A skilled hacker in Vietnam stole sensitive security details and building plans from Perth Airport after breaking into its computer systems.
The West Australian can reveal Vietnamese man Le Duc Hoang Hai used the credentials of a third-party contractor to get access to the airport’s computer systems in March last year.
Prime Minister Malcolm Turnbull’s cybersecurity adviser Alastair MacGibbon said yesterday the man stole “a significant amount of data” relating to the airport, including building schematics and details of physical security at airport buildings.
Mr MacGibbon said Hai did not access radars or other systems linked to aircraft operations and the travelling public was not put at risk.
Perth Airport detected the breach and passed the information on to the Federal Government’s cybersecurity centre in Canberra.
The hack was traced to Vietnam and the Australian Federal Police tipped off counterparts in Vietnam, whose investigation led to Hai’s arrest.
The 31-year-old was convicted in a Vietnamese military court last week and sentenced to four years jail.
As well as hacking Perth Airport, Hai was found to have attacked infrastructure and websites in Vietnam, including those of banks, telecommunications and an online military newspaper.
Perth Airport is thought to have been his only Australian-based target.
Mr MacGibbon described the hack as a “near miss”, saying it could have been a lot worse.
While Hai had accessed sensitive material, he had not stolen the personal details of travellers.
“Was anyone ever at risk? The answer is no,” Mr MacGibbon said.
He praised the quick work of Perth Airport staff in detecting the hack and alerting authorities in Canberra.
Mr MacGibbon said it also showed how the AFP and the Australian Government had developed strong links with Vietnam.
He said there was no indication Hai was working with a larger group and no suggestion he had on-sold the material he stole from Perth Airport.
“This is a sign of the type of work we are going to be doing a lot more of in the future,” Mr MacGibbon said.
He said using details of a third-party contractor to break into critical infrastructure was becoming increasingly common.
Perth Airport chief executive Kevin Brown said it appeared the man had been attempting to steal credit card data.
“We completed a full and thorough risk assessment of the data that had been accessed to ensure there had been no threat to the safety of the travelling public,” he said.
“At no time was the safety or security of the airport, its staff, passengers or partners compromised.”
Mr Brown said the airport was looking at ways to improve security related to contractors’ access to systems.
It was revealed this year that foreign attackers stole sensitive plans about Australia’s Joint Strike Fighter program after breaking into computers of a third-party contractor.
Although the contractor was working on some of the Government’s most sensitive programs, its security protocols were poor.
Mr MacGibbon said the episode underlined the need for big companies to demand contractors use strong security with two-factor identification procedures.
This content was originally published here.