Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Weapons Data Stolen During Raid of Australian Defense Contractor's Computers (wsj.com)

Posted by BeauHD on from the here-we-go-again dept.

phalse phace writes: Another day, another report of a major breach of sensitive U.S. military and intelligence data. According to a report by The Wall Street Journal (Warning: source may be paywalled; alternative source), "A cyberattacker nicknamed 'Alf' gained access to an Australian defense contractor's computers and began a four-month raid that snared data on sophisticated U.S. weapons systems. Using the simple combinations of login names and passwords 'admin; admin' and 'guest; guest' and exploiting a vulnerability in the company's help-desk portal, the attacker roved the firm's network for four months. The identity and affiliation of the hackers in the Australian attack weren't disclosed, but officials with knowledge of the intrusion said the attack was thought to have originated in China."

The article goes on to state that "Alf obtained around 30 gigabytes of data on Australia's planned purchase of up to 100 F-35 fighters made by Lockheed Martin, as well as information on new warships and Boeing-built P-8 Poseidon maritime-surveillance aircraft, in the July 2016 breach." The stolen data also included details of the C-130 Hercules transport aircraft and guided bombs used by the U.S. and Australian militaries as well as design information "down to the captain's chair" on new warships for Australia's navy.

78 comments

  1. No problemo by nospam007 · · Score: 1

    "A cyberattacker nicknamed 'Alf' gained access to an Australian defense contractor's computers and began a four-month raid that snared data on sophisticated U.S. weapons systems. Using the simple combinations of login names and passwords 'admin; admin' and 'guest; guest' "

    Wow, much sophistication in the Australian loginname/password scheme,

    1. Re:No problemo by Anonymous Coward · · Score: 0

      Yes as we all know only Australia uses that default username/password combo.

    2. Re:No problemo by sehlat · · Score: 2

      Wow, much sophistication in the Australian loginname/password scheme.

      The article left out 'mate; mate' and 'That's not a knife;THAT's a knife'

    3. Re:No problemo by godel_56 · · Score: 4, Insightful

      That's kind of what happens when the Australian Signals Directorate wants brilliant hackers to work for them, but only offers to pay them entry-level Help Desk wages.

      It wasn't the Australian Signals Directorate but some dickhead project sub-contractor. According to someone on TV last night it's a 50 person company and they only have one man doing IT functions, which includes things like fixing printers. I wonder what happens if this person goes on holidays?

      While this company deserves to burn in hell, we also need to look at the idiots which gave them the job. Was no due diligence done to see if the sub-contractors were capable, and why did they need this kind of information in the first place? Balls should roll.

    4. Re:No problemo by Anonymous Coward · · Score: 0

      also the combination -

      thatsnotfunny:youracompletedouchebag

    5. Re:No problemo by Anonymous Coward · · Score: 0

      you_forgot_to_match_the_inputs:you_forgot_to_match_the_inputs

      also_you're:also_you're

      bravo:bravo

    6. Re:No problemo by Anonymous Coward · · Score: 0

      It wasn't the ASD, but who vetted the sub-contractor?

    7. Re:No problemo by Anonymous Coward · · Score: 0

      Hey, Mr Patel's Data Cleaning Services fills a skills gap in AU. Just like the horde of CN 'investors' who ensure Aussies cannot own a home in their own country. Hang out the welcome sign.

    8. Re:No problemo by Swave+An+deBwoner · · Score: 1

      Was no due diligence done to see if the sub-contractors were capable ...

      Gov't Decision Maker: "This one's the cheapest, take them."

      In the US that's more or less the requirement, after taking things like Equal Opportunity and Small Business into account, provided the bidder claims that they have the basic competence to do the job. Privatization is the way to go! </s>

    9. Re:No problemo by deviated_prevert · · Score: 2

      Yes as we all know only Australia uses that default username/password combo.

      Either that or something easy to remember and guess like waltzingmatilda or the likes. I would think that one could break into most of the infrastructure of .au with that one.

      Allowing user set passwords to administration rights that are global and are accessible over the internet to critical data that is not locked down and encrypted is inherently stupid. About as smart as allowing remote admin priviledge to a website from the assholes claiming over the phone to be from microsoft windows security division calling you because your computer has been compromised. I suspect that the contractor was connected to someone who gave out the contract to a friend with some cash because the contractor sure as hell was not vetted properly!

      --
      This message was not sent from an iPhone because Peter Sellers really was a deviated prevert without a dime for the call
    10. Re: No problemo by Anonymous Coward · · Score: 0

      Privatization: The process through which the bureaucracy of the government's requirements are combined with the rapacious corporate quarterly profit motive. The end product is as responsive as Comcast in a rural area on a Sunday, and affordable as watching hidef video at text messaging international data rates.

      See also: Clusterfrack

    11. Re:No problemo by walterhpdx · · Score: 1

      Back in the early 90s I was sent to a very large ISP to install Sybase monitoring software. The sa password? Just “password”. And yes, they are still around today. Hopefully that password got changed.

    12. Re: No problemo by Anonymous Coward · · Score: 0

      Assuming CN = China, who gave them the money? There's a price to be paid for buying cheap foreign stuff.

    13. Re:No problemo by Anonymous Coward · · Score: 0

      In wartime or peacetime, a nation state has no qualms throwing it's own civilians under the bus in order to maintain it's own survival

    14. Re:No problemo by Anonymous Coward · · Score: 0

      they were a sub contractor of a sub-contractor. despite the information here and in amny other places it wasn't information that is classified. regardless in this case the government were a step removed. The real pain needs to come down on the sub contractor that hired this sub-contractor for not doing due diligence of their security posture.

    15. Re: No problemo by Anonymous Coward · · Score: 0

      Huh? I thought sa always had a null password.

    16. Re: No problemo by Anonymous Coward · · Score: 0

      It's is its >

    17. Re:No problemo by Anonymous Coward · · Score: 0

      Just like the horde of CN 'investors' who ensure Aussies cannot own a home in their own country.

      So 'CN' is a new term for "white Europeans and the descendants of same"? Good to know, I'll start using it immediately.

    18. Re:No problemo by arglebargle_xiv · · Score: 1

      Wow, much sophistication in the Australian loginname/password scheme,

      I was expecting at least username = fosters, password = xxxx.

  2. Australia's "navy" *rolls eyes* by xxxJonBoyxxx · · Score: 0

    Australia's "navy" *rolls eyes*

    http://www.navy.gov.au/fleet/ships-boats-craft/current-ships

    1. Re: Australia's "navy" *rolls eyes* by Anonymous Coward · · Score: 1

      That's ok.

      Piles of dead Germans, Japanese, Koreans, Vietnamese (and others) made the same mistake.

      They underestimated too.

      I doubt the US Navy did much eye rolling when their aircraft carriers got "blasted" out from underneath them during joint exercises.

    2. Re:Australia's "navy" *rolls eyes* by Anonymous Coward · · Score: 0

      Meh, nobody hates Australia enough to try to invade.

    3. Re:Australia's "navy" *rolls eyes* by Anonymous Coward · · Score: 0

      As long as there is a stable surface or attachment point to launch missiles from and the chance to do so..

    4. Re:Australia's "navy" *rolls eyes* by Anonymous Coward · · Score: 0

      Except we have US troops in the north for good strategic positioning in case of war. It's a good launching area in case the US wants/has to invade SE Asia. That makes us a target and potential threat.

  3. Same as has always been by dunkindave · · Score: 0

    This reminds me of the US patent debate. It is the same type of spying that has been happening since forever, except with "over the Internet" attached. Yes, the Internet makes the remote access attacks easier, but really it is just a different form of the same type has has always existed. Countries have been stealing the weapon plans of other nations, and will continue to do so using whatever mechanisms are available, and no one should be surprised.

  4. Captain's Chair by Anonymous Coward · · Score: 0

    Must be an Aeron.

  5. Yup by RightwingNutjob · · Score: 1

    Back in the good old days, spies couldn't sit on their couches in their PJs watching soap operas while their scripts downloaded stuff in the background. They actually had to go out to do their jobs.

    Computers make everyone stupid.

    1. Re:Yup by PPH · · Score: 3, Funny

      sit on their couches in their PJs watching soap operas

      Why? Is Pornhub down?

      --
      Have gnu, will travel.
    2. Re: Yup by Anonymous Coward · · Score: 0

      You wanna know how I know you know nothing about the intelligence community, in any decade?

    3. Re: Yup by RightwingNutjob · · Score: 1

      Please, do post for all to see.

  6. how - foreign contractors == different standards? by Anonymous Coward · · Score: 1

    Doesn't the DoD audit and require proof of security protocols when handing over Secret information to both domestic and foreign contractors? How could having passwords of admin/admin and guest/guest miss even the simplest of tests?

    Pathetic and ridiculous to even classify stuff if this is how they run the show.

  7. I'm just amazed that we have policies that allow by Anonymous Coward · · Score: 0

    I'm just amazed that we have policies that allow the removal of important data and devices from secure facilities outside of specific needs to do so. No one should ever be taking data home with them. It shouldn't even be possible to remove such data in the first place. These environments should be secured and locked down much more so than my high school was back in the 1990s. Yet it doesn't seem as though the government takes security seriously in spite of that being what its sole focus aught to be. There is no other purpose for a military other than that. The military is suppose to protect a country from foreign actors of significant violence (ie other militaries of significance).

  8. 100 F-35? by 110010001000 · · Score: 0

    Australia is buying 100 F-35 aircraft? That must have been a huge bribe.

    1. Re:100 F-35? by caviare · · Score: 1

      No no, it's just doing what it perceives as its duty as the 52nd state of the US. I understand the UK is the 51st.

    2. Re:100 F-35? by Anonymous Coward · · Score: 0

      What? We've been demoted out of the top 2?!? But... but... Canada...
      We really ought to be a bigger pain in your ass so you stop forgetting that we're here, but it's so hard not being nice.

    3. Re:100 F-35? by Anonymous Coward · · Score: 1

      ... buying 100 F-35 aircraft?

      I think the original order was 48 aircraft but then we got a national leader who wanted to enact Reagan-era policies of welfare-bashing, gifts to the rich and a big military. So he ordered another 52 aircraft and a maintenance contract. He was demoted from leadership before he could enact other far-right policies but we're still fighting the deluded ideologues he left behind. We still hear him in the background, proclaiming he knows better than his own boss.

    4. Re:100 F-35? by Anonymous Coward · · Score: 0

      The original plan was always for 100 F-35's, but when it became clear that the F-35 would not be available in time for the F-111's 2010 retirement No 1 and 6 squadron got Super Hornets as an interim measure. Later they decided to keep the Super Hornets and add some Growlers to the fleet so the F-35 order has been reduced to 72 which will equip No 3, 75 and 77 squadrons.

    5. Re:100 F-35? by AHuxley · · Score: 1

      Less of a bribe more of trying to lean from history.
      "Australia 'cracked top-secret US jet fighter codes'" http://www.news.com.au/nationa... (March 17, 2009)
      "The Americans kept saying they'd provide the codes, but never did."
      The new thinking is to spend big with the USA and everything will be so much better this generation.

      --
      Domestic spying is now "Benign Information Gathering"
  9. Those "sophisticated weapons" are irrelevant by gweihir · · Score: 0

    Or fast becoming so. Sure, they still appeal to cave-men that like to kill wholesale and make things go "boom". In the actual conflicts to come, they will just be extremely expensive historic artifacts, nothing else. The age of "big weapons" (with small brains behind them) is coming to an end.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re: Those "sophisticated weapons" are irrelevant by Anonymous Coward · · Score: 0

      They also appeal to those of us who'd like to prevent those cave-men from performing said wholesale killing.

      No one is ever gonna put down theirs first, so we'll all continue to make them until The End.

    2. Re:Those "sophisticated weapons" are irrelevant by Anonymous Coward · · Score: 0

      You are so right! Instead we will use Rainbows and Unicorn Farts while singing kumbaya around a campfire.

  10. "Help desk portal" by Anonymous Coward · · Score: 0

    So....he was using Windows? Shocking. You'd think a country within boating distance of communists and extremists would know better. Then again, our paranoid lady of the UK wouldn't have a backdoor.

  11. Who was in charge of the Australian network? by Anonymous Coward · · Score: 0

    John Podesta?

  12. 'admin; admin' and 'guest; guest' by Rick+Schumann · · Score: 3, Funny

    'facepalm; facepalm'

    1. Re:'admin; admin' and 'guest; guest' by RightwingNutjob · · Score: 3, Interesting

      You know, back before I switched over my ssh servers to nonstandard ports, I'd see daily attempts to log in as 'guest' or 'admin' as well as a dictionary of common usernames. People wouldn't try if it didn't work occasionally.

    2. Re:'admin; admin' and 'guest; guest' by Rick+Schumann · · Score: 1

      Sure. But you'd think they'd be smarter than this. Whatever happened to basic OpSec?

    3. Re:'admin; admin' and 'guest; guest' by Frederic54 · · Score: 1

      I switched my SSH port to non standard but always see login attempts... less than before but still, some people do insane port scanning

      --
      "Science will win because it works." - Stephen Hawking
    4. Re:'admin; admin' and 'guest; guest' by Rick+Schumann · · Score: 1

      less than before but still, some bots do insane port scanning

      I took the liberty of fixing that for you. ;-)

  13. Old-fashioned notions of combat. by whoever57 · · Score: 1

    I believe that these things occur because of an old mentality amongst the military that is still true on a physical battlefield: "the best defence is a strong offence".

    The thing is that, in "the cyber", offence and defence are mostly unrelated. Hacking another country does not stop that country from hacking back.

    This leads to the ridiculous situation where the NSA leaves the US government vulnerable so that it can hack Russia.

    --
    The real "Libtards" are the Libertarians!
  14. Re:how - foreign contractors == different standard by Bert64 · · Score: 2

    Having protocols and policies in place is one thing, actually adhering to and enforcing them is quite another...

    --
    http://spamdecoy.net - free throwaway anonymous email - avoid spam!
  15. Alf by Anonymous Coward · · Score: 0

    I have to wonder, did Alf also eat their winning lottery ticket and try to eat their cat?

    1. Re:Alf by Pseudonym · · Score: 1

      In case you were curious, this is the cultural reference.

      --
      sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
    2. Re:Alf by Anonymous Coward · · Score: 0

      That article says nothing about eating either lottery tickets or cats ya flamin' galah

    3. Re: Alf by Anonymous Coward · · Score: 0

      Just a cup of cat juice please....

    4. Re:Alf by Pseudonym · · Score: 2

      Pull your head in, mate. Anonymous Drongo thinks there's only ever been one TV character named "Alf".

      --
      sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
    5. Re:Alf by rtb61 · · Score: 1

      I would tend to lean to this Alf https://www.youtube.com/watch?..., heh heh, bloopers so apt. The security breach, even unclassified still really bad. New tender requirements, companies computer network security specifications, staffing, security system in place, parrallel networks (internal connections vs external connections) et al. Most places are quite secure because they do not want competitors who are meant to be on their side, stealing proprietary data and also of course publicly humiliating their competitor with a security breach, likely knocking them out from future competition. Real temptation to knock out your competitors from future bids by having them banned for inability to secure their computer system. Corporations hacking corporations is a big part of the corporate wars already under way (even to active combat, taking into account employing competing defence contractors out in the field on opposing sides, corporate employees will be actively trying to kill each other, just a matter of time and not much time at that and probably already happening).

      --
      Chaos - everything, everywhere, everywhen
    6. Re:Alf by Pseudonym · · Score: 2

      ASD incident response manager Mitchell Clarke told the Australian Information Security Association conference that the ASD had codenamed the hacker 'Alf' after the Home and Away character played by Ray Meagher.

