Top secret technical information about new fighter jets, navy vessels, and surveillance aircraft has been stolen from an Australian defence contractor.
Dan Tehan, the minister in charge of cyber security, on Tuesday confirmed the hacking of an unnamed contractor but did not reveal specific details.
Australian Signals Directorate incident response manager Mitchell Clarke told a conference in Sydney on Wednesday the hackers targeted a small “mum and dad type business” – an aerospace engineering company with about 50 employees in July last year.
He said the firm was subcontracted four levels down from defence contracts.
“The compromise was extensive and extreme,” Mr Clarke told the Australian Information Security Association national conference in audio obtained by a freelance journalist called Stilgherrian.
“It included information on the (F-35) Joint Strike Fighter, C130 (Hercules aircraft), the P-8 Poseidon (surveillance aircraft), joint direct attack munition and a few naval vessels.”
Mr Clarke said the information hacked on the new Navy ships included a diagram in which you could zoom in down to the captain’s chair and see that it was one metre away from the navigation chair.
Mr Clarke described the security breach as “sloppy admin”.
He said the organisation only had one IT person.
The hacker had access to the data for three months before the Australian Signals Directorate became aware of it. The ASD referred to the period — between July and November 2016 — as “Alf’s Mystery Happy Fun Time”, in a reference to a Home and Away character.
An Australian Cyber Security Centre spokesperson said the information released by the ASD staffer, who works for the centre, was commercially sensitive but unclassified.
“While the Australian company is a national-security linked contractor and the information disclosed was commercially sensitive, it was unclassified,” they said in a statement on Wednesday evening.
“The government does not intend to discuss further the details of this cyber incident.”
Last year, the government’s Cyber Security Centre revealed that foreign spies installed malicious software on the Bureau of Meteorology’s system and stole an unknown number of documents.