More than 30 gigabytes of data including top secret technical information about fighter jets, navy vessels and surveillance aircraft has been stolen from a Australian defence contractor, an official has revealed.
The Opposition demanded answers on Thursday about the breach, which the government has confirmed without giving specific details and blamed on the contractor’s poor cyber security.
Australian Signals Directorate incident response manager Mitchell Clarke revealed to a conference on Wednesday an aerospace engineering company with about 50 employees was compromised last year.
The firm was subcontracted four levels down from defence contracts and hacked by a person or group dubbed “ALF” after the character in TV soap opera Home and Away by authorities, he said.
“The compromise was extensive and extreme,” Mr Clarke told the Australian Information Security Association national conference in audio obtained by freelance journalist Stilgherrian.
“It included information on the (F-35) Joint Strike Fighter, C130 (Hercules aircraft), the P-8 Poseidon (surveillance aircraft), joint direct attack munition (JDAM smart bomb kits) and a few naval vessels.”
Mr Clarke said the information hacked on the new Navy ships included a diagram in which you could zoom in down to the captain’s chair and see it was one metre away from the navigation chair.
“We were alerted to it by a prime, which is one of the major defence contractors. The ASD and the cyber security office immediately swung into action,” he said.
Mr Pyne said he did not know who was responsible but the information collected by the Australian Signals Directorate was highly classified anyway, meaning the government was unlikely to reveal what it knew about the identity of the hacker.
“It could have been a number of actors who did it. It could be a state actor, a non-state actor, it could have been someone who was working for another company, so I would not want to speculate on that at this stage,” Mr Pyne told ABC Radio.
Opposition Leader Bill Shorten said he was “a bit lost for words that you’ve got the government sort of just airily dismissing the hacking of defence information”.
“The very fact that people who shouldn’t have had access to this information got access should ring alarm bells in the government, but they don’t appear to have woken up to this being a problem,” Mr Shorten said.
“If we got lucky this time, and it was only sensitive information, not even more significant information, we need to make sure there is no next time, the government needs to wake up to itself, start taking its responsibility seriously and start protecting sensitive defence information.”
On Tuesday, Dan Tehan, the minister in charge of cyber security, confirmed the hacking of an unnamed contractor but did not reveal specific details.
The Australian Cyber Security Centre said the information released by the ASD staffer, who works for the centre, was commercially sensitive but unclassified.