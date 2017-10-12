US Weapons Data Stolen During Raid of Australian Defense Contractor's Computers (wsj.com) 27
phalse phace writes: Another day, another report of a major breach of sensitive U.S. military and intelligence data. According to a report by The Wall Street Journal (Warning: source may be paywalled; alternative source), "A cyberattacker nicknamed 'Alf' gained access to an Australian defense contractor's computers and began a four-month raid that snared data on sophisticated U.S. weapons systems. Using the simple combinations of login names and passwords 'admin; admin' and 'guest; guest' and exploiting a vulnerability in the company's help-desk portal, the attacker roved the firm's network for four months. The identity and affiliation of the hackers in the Australian attack weren't disclosed, but officials with knowledge of the intrusion said the attack was thought to have originated in China."
The article goes on to state that "Alf obtained around 30 gigabytes of data on Australia's planned purchase of up to 100 F-35 fighters made by Lockheed Martin, as well as information on new warships and Boeing-built P-8 Poseidon maritime-surveillance aircraft, in the July 2016 breach." The stolen data also included details of the C-130 Hercules transport aircraft and guided bombs used by the U.S. and Australian militaries as well as design information "down to the captain's chair" on new warships for Australia's navy.
"A cyberattacker nicknamed 'Alf' gained access to an Australian defense contractor's computers and began a four-month raid that snared data on sophisticated U.S. weapons systems. Using the simple combinations of login names and passwords 'admin; admin' and 'guest; guest' "
That's kind of what happens when the Australian Signals Directorate wants brilliant hackers to work for them, but only offers to pay them entry-level Help Desk wages.
It wasn't the Australian Signals Directorate but some dickhead project sub-contractor. According to someone on TV last night it's a 50 person company and they only have one man doing IT functions, which includes things like fixing printers. I wonder what happens if this person goes on holidays?
While this company deserves to burn in hell, we also need to look at the idiots which gave them the job. Was no due diligence done to see if the sub-contractors were capable, and why did they need this kind of informa
Wow, much sophistication in the Australian loginname/password scheme.
Having protocols and policies in place is one thing, actually adhering to and enforcing them is quite another...
Those "sophisticated weapons" are irrelevant (Score:2)
Or fast becoming so. Sure, they still appeal to cave-men that like to kill wholesale and make things go "boom". In the actual conflicts to come, they will just be extremely expensive historic artifacts, nothing else. The age of "big weapons" (with small brains behind them) is coming to an end.
I believe that these things occur because of an old mentality amongst the military that is still true on a physical battlefield: "the best defence is a strong offence".
The thing is that, in "the cyber", offence and defence are mostly unrelated. Hacking another country does not stop that country from hacking back.
This leads to the ridiculous situation where the NSA leaves the US government vulnerable so that it can hack Russia.