'Alf' stole 30 GB of sensitive military data


By Dylan Bushell-Embling
Friday, 13 October, 2017

'Alf' stole 30 GB of sensitive military data

A hacker calling himself Alf, after the popular Home and Away character, stole around 30 GB of commercially sensitive data on multiple military vehicle projects in a massive data breach.

The Australian Signals Directorate disclosed the breach at a security conference in Sydney. The attacker exfiltrated data on the $14 billion Joint Strike Fighter program, the C-130 and P-8 Poseidon spy plane program, smart bomb JDAM and some Australian navy vessels.

The compromised information was not classified, but it was commercially sensitive and in some cases included detailed information such as a Y-diagram on one of the navy’s new ships.

According to reports, the attacker was able to steal the data due to alarmingly lax security practices at a Defence subcontractor. A small aerospace engineering company with around 50 employees had just one staff manager to manage its entire IT operations, and had been using default logins and passwords such as admin and guest.

The attack used a tool called China Chopper, a tool widely used by Chinese hackers. The ASD has suggested that it could be a state-sponsored attack.

In response to the disclosure, the Australian Strategic Policy Institute’s head of cyber policy, Fergus Hanson, has called on the government to “name and shame” countries involved in cyber espionage to build up pressure on them to stop.

Cybersecurity company Centrify has meanwhile urged enterprises to take heed of the danger of allowing privileged administrator accounts to have extensive network access.

“Verizon recently reported that 80% of breaches are due to compromised credentials,” said Centrify’s senior director for APAC sales, Niall King.

“The lesson is that users and administrators should never run their computer with administrative privileges unless they are required to do a specific task. This is where the ‘least privilege’ model … is important: it assigns users and administrators with privileges on a temporary basis to perform specific tasks on specific machines.”

He said security can be further augmented by mandating multifactor authentication approval from a user before executing a privileged task.

Image credit: ©stock.adobe.com/au/Евгений Якимович

Related News

CrowdStrike to buy Adaptive Shield

CrowdStrike is augmenting its SaaS security capabilities through the acquisition of Israeli-based...

LockBit named nastiest malware of 2024

LockBit, a ransomware malware known to have been used to attack Australian targets, has been...

Extreme Networks launches ZTNA solution

Extreme Networks' new ExtremeCloud Universal ZTNA solution combines cloud network access...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd