Tuesday, 12 December 2017
Latest news
Main » "Defence data stolen from firm using 'admin' and 'guest" as credentials

"Defence data stolen from firm using 'admin' and 'guest" as credentials

13 October 2017

The Australian government has revealed that a hacker a year ago breached a small, domestic national security contractor and stole data relating to multiple military projects. The hackers identity is not known.

"It could be someone who was working for another company".

Mr Clarke said the information hacked on the new Navy ships included a diagram in which you could zoom in down to the captain's chair and see it was one metre away from the navigation chair.

Experts at the Australian Signals Directorate (ASD) codenamed the hacker "Alf" after the character from the television drama Home and Away.

ASD incident response manager Mitchell Clarke described the attack as "extensive and extreme".

More news: Alibaba to double research and development spending

About 30 gigabytes of data was stolen - including details of the Joint Strike Fighter aircraft and P-8 Poseidon surveillance plane. The unnamed organization notified the ASD that it was hacked in November of 2016, and that outside parties gained access to its network.

The hacker was then able to capture the administrator credentials and use them to access to the domain controller, the remote desktop server, and email and other sensitive data.

He added that the firm had neglected to update the software for over 12 months. The aerospace engineering firm was also using default passwords, he said.

The password to enter the enter the company's web portal was "admin" and the guest password was "guest", according to ZDNet, which first reported the story. This is not rocket science but does require resources.

"Companies like QinetiQ are making important investment decisions now to set themselves up for success in the future and to take advantage of these opportunities", said Pyne.

More news: India's high court rules having sex with child brides is rape

"Su Bin admitted to playing an important role in a conspiracy, originating in China, to illegally access sensitive military data, including data relating to military aircraft that are indispensable in keeping our military personnel safe", John P. Carlin, then the US assistant attorney general for national security, said at the time.

The Australian government says it does not know who perpetrated the hack.

Indeed, Paul German, CEO at Certes Networks suggests that the breach highlights that the mindset of the entire security industry must change.

A spokesman for the Australian Cyber Security Centre (ACSC), a government agency, said the government would not release further details about the cyber attack.

"I don't think you can try and sheet blame for a small enterprise having lax cyber security back to the Federal Government", he told RN Breakfast.

More news: Bitcoin bursts through $5000 for the first time

The Australian defence ministry is trying to downplay the 2016 hacking of a contractor that exposed data about Australia's Joint Strike Fighter programme. "Breach detection times are not reducing and with it taking between 120 and 150 days to be identify a threat, organisations need a way to limit the damage in the meantime". "Collectively, the industry needs to embrace a new approach to security", said German. "Which means that, in the inevitability of a breach occurring, the data to which hackers can gain access is constrained".