Published: Thu, October 12, 2017
Worldwide | By Gretchen Simon

Hacker codenamed 'Alf' from Home and Away stole data from defence subcontractor

Hacker codenamed 'Alf' from Home and Away stole data from defence subcontractor

ASD incident response manager Mitchell Clarke told a conference in Sydney on Wednesday the hackers targeted a small "mum and dad type business" - an aerospace engineering company with about 50 employees in July past year.

Some 30GB of "sensitive data" subjected to restricted access under the US government's International Traffic in Arms Regulations rules were stolen, ASD's Mitchell Clarke told a security conference Wednesday according to ZDNet.

The data, stolen in a 2016 breach, included technical information on the multi-billion dollar F-35A Joint Strike Fighter program, smart bombs and naval vessels.

Those brought in to assess the attack nicknamed the hacker Alf after a character on the popular Australian soap "Home and Away", Clarke said.

A state actor has not been ruled out and it has been reported that a hacking tool, known as the Chinese Chopper, was used.

Mr Clarke told a Sydney security conference that the hacker had exploited a weakness in software being used by the government contractor.

The ASD officials started fixing the system in December and referred to the period before they responded as "Alf's Mystery Happy Fun Time".

United States shows off bombers again over Korea
Seoul says North Korea has repeatedly staged cyberattacks on South Korean business and government websites. All this probing is nonetheless a cause for concern.

In a statement sent to Defence Connect, a spokesperson from the ACSC said the information stolen by an unknown cyber thief was commercially sensitive but not classified. "It's just a thing we do", he said. "It could somebody working for another company".

The government distanced itself from the Adelaide-based firm, saying it had most likely been employed by another contractor.

The federal minister for cybersecurity Dan Tehan revealed the breach earlier this week through the release of the Australian Cyber Security Centre's 2017 Threat Report, but provided no detail specifically about the Alf incident. "That is a stretch", Mr Pyne said.

"Fortunately the data that has been taken is commercial data, not military data", Pyne said.

However, he said "we don't necessarily let the public know" about the identities of hackers, because such investigations often involve confidential information.

Pyne added that Australia was increasingly a target for cyber criminals as it was undertaking a massive Aus$50 billion ($39 billion) submarine project which he described as the world's largest.

Military spending would grow by A$29.9bn over 10 years, including plans to buy 72 Joint Strike Fighters, the 2016 Defence White Paper outlined.

Like this: