The WA-based defence shipbuilder Austal has been the subject of a cyber security breach and extortion attempt. (ABC News: Andrew O’Connor)
Prime Minister Scott Morrison has warned a cyber attack and extortion attempt on a Department of Defence shipbuilder has escalated fears about hackers attempts to compromise national security.
Western Australian-based Austal announced to the stock exchange that an unknown offender had targeted its data management system.
Federal authorities are now investigating who was responsible for the hack and the full extent of information gathered.
What is Austal and what does it build?
Austal is a shipbuilder and defence contractor. It builds patrol vessels and frigates for the Australian Navy.
The company also supplies vessels for international markets, including combat ships for the United States and the Royal Navy of Oman.
Austal, which is the only ASX-listed shipbuilder, built the Cape Class Patrol Boat fleet that Border Force uses to patrol Australia’s waters.
The company was founded in Western Australia in 1988, initially with a focus on commercial vessels, and has become the world’s largest aluminium shipbuilder.
It’s responsible for everything from the design to the construction of vessels.
Who hacked into Austal?
It remains unclear who was responsible for the hack.
Austal, in its announcement to the stock exchange, only said it was an “unknown offender”.
The departments of Defence and Home Affairs issued a joint statement with the Australian Cyber Security Centre about the matter but also didn’t identify who was responsible.
The Australian has reported sources have told the newspaper that the breach occurred in mid-October and the perpetrators were in the Middle East, something its source said was unusual.
What did they access?
Austal has confirmed “some staff email addresses and mobile phone numbers” were accessed in the hack.
It also confirmed ship drawings might have been stolen.
These drawings were designs for customers and sub-contractors, but the company insists neither commercially-sensitive nor details that affect national security were compromised.
The company was keen to point out the breach had no impact on its ongoing operations.
“Austal’s business in the United States is unaffected by this issue as the computer systems are not linked,” the company’s statement reads.
How did Austal find out?
Like many of the circumstances surrounding the breach, how Austral discovered it is also unclear.
But the company has confirmed there was an extortion attempt.
“Following the breach the offender purported to offer certain materials for sale on the internet and engage in extortion,” the Austal statement reads.
“The company has not and will not respond to the extortion attempts.”
Neither the company nor the federal agencies have offered more information about what was involved in the extortion attempt, or if that’s how the company found out about the breach.
Who is investigating the matter?
Austal referred the incident to the Australian Federal Police (AFP) and the Australian Cyber Security Centre (ACSC), which is run by the Australian Signals Directorate (ASD).
The Office of the Australian Information Commissioner will also be involved in the investigation, given staff emails and phone numbers were accessed.
Amid the AFP and ACSC investigation, the agencies have provided advice and assistance to Austal about how it can bolster its IT systems and cyber security.
The Department of Defence has also been involved in the investigation, determining if classified information was compromised.
Why are people concerned?
From the prime minister to the departmental press releases, all have been keen to point out how the incident reinforces the serious nature of cyber threats.
Australia’s spy chief Duncan Lewis, who runs ASIO, has repeatedly talked about the unprecedented levels of espionage and foreign interference.
ASD has also taken a more prominent role in recent weeks, a signal of the growing threat of cyber attacks to commercial operations and not just government agencies.
That is in part because commercial agencies are playing a bigger role in building public infrastructure.