Defence data hack puts cyber security in the spotlight

Defence Industry Minister Christopher Pyne has warned firms they face losing government contracts if they do not have strong levels of protection against cyber attacks in place after a massive hack of secret data involving Australia’s new fleet of Joint Strike Fighter aircraft, spy planes and warships.

As cyber security experts backed the minister’s call, Mr Pyne deflected blame from the government, arguing ultimate responsibility lies with the company that was breached.

An Australian Signals Directorate employee, Mitchell Clarke, revealed at an IT industry conference on Wednesday foreign hackers stole 30 gigabytes of data from an unnamed Defence Department contractor last year.

“The compromise was extensive and extreme,” Mr Clarke said.

He said the hacker had taken advantage of the aerospace firm’s “sloppy” IT security, including a failure to update software and possibly cracking basic passwords to access servers, over a three-month period before ASD was alerted to the breach. The company was described as a “mum and dad” business with just one IT worker for its 50 employees.

The hacker was dubbed “Alf” in honour of the Home and Away character. It’s unclear whether another country or non-state actor was behind the breach but the hackers used China Chopper, a Chinese language webshell, to access the company’s system.