CATEGORIES
home News

Lockheed F-35, P-8 And C-130 Classified Data Stolen During Defense Contractor 'ALF' Hack

by Shane McGlaunThursday, October 12, 2017, 02:14 PM EDT

Late last year a hack was perpetrated on what is called a "partner organization" that worked with the Australian Signals Directorate (ASD). The unnamed organization notified the ASD that it was hacked in November of 2016, and that outside parties gained access to its network. The small organization has only 50 employees and is a subcontractor to the Department of Defense, providing aerospace engineering assistance.

f35

The data that was stolen in the hack contained information that is protected under the International Traffic in Arms Regulations (ITAR) and included details on the F-35 Lightning II fighter, P-8 Poseidon maritime patrol aircraft, C-130 transport aircraft, Joint Direct Attack Munition (JDAM) smart bomb kit and information on some Australian naval vessels. ITAR is a U.S. system that was designed to control the export of defense data and military tech.

Investigator Mitchell Clarke, an incident response manager for the ASD, worked on the investigation and states that one of the stolen pieces of data was a wireframe diagram of "one of the navy's new ships." Clarke said someone looking at the diagram could, "zoom in down to the captain's chair and see that it's, you know, 1 metre away from nav chair."

The theft of the data in the hack was reported publicly as part of the 2017 Threat Report issued by the Australian Cyber Security Centre (ACSC).

ASD has dubbed the hacker in the case "APT ALF", which sadly isn't named after the cat-eating Alien from '80s U.S. TV, but after a character in an Australian soap called "Home and Away." The investigation found that the hacker was inside the company's network starting in mid-July 2016 and that data theft had started about two weeks after that date. The ASD appears to have a sense of humor about the breach, dubbing the three months when the hacker had unfettered and unknown access to the network "Alf's Mystery Happy Fun Time."

The network reportedly had no protective DMZ, no regular patch schedule, and common local admin passwords on all servers and the hosts had internet-facing services. The exploit used to gain access to the network was an exploit on a vulnerability in the company's IT helpdesk portal.

Adding insult to injury, the internet-facing services on the hosts had default passwords in service of admin:admin and guest:guest. "One of the learning outcomes from this particular case study for at least the Australian government is that we need to find a way to start to be a little bit more granular in our contracting to mandate what type of security controls are required," Clarke said. Ya think?

Tags:  security, Hacking, Government, Data
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment