Slashdot Mirror
US Weapons Data Stolen During Raid of Australian Defense Contractor's Computers (wsj.com)
phalse phace writes: Another day, another report of a major breach of sensitive U.S. military and intelligence data. According to a report by The Wall Street Journal (Warning: source may be paywalled; alternative source), "A cyberattacker nicknamed 'Alf' gained access to an Australian defense contractor's computers and began a four-month raid that snared data on sophisticated U.S. weapons systems. Using the simple combinations of login names and passwords 'admin; admin' and 'guest; guest' and exploiting a vulnerability in the company's help-desk portal, the attacker roved the firm's network for four months. The identity and affiliation of the hackers in the Australian attack weren't disclosed, but officials with knowledge of the intrusion said the attack was thought to have originated in China."
The article goes on to state that "Alf obtained around 30 gigabytes of data on Australia's planned purchase of up to 100 F-35 fighters made by Lockheed Martin, as well as information on new warships and Boeing-built P-8 Poseidon maritime-surveillance aircraft, in the July 2016 breach." The stolen data also included details of the C-130 Hercules transport aircraft and guided bombs used by the U.S. and Australian militaries as well as design information "down to the captain's chair" on new warships for Australia's navy.
The article goes on to state that "Alf obtained around 30 gigabytes of data on Australia's planned purchase of up to 100 F-35 fighters made by Lockheed Martin, as well as information on new warships and Boeing-built P-8 Poseidon maritime-surveillance aircraft, in the July 2016 breach." The stolen data also included details of the C-130 Hercules transport aircraft and guided bombs used by the U.S. and Australian militaries as well as design information "down to the captain's chair" on new warships for Australia's navy.
Wow, much sophistication in the Australian loginname/password scheme.
The article left out 'mate; mate' and 'That's not a knife;THAT's a knife'
That's kind of what happens when the Australian Signals Directorate wants brilliant hackers to work for them, but only offers to pay them entry-level Help Desk wages.
It wasn't the Australian Signals Directorate but some dickhead project sub-contractor. According to someone on TV last night it's a 50 person company and they only have one man doing IT functions, which includes things like fixing printers. I wonder what happens if this person goes on holidays?
While this company deserves to burn in hell, we also need to look at the idiots which gave them the job. Was no due diligence done to see if the sub-contractors were capable, and why did they need this kind of information in the first place? Balls should roll.
'facepalm; facepalm'
sit on their couches in their PJs watching soap operas
Why? Is Pornhub down?
Have gnu, will travel.
Having protocols and policies in place is one thing, actually adhering to and enforcing them is quite another...
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
In the old days, penetration exploits like this would be noticed, as large file transfers flooded routers going to unusual IPs, and someone literally would pull the plug on the router or swap in a honeypot.
Nowadays, there is no such oversight, and the weakest point in any system is any weak point, be it someone not following basic security protocols or the NSA and other groups (there are more than you think) leaving exploit holes everywhere, including in your mouse, keyboard, monitors, and so on.
It's like voting, use paper ballots. In this case, don't outsource weapons research. Don't trust, verify. And keep verifying, use social engineering tests on your "secure" facilities. I used to wait for people to "just go to the bathroom" (easy method: pop up a button cam under a windowsill, motion activate, fixed on door, after a while you pattern match with one on bathroom door, easy to extrapolate.
And never ever trust third party.
-- Tigger warning: This post may contain tiggers! --
Yes as we all know only Australia uses that default username/password combo.
Either that or something easy to remember and guess like waltzingmatilda or the likes. I would think that one could break into most of the infrastructure of .au with that one.
Allowing user set passwords to administration rights that are global and are accessible over the internet to critical data that is not locked down and encrypted is inherently stupid. About as smart as allowing remote admin priviledge to a website from the assholes claiming over the phone to be from microsoft windows security division calling you because your computer has been compromised. I suspect that the contractor was connected to someone who gave out the contract to a friend with some cash because the contractor sure as hell was not vetted properly!
This message was not sent from an iPhone because Peter Sellers really was a deviated prevert without a dime for the call
Pull your head in, mate. Anonymous Drongo thinks there's only ever been one TV character named "Alf".
sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
Source
sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});