      Source

      --
      sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
  16. It's becoming increasingly obvious... by Anonymous Coward · · Score: 0

    The lax security is there because that's better for the people in charge of security. Think. What happens as a result of this? They go to Congress and say, "defense contractors need more funding to develop newer and even better and more powerful and deadly weapons systems to counter the ones we just lost, (which you are still paying for, by the way,) so pour even more money that could be going to SCHOOLS, HOUSING, HEALTH CARE, etc., which of course means more payments for the people at the top, and less for any and everyone else, because otherwise the funding might dry up.

    Basically, we're paying for them to come up with ideas that they then let others steal, so they can get paid even more to come up with OTHER ideas, which they will inevitably let someone steal, so that they can get paid even MORE... or maybe not. Maybe I'm wrong but if I were right, ask yourself this: What would it LOOK LIKE?

    It would look exactly like this.

    One day America will just be a military, and the rest of the nation will be a life-support system for the military, like Sparta, which did fantastically well and lasted forever and that's why the city-state of Sparta is still around today just as it was during its heyday...

    Oh, wait... no, Sparta isn't still around, not in THAT sense. Turns out, if you squander your nation's resources on spears and shields and swords, or helicopters, tanks, bombs, and guns... you can't spend it on shit you ACTUALLY NEED.

  17. The secure cloud is not by WillAffleckUW · · Score: 2

    In the old days, penetration exploits like this would be noticed, as large file transfers flooded routers going to unusual IPs, and someone literally would pull the plug on the router or swap in a honeypot.

    Nowadays, there is no such oversight, and the weakest point in any system is any weak point, be it someone not following basic security protocols or the NSA and other groups (there are more than you think) leaving exploit holes everywhere, including in your mouse, keyboard, monitors, and so on.

    It's like voting, use paper ballots. In this case, don't outsource weapons research. Don't trust, verify. And keep verifying, use social engineering tests on your "secure" facilities. I used to wait for people to "just go to the bathroom" (easy method: pop up a button cam under a windowsill, motion activate, fixed on door, after a while you pattern match with one on bathroom door, easy to extrapolate.

    And never ever trust third party.

    --
    -- Tigger warning: This post may contain tiggers! --
  18. Mel Brooks by Anonymous Coward · · Score: 0

    "So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! That's the kind of thing an idiot would have on his luggage!"

  19. My first thought by Anonymous Coward · · Score: 0

    When it said the insanely easy password/login info was that it had to be a temp login. The summary said it had been scanning the network for weeks. Its possible the IT admin was reconfiguring/setting up new equipment or logins and used those combos as a temp. I think a lesson here for us sys admins is even if its a temp login that will be changed in a day or less, you still need to use a decent password because the malware could already be on your network.

  20. ALF is a ref. to ALf Stewart and his rape dungeon by Anonymous Coward · · Score: 1

    yep.

    My guess is this was a "false flag" organised by the DSD to force the government into policy changes to make things more secure. Australian government is full of dinosaurs with little or no knowledge of IT and they really make idiotic descions (see the recent fuck up of the NBN).

    No sensitive data was lost, and they have released ALOT of info about this breach which is unusual.

    Therefore.. I call bullshit.

  21. One would hope by Snotnose · · Score: 1

    the folks in charge would be smart enough to put fake docs in places that could be hacked.

    But I'm a realist. I look at the hope hand and and see a pile of smelly stuff. I look in the "smart folks" hand and see nothing.

    1. Re:One would hope by Anonymous Coward · · Score: 0

      Even if they intentionally let the real docs go, one could always hope that some foreign country might actually get that design to work right. Then they could just steal the working design after they perfect it. This is kind of the equivalent to *open-source* and free out-sourcing for 3-letter agencies.

  22. Re:ALF is a ref. to ALf Stewart and his rape dunge by AHuxley · · Score: 1

    Re "No sensitive data was lost, and they have released ALOT of info about this breach which is unusual"
    Every document and file would have had a checksum. The new NSA buddy system and more contractor security than ever would now be in place in 5 eye nations.
    Every access down a pipe or tube to any contractor has always been watched. Staff have all their home/work networks watched.
    The entry of any intruder would have been detected in real time. The files copied and what was of interest examined.
    The code litter of the intruder would have been studied and shared only with the USA and UK.
    Nothing would have been said to any politician, the media, any other staff if this had been real.
    The ASD would have only shared the results within the NSA and GCHQ. Nobody else has to know about real time intrusion detection or how intrusions are detected and what was found.
    A fictional cyber news story for cyber budget growth. New cyber powers is in the media in near real time.
    An actual cyber event would take a few more decades to get officially declassified and released.

    --
    Domestic spying is now "Benign Information Gathering"
  23. So I am curious by nehumanuscrede · · Score: 1

    Just how much hacking / stealing / pilfering needs to happen before someone decides the current way of doing business probably isn't the most secure way of doing it ?

    Here's a thought:

    Quit allowing sensitive / classified data outside of secure networks.

    You want access to that data ? Drive your ass into the facility designed to house and secure it. Yes, it's inconvenient. Security usually is.

    But it's either that or we may as well just de-classify all of it and mail it to everyone on the planet. Save a lot of trouble.

  24. Summary tells half the story by TapeCutter · · Score: 1

    The most important detail is AWOL in this discussion - none of the data stolen was classified information.

    --
    And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
    1. Re:Summary tells half the story by michaelredux · · Score: 1

      No problem, as long as the warship plans don't include any exposed ventilation shafts that are vulnerable x-wing fighters.

  25. Re:how - foreign contractors == different standard by TapeCutter · · Score: 1

    I hate to dampen anyone's outrage but it wasn't a secret, none of the data stolen was classified.

    --
    And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
  26. OMG by Anonymous Coward · · Score: 0

    Would you stop with these stories? I'm sorry, but if the US systems are run by morons that use admin:admin combo to manage critical systems (just like Equifax), they deserve to die and get replaced. Just fire them already.

  27. Re:how - foreign contractors == different standard by RightwingNutjob · · Score: 1

    Then there's the fact that the more protocols and policies you have, the fewer of them are actually going to be implemented. Good security is just the right amount. Not so little that your passwords are left on default, no so much that no one gets around to changing the default passwords because they're busy checking all the other boxes and figuring out ways to get their work done despite them.

  28. Re:how - foreign contractors == different standard by gravewax · · Score: 1

    despite the articles insinuation none of that information is considered secret.

  29. In fact there is nothing to see there by tinkerton · · Score: 1

    Well what do we have
    * the stolen information was commercially sensitive rather than “classified” military information.
    * the firm was subcontracted four levels down from defence contracts.

    In other words a nonevent not worth discussing, but he catchy title and summary are made up to sell it anyway.

    1. Re:In fact there is nothing to see there by tehcyder · · Score: 1

      * the firm was subcontracted four levels down from defence contracts.

      It doesn't matter whether it was subcontracted one hundred levels down, ultimately those at the top are responsible for not having proper security in place. Like making sure that sub-contractors check on the security of sub-sub-contractors, and so on.

      --
      To have a right to do a thing is not at all the same as to be right in doing it
  30. Kinda reminds me of when.... by bev_tech_rob · · Score: 1

    My company just got thru installing a new accounting system and there is a separate document handling piece that has its own login. The trainer that trained us on the main accounting piece showed us how to setup security on that software, but never showed us the setup on the Document Handling system. Someone called my extension inside my company asking for access to that system (I knew the person and his job, so I knew he needed access), and I happened to guess the default admin password was 'admin'. SMH & (facepalm). Obviously I made myself admin on the system with my own credentials and disabled the built-in admin acct.

    --
    You're messin' with my Zen Thing, man.....
  31. Military and intelligence data stolen .. by najajomo · · Score: 1

    Have they ever considered not storing their U.S. military and intelligence weapons data on a computer connected to the Internet?