'Alf' stole 30 GB of sensitive military data

By Dylan Bushell-Embling
Friday, 13 October, 2017

'Alf' stole 30 GB of sensitive military data

A hacker calling himself Alf, after the popular Home and Away character, stole around 30 GB of commercially sensitive data on multiple military vehicle projects in a massive data breach.

The Australian Signals Directorate disclosed the breach at a security conference in Sydney. The attacker exfiltrated data on the $14 billion Joint Strike Fighter program, the C-130 and P-8 Poseidon spy plane program, smart bomb JDAM and some Australian navy vessels.

The compromised information was not classified, but it was commercially sensitive and in some cases included detailed information such as a Y-diagram on one of the navy’s new ships.

According to reports, the attacker was able to steal the data due to alarmingly lax security practices at a Defence subcontractor. A small aerospace engineering company with around 50 employees had just one staff manager to manage its entire IT operations, and had been using default logins and passwords such as admin and guest.

The attack used a tool called China Chopper, a tool widely used by Chinese hackers. The ASD has suggested that it could be a state-sponsored attack.

In response to the disclosure, the Australian Strategic Policy Institute’s head of cyber policy, Fergus Hanson, has called on the government to “name and shame” countries involved in cyber espionage to build up pressure on them to stop.

Cybersecurity company Centrify has meanwhile urged enterprises to take heed of the danger of allowing privileged administrator accounts to have extensive network access.

“Verizon recently reported that 80% of breaches are due to compromised credentials,” said Centrify’s senior director for APAC sales, Niall King.

“The lesson is that users and administrators should never run their computer with administrative privileges unless they are required to do a specific task. This is where the ‘least privilege’ model … is important: it assigns users and administrators with privileges on a temporary basis to perform specific tasks on specific machines.”

He said security can be further augmented by mandating multifactor authentication approval from a user before executing a privileged task.

Image credit: ©stock.adobe.com/au/Евгений Якимович

Related News

Aussie workers wilfully gamble with enterprise security: report

Nearly three in four Australian employees admit to engaging in actions such as reusing or sharing...

Aussie IT leaders unsure how to respond to data breaches

A report from KnowBe4 found that 71% of Australian IT decision-makers are unsure what steps they...

China-linked attackers exploiting trusted relationships

A new report from CrowdStrike finds that China-nexus adversaries are increasingly exploiting...

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd