It has been revealed that around 30 gigabytes of sensitive data was downloaded by an unknown “hacker” from a government defence contractor all because of super lax network security, including the password for the administrator account being “admin”.
The 2017 Threat Report released yesterday outlines how the engineering firm that contracts to the Department of Defence had technical information relating to fighter jets, maritime patrol aircraft and smart bomb kits stolen from their servers last year.
As ZDNet reveals one document was a blueprint-style outline of an upcoming navy ship which was so detailed that one could “zoom in down to the captain’s chair and see that it’s, you know, 1 metre away from nav chair”.
The report also notes how piss-easy it was to access the info, which is restricted under the International Traffic in Arms Regulations, due to the fact the internet-facing services had the default passwords still, such as ‘admin’ for administrators and ‘guest’ for guests.
And just because it wasn’t weird enough, the Australian Signals Directorate, who are the group behind the investigation, named the unknown malicious accessor ALF, after everyone’s favourite Summer Bay grump from soap Home & Away.
Thus the, totally normal, official name of the three-month period this “Alf” was accessing the info? “Alf’s Mystery Happy Fun Time”.
Couldn’t have said it better myself, old mate.
