Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Security The Military Australia Privacy United States

US Weapons Data Stolen During Raid of Australian Defense Contractor's Computers ( 78

phalse phace writes: Another day, another report of a major breach of sensitive U.S. military and intelligence data. According to a report by The Wall Street Journal (Warning: source may be paywalled; alternative source), "A cyberattacker nicknamed 'Alf' gained access to an Australian defense contractor's computers and began a four-month raid that snared data on sophisticated U.S. weapons systems. Using the simple combinations of login names and passwords 'admin; admin' and 'guest; guest' and exploiting a vulnerability in the company's help-desk portal, the attacker roved the firm's network for four months. The identity and affiliation of the hackers in the Australian attack weren't disclosed, but officials with knowledge of the intrusion said the attack was thought to have originated in China."

The article goes on to state that "Alf obtained around 30 gigabytes of data on Australia's planned purchase of up to 100 F-35 fighters made by Lockheed Martin, as well as information on new warships and Boeing-built P-8 Poseidon maritime-surveillance aircraft, in the July 2016 breach." The stolen data also included details of the C-130 Hercules transport aircraft and guided bombs used by the U.S. and Australian militaries as well as design information "down to the captain's chair" on new warships for Australia's navy.

This discussion has been archived. No new comments can be posted.

US Weapons Data Stolen During Raid of Australian Defense Contractor's Computers

Comments Filter:
  • "A cyberattacker nicknamed 'Alf' gained access to an Australian defense contractor's computers and began a four-month raid that snared data on sophisticated U.S. weapons systems. Using the simple combinations of login names and passwords 'admin; admin' and 'guest; guest' "

    Wow, much sophistication in the Australian loginname/password scheme,

    • by sehlat ( 180760 )

      Wow, much sophistication in the Australian loginname/password scheme.

      The article left out 'mate; mate' and 'That's not a knife;THAT's a knife'

    • Back in the early 90s I was sent to a very large ISP to install Sybase monitoring software. The sa password? Just “password”. And yes, they are still around today. Hopefully that password got changed.
    • Wow, much sophistication in the Australian loginname/password scheme,

      I was expecting at least username = fosters, password = xxxx.

  • Australia's "navy" *rolls eyes*
    • by Anonymous Coward

      That's ok.

      Piles of dead Germans, Japanese, Koreans, Vietnamese (and others) made the same mistake.

      They underestimated too.

      I doubt the US Navy did much eye rolling when their aircraft carriers got "blasted" out from underneath them during joint exercises.

  • This reminds me of the US patent debate. It is the same type of spying that has been happening since forever, except with "over the Internet" attached. Yes, the Internet makes the remote access attacks easier, but really it is just a different form of the same type has has always existed. Countries have been stealing the weapon plans of other nations, and will continue to do so using whatever mechanisms are available, and no one should be surprised.
  • Back in the good old days, spies couldn't sit on their couches in their PJs watching soap operas while their scripts downloaded stuff in the background. They actually had to go out to do their jobs.

    Computers make everyone stupid.
  • Doesn't the DoD audit and require proof of security protocols when handing over Secret information to both domestic and foreign contractors? How could having passwords of admin/admin and guest/guest miss even the simplest of tests?

    Pathetic and ridiculous to even classify stuff if this is how they run the show.

    • by Bert64 ( 520050 )

      Having protocols and policies in place is one thing, actually adhering to and enforcing them is quite another...

      • Then there's the fact that the more protocols and policies you have, the fewer of them are actually going to be implemented. Good security is just the right amount. Not so little that your passwords are left on default, no so much that no one gets around to changing the default passwords because they're busy checking all the other boxes and figuring out ways to get their work done despite them.
    • I hate to dampen anyone's outrage but it wasn't a secret, none of the data stolen was classified.
    • despite the articles insinuation none of that information is considered secret.
  • Australia is buying 100 F-35 aircraft? That must have been a huge bribe.
    • by caviare ( 830421 )

      No no, it's just doing what it perceives as its duty as the 52nd state of the US. I understand the UK is the 51st.

    • by Anonymous Coward

      ... buying 100 F-35 aircraft?

      I think the original order was 48 aircraft but then we got a national leader who wanted to enact Reagan-era policies of welfare-bashing, gifts to the rich and a big military. So he ordered another 52 aircraft and a maintenance contract. He was demoted from leadership before he could enact other far-right policies but we're still fighting the deluded ideologues he left behind. We still hear him in the background, proclaiming he knows better than his own boss.

    • by AHuxley ( 892839 )
      Less of a bribe more of trying to lean from history.
      "Australia 'cracked top-secret US jet fighter codes'" [] (March 17, 2009)
      "The Americans kept saying they'd provide the codes, but never did."
      The new thinking is to spend big with the USA and everything will be so much better this generation.
  • Or fast becoming so. Sure, they still appeal to cave-men that like to kill wholesale and make things go "boom". In the actual conflicts to come, they will just be extremely expensive historic artifacts, nothing else. The age of "big weapons" (with small brains behind them) is coming to an end.

  • by Rick Schumann ( 4662797 ) on Thursday October 12, 2017 @06:11PM (#55359311) Journal
    'facepalm; facepalm'
  • I believe that these things occur because of an old mentality amongst the military that is still true on a physical battlefield: "the best defence is a strong offence".

    The thing is that, in "the cyber", offence and defence are mostly unrelated. Hacking another country does not stop that country from hacking back.

    This leads to the ridiculous situation where the NSA leaves the US government vulnerable so that it can hack Russia.

  • In the old days, penetration exploits like this would be noticed, as large file transfers flooded routers going to unusual IPs, and someone literally would pull the plug on the router or swap in a honeypot.

    Nowadays, there is no such oversight, and the weakest point in any system is any weak point, be it someone not following basic security protocols or the NSA and other groups (there are more than you think) leaving exploit holes everywhere, including in your mouse, keyboard, monitors, and so on.

    It's like v

  • yep.

    My guess is this was a "false flag" organised by the DSD to force the government into policy changes to make things more secure. Australian government is full of dinosaurs with little or no knowledge of IT and they really make idiotic descions (see the recent fuck up of the NBN).

    No sensitive data was lost, and they have released ALOT of info about this breach which is unusual.

    Therefore.. I call bullshit.

    • by AHuxley ( 892839 )
      Re "No sensitive data was lost, and they have released ALOT of info about this breach which is unusual"
      Every document and file would have had a checksum. The new NSA buddy system and more contractor security than ever would now be in place in 5 eye nations.
      Every access down a pipe or tube to any contractor has always been watched. Staff have all their home/work networks watched.
      The entry of any intruder would have been detected in real time. The files copied and what was of interest examined.
      The code
  • the folks in charge would be smart enough to put fake docs in places that could be hacked.

    But I'm a realist. I look at the hope hand and and see a pile of smelly stuff. I look in the "smart folks" hand and see nothing.
  • Just how much hacking / stealing / pilfering needs to happen before someone decides the current way of doing business probably isn't the most secure way of doing it ?

    Here's a thought:

    Quit allowing sensitive / classified data outside of secure networks.

    You want access to that data ? Drive your ass into the facility designed to house and secure it. Yes, it's inconvenient. Security usually is.

    But it's either that or we may as well just de-classify all of it and mail it to everyone on the planet. Save a lot

  • My company just got thru installing a new accounting system and there is a separate document handling piece that has its own login. The trainer that trained us on the main accounting piece showed us how to setup security on that software, but never showed us the setup on the Document Handling system. Someone called my extension inside my company asking for access to that system (I knew the person and his job, so I knew he needed access), and I happened to guess the default admin password was 'admin'. SM
  • Have they ever considered not storing their U.S. military and intelligence weapons data on a computer connected to the Internet?

Any sufficiently advanced technology is indistinguishable from a rigged demo.