Hackers steal data about JSF from an Australian subcontractor

An employee of the Australian Signals Directorate, an intelligence agency, has said that hackers have stolen a total of 30GB of data about the JSF fighter jet, naval craft, the P-8 reconnaissance plane, the Hercules transport plane and GPS-guided bombs.

Since July 2016, the hackers had access to the network of a small Australian aviation company, a subcontractor to the Australian Ministry of Defence. Data capture began two weeks later, according to a manager of the Australian Signals Directorate, Mitchell Clark. He made this known during a presentation.

The federal Australian government says it does not know who the hackers were and states that the stolen information is not sensitive secret data, but only commercially sensitive data. However, Clarke said during the presentation that it was an extensive data theft. It is not clear exactly what data was captured, although Clarke said that the stolen information about the naval ships included material that can be zoomed all the way to the captain’s seat.

A tool called China Chopper had been used for the break-in. According to Clark, it took the hackers very little effort to penetrate the network, partly because the company still used standard passwords such as ‘admin’ and ‘guest’ with certain internet services. It is a small company that employs fifty people, where the network was maintained by one IT employee.

Data on the JSF has been targeted by hackers before. For example, in April 2009, unknown persons broke into computer systems of the Join Strike Fighter fighter jet project, stealing several terabytes of data. It has been speculated that China used the captured data to develop its own J31 fighter jet, which is very similar to the JSF. In May 2013, Chinese hackers allegedly stole secret designs from multiple weapon systems, including the JSF, through a hack.

Partly because the JSF was developed by a large number of Western countries, numerous defense companies are involved in the program, which means that the sensitive data of all kinds of different companies is on their networks.

At the top of the JSF; including the Chinese J-31.