Joint Strike Fighter plans stolen in Australia cyber attack

Joint Strike Fighter plans stolen in Australia cyber attack

"It included information on the (F-35) Joint Strike Fighter, C130 (Hercules aircraft), the P-8 Poseidon (surveillance aircraft), joint direct attack munition (JDAM smart bomb kits) and a few naval vessels".

The data about Australia's warplanes and navy ships was stolen from an Adelaide Defence subcontractor which had one I.T. specialist and used extremely easy passwords.

The admin password, to enter the company's web portal, was "admin" and the guest password was "guest".

Some of the sensitive data was linked to the International Traffic in Arms Regulations, a USA regulatory regime, The Sydney Morning Herald reported. He said the organisation only had one IT person and that person had only been in the job for a short while.

The hackers used a tool called "China Chopper" which according to security experts is widely used by Chinese actors, and had gained access via an internet-facing server, he said.

He would not comment who might be behind the breach, only stating that the government was spending billions of dollars on cyber security.

"While the Australian company is a national-security linked contractor and the information disclosed was commercially sensitive, it was unclassified", they said in a statement on Wednesday evening.

The hack was discovered by a major Defence contractor.

Pyne added that Australia was increasingly a target for cyber criminals as it was undertaking a massive Aus$50 billion (US$39 billion) submarine project which he described as the world's largest.

At a cyber security conference in Sydney yesterday Australian Signals Directorate incident manager Mitchell Clarke said that ASD was tipped off in November 2016 that a hacker had infiltrated the network of an engineering sub-contractor for the Defence Department.

Defence industry minister Christopher Pyne told the ABC on Thursday he does not know who the hacker is and indicated he would not tell if he knew, "It could be a state actor, a non-state actor".

"The very fact that people who shouldn't have had access to this information got access should ring alarm bells in the government, but they don't appear to have woken up to this being a problem", he said.

"Fortunately the data that has been taken is commercial data, not military data", Pyne said.

"Today, while presenting at a conference in Sydney, an ASD official disclosed information about the theft of data from an Australian company", a spokesman for the Australian Cyber Security Centre said.