Non-classified information about Australia’s Joint Strike Fighter program and other military hardware was stolen in an extensive cyberattack against the network of a defense contractor last year, Australia’s Defense Ministry said Thursday, ZDNet reported.
Roughly 30 gigabytes of data was stolen on programs like the F-35 Joint Strike Fighter, the P-8 Poseidon surveillance aircraft, the C-130 transport aircraft, the Joint Direct Attack Munition (JDAM) smart bomb kit and several naval vessels.
The defense contractor was hacked in July 2016, but it wasn’t until November that the national cyber security agency, Australian Signals Directorate (ASD), was alerted of the breach.
The stolen data was first reported on Tuesday as part of the 2017 Threat Report from the Australian Cyber Security Centre.
ASD code-named the hacker “Alf” after the Alf Stewart character from the TV drama “Home and Away.”
ASD incident response manager Mitchell Clarke said in a presentation to the national conference of the Australian Information Security Association in Sydney on Wednesday that the “compromise was extensive and extreme.”
“A significant amount of data was stolen from them, and most of the data was defense related,” he said.
“To the point where we found one document … it was like a wire diagram of one of the Navy’s new ships, you could sort of zoom in down to the captain’s chair and see that it’s one meter away from the navigator’s chair,” Mr Clarke said, according to ABC.
Clarke said the defense contractor was hacked due to a weakness in the software that hadn’t been updated in a year. The internet-facing services still had their default passwords set to admin::admin and guest::guest.
While the data is commercially sensitive, it is unclassified.
“While the Australian company is a national security-linked contractor and the information disclosed was commercially sensitive, it was unclassified,” a spokesman for the Australian Cyber Security Centre said, according to ABC.
Defense Industry Minister Christopher Pyne said ASD was trying to find out who was behind the cyberattack, but they have so far been unsuccessful.
“I’m sure there is work being done on finding out who did it. It could be a number of different actors, it could be a state actor, a non-state actor, it could’ve been someone who was working for another company,” Pyne said, according to ABC.
Australia has previously agreed to buy 72 Lockheed Martin F-35A aircraft for $17 billion (Australian dollars).