorate (ASD) incident response manager Mitchell Clarke gave a presentation at the Australian Information Security Association (AISA), revealing ASD was alerted to the hack of the defence contractor by a "partner organisation".

You’re out of free articles for this month

Username or Email

Password Forgot password?

Keep me signed in on this device.

First Name

Last Name

Mobile

Organisation Type

By becoming a member, I agree to receive information and promotional messages from Defence Connect. I can opt out of these communications at any time. For more information, please visit our Privacy Statement.

Need help signing up? Visit the Help Centre.

Along with the F-35 and naval vessels, restricted technical information on the P-8 Poseidon, C-130 and the Joint Direct Attack Munition (JDAM) guidance kit was also stolen by the intruder.

The cyber thief was able to gain access to the network of the 50-person aerospace engineering firm that had been subcontracted by the Department of Defence.

"The company ... is very small, they run their own network, it's a network that's supported by one IT person. The rest of the company is either engineering staff or support staff to the engineering workforce," Clarke said.

The stolen information fell under the International Traffic in Arms Regulations (ITAR), a US regulatory regime that restricts and controls the export of defence and military related technologies.

In his highly detailed presentation, Clarke explained that the hacker had been in the network since at least mid July 2016, with data extrusion commencing roughly two weeks later.

Disturbingly, Clarke's presentation also revealed the hacker had minimal trouble gaining access to the information, explaining that, while the defence contractor's network was small and vulnerable to threats, the ASD investigation found that its internet-facing services still had their default passwords, admin::admin and guest::guest.

VIEW ALL

Audio of conference obtained via Stilgherrian/ZDNet.

Want to see more stories from trusted news sources?
Make Defence Connect a preferred news source on Google.
Click here to add Defence Connect as a preferred news source.

Tags: