An aerospace engineering firm that subcontracts to the Australian Department of Defence was hacked into and restricted information on several advanced defence systems stolen in 2016.
Files that were taken include detailed information on the F-35 Joint Strike Fighter, C-130 transport aircraft, P-8 Poseidon maritime patrol aircraft, the Joint Direct Attack Munition (JDAM) smart bomb kit, and other Australian naval vessels, says a report on zdnet.
The Australian Cyber Security Centre's 2017 threat report has released information about this attack which took place in November 2016, when it was first identified that a breach had taken place. The attacker had apparently gained and continued to have access for an extended period of time and the report says that the hacker "remained active on the network at the time".
According to the report, the company is a small, 50-person strong contractor with links to security projects. The report mentions that the Australian Signals Directorate (ASD) had named the advanced persistent threat (APT) as "Alf". The hacker was code named "Apt Alf" after a popular Australian TV character.
Apt Alf reportedly started the hack by July 2016 and started stealing the data two weeks after the breach. He faced little resistance, and gained access through a security vulnerability in the company's Helpdesk portal, says the report. A simple security patch could have fixed this weakness, said the report.
The stolen data was protected under the International Traffic in Arms Regulations (ITAR) – a US regulation that controls defence and military technology from being sold around the world.
In a statement to IBTimes UK, security expert and Global Security Advocate at Digital Guardian, Thomas Fischer, spoke of the importance of updating patches, and "why all companies, no matter how small, need to adopt a 'patch early, patch often' mantra".
"Unfortunately, businesses continue to underestimate the importance of patching. In this case, seemingly with no encryption or access control measures in place, the sensitive defence data was freely accessible," he added.
Apt Alf's access to the files were made easy because the defence contractor had used login IDs and passwords that were basic and it had a common local administrator account password on all servers, says the report.
Using the administrator account password, Apt Alf gained access to the domain controller, the remote desktop server, and eventually emails and the rest of the sensitive information, which amounted to over 30GB of data. The zdnet report mentions that the internet-facing services had passwords that were as simple as "admin" and "guest".