Australia's foreign intelligence collection agency — the Australian Signals Directorate (ASD) — says a hacker stole over 30 GB of data on the country's military capabilities, including details on fighter jets, military aircraft, and naval ships.
The breach occurred at an unnamed Department of Defence contractor, an ASD official told local press, yesterday, at an industry conference in Sydney.
Mitchell Clarke, the ASD spokesperson who revealed the incident, said the hacker did not steal "top secret" data, but the breach contained sensitive information, not accessible to the public, and containing confidential information, diagrams, and plans about the country's military prowess.
Stolen data included details on the new F-35 Joint Strike Fighter jet, the Boeing P-8 Poseidon submarine-hunting airplane, Lockheed-Marting C-130 transport aircrafts, JDAM guided bombs, and data on "some naval ships."
The breach took place in July 2016, but the ASD found about it in November 2016, when a "partner organization" notified the Agency.
Clarke blamed the intrusion on human error, as some of the company's systems appear to have been protected by weak passwords such as using usernames and passwords like "admin" and "guest."
The defense contractor, which has roughly 50 employees, had apparently hired only one IT staffer to secure its network.
During the investigation, ASD experts discovered the China Chopper web shell on the company's servers. It is unclear if this was the hacker's entry point.
ASD officials are still investigating if this is a case of a lowly-skilled hacker, a case of economic espionage, or the work of nation-state cyber-intelligence actor.
For some weird reason, the ASD codenamed the hacker "Alf," after a character in the "Home and Away" Australian TV soap opera.
This is not the only cyber-incident that came to light yesterday. South Korean press reported that North Korean hackers stole the country's war plans.
The documents, drawn together with US forces, included tactical details of how South Korea and the US would attack or defend a North Korean attack. The stolen documents also included plans to assassinate North Korean supreme leader Kim Jong-un.
Hackers apparently stole over 235GB of documents from government servers.