Cyber attack on Australia: The Army's information has been stolen

Share

A hacker group codenamed "Alf" after the Home and Away character has broken into a defence contractor and stolen sensitive data on military projects. "One of the learning outcomes from this particular case study for at least the Australian government is that we need to find a way to start to be a little bit more granular in our contracting to mandate what type of security controls are required", Clarke said.

The hack, which came to light in a threat report from the Australian Cyber Security Center, infiltrated the unidentified company's computer network in July 2016.

However, he said "we don't necessarily let the public know" about the identities of hackers, because of the confidential nature of the environment.

"It could have been a state actor, it could have been cyber criminals, and that's why it was taken so seriously".

"Of course, the same rule applies for companies who carry sensitive data because it is not a question of "if" but "when" you will be breached, and I don't accept making it easy either", he said.

The minister also assured the public that the hack was not a risk to national security.

The Australian defence ministry is trying to downplay the 2016 hacking of a contractor that exposed data about Australia's Joint Strike Fighter programme.

Russian military jet crashes in Syria, crew dead
The toll of Russian servicemen officially reported killed in Syria is at 37 with these two deaths, the reports added. The crew did not have time to eject, the statement said, without disclosing the number of people aboard.

ASD incident response manager Mitchell Clarke was quoted by ABC.net as telling a Sydney conference on Wednesday "the compromise was extensive and extreme". ASD refers to the three months between the attacker gaining access, and the ASD becoming aware of it, as "Alf's Mystery Happy Fun Time".

In a statement sent to Defence Connect, a spokesperson from the ACSC said the information stolen by an unknown cyber thief was commercially sensitive but not classified. "The ASD and the cyber security office immediately swung into action", he said.

Earlier this week, it emerged Australia has been subjected to 47,000 cyber incidents in the last 12 months - a 15% increase on the previous year.

The password to enter the enter the company's web portal was "admin" and the guest password was "guest", according to ZDNet, which first reported the story.

The ACSC said in a report on Monday that it responded to 734 cyber attacks on "systems of national interest" for the year ended June 30, and the defense industry was a major target.

"Security thinking needs to change; organisations need to move away from the concept of owned and unowned networks or infrastructure and consider only users, applications and secure access - and the security industry must facilitate that shift". On 22 March 2018, the event will come to the USA for the first time, taking place in one of the world's most prominent business cities: NY.

Share