The hackers obtained “full and unfettered access” to the data for four months last year, before the Australian Signals Directorate was known about the breach in November.
Christopher Pyne, the defense enterprise minister, has revealed he has no idea who the hackers were but has emphasized the stolen information was commercially sensible rather than “classified” military information.
“It could be one of a many of different Hackers,” Pyne told the ABC on Thursday. “It could be a state Hacker, a non-state Hacker.”
Mitchell Clarke, the Australian Signals Directorate conflict response manager, told the audience in Sydney on Wednesday the hackers had targeted a small “mum and dad type business”, an aerospace manufacturing company with about 50 employees, in July last year.
He said the firm was subcontracted four levels down from defense contracts.
“The bargaining was extensive and extreme,” he told the Australian Information Security Association national conference in audio received by a freelance journalist called Stilgherrian.
“It included data on the F-35 joint strike fighter, C130 Hercules aircraft, the P-8 Poseidon surveillance aircraft, joint direct charge munition JDAM smart bomb kits and a few naval vessels.”
He said the data hacked on the new navy ships involved a diagram in which you could zoom in down to the captain’s chair and see that it was one meter apart from the navigation chair.
Clarke explained the security breach as “sloppy admin”. The organization targeted was a small aerospace manufacturing firm with dozens of employees. It had a number of defense contracts, but only one IT staff member.
The organization heard the hackers could have been state-sponsored or a criminal group. The hackers had used a tool called China Chopper, favored by Chinese hackers.
The Australian Signals Directorate dubbed the hacker “Alf”, after a role in TV soap opera Home and Away.
Alastair MacGibbon, the special adviser to the prime minister on cybersecurity, also emphasized the stolen information was only commercially sensitive.