Slashdot Mirror
US Weapons Data Stolen During Raid of Australian Defense Contractor's Computers (wsj.com)
phalse phace writes: Another day, another report of a major breach of sensitive U.S. military and intelligence data. According to a report by The Wall Street Journal (Warning: source may be paywalled; alternative source), "A cyberattacker nicknamed 'Alf' gained access to an Australian defense contractor's computers and began a four-month raid that snared data on sophisticated U.S. weapons systems. Using the simple combinations of login names and passwords 'admin; admin' and 'guest; guest' and exploiting a vulnerability in the company's help-desk portal, the attacker roved the firm's network for four months. The identity and affiliation of the hackers in the Australian attack weren't disclosed, but officials with knowledge of the intrusion said the attack was thought to have originated in China."
The article goes on to state that "Alf obtained around 30 gigabytes of data on Australia's planned purchase of up to 100 F-35 fighters made by Lockheed Martin, as well as information on new warships and Boeing-built P-8 Poseidon maritime-surveillance aircraft, in the July 2016 breach." The stolen data also included details of the C-130 Hercules transport aircraft and guided bombs used by the U.S. and Australian militaries as well as design information "down to the captain's chair" on new warships for Australia's navy.
The article goes on to state that "Alf obtained around 30 gigabytes of data on Australia's planned purchase of up to 100 F-35 fighters made by Lockheed Martin, as well as information on new warships and Boeing-built P-8 Poseidon maritime-surveillance aircraft, in the July 2016 breach." The stolen data also included details of the C-130 Hercules transport aircraft and guided bombs used by the U.S. and Australian militaries as well as design information "down to the captain's chair" on new warships for Australia's navy.
That's kind of what happens when the Australian Signals Directorate wants brilliant hackers to work for them, but only offers to pay them entry-level Help Desk wages.
It wasn't the Australian Signals Directorate but some dickhead project sub-contractor. According to someone on TV last night it's a 50 person company and they only have one man doing IT functions, which includes things like fixing printers. I wonder what happens if this person goes on holidays?
While this company deserves to burn in hell, we also need to look at the idiots which gave them the job. Was no due diligence done to see if the sub-contractors were capable, and why did they need this kind of information in the first place? Balls should roll.