Incident Response, TDR

Hacker arrested in Greece for stealing, selling weapons data

Authorities have arrested a 58-year-old man in Greece they said hacked into computer systems of France's Dassault Group for more than five years, stole sensitive weapons technology data and sold it to a variety of countries.

Greek officials accused the hacker, a mathematician calling himself “ASTRA,” of stealing secrets from Dassault for several years before his Jan. 25 arrest. They said that the aviation company, which produces both private and military aircraft, including the Rafale and Mirage jet fighters, indicated that ASTRA sold the stolen data via the internet to at least 250 people in Brazil, France, Germany, Italy, South Africa and several unidentified Middle East states.

Authorities did not identify the hacker by name.

Greek officials said Dassault suffered more than $360 million in damages as a result of the thefts. According to reports, the data included specialist software used for making jets and automobiles, which the hacker was offering in batches for $1,000 each.

A police official said the 58-year-old mathematician -- described as an experienced and skilled hacker -- had been wanted since 2002, when Dassault contacted Greek authorities, and was tracked down in an apartment in Athens that he was renting under a false name, according to reports.

Police in the United Kingdom reportedly are searching for an accomplice who allegedly located online buyers for the hacker.

Phil Neray, vice president of marketing at Guardium, told SCMagazineUS.com that, based on the information released so far, it is not clear whether ASTRA worked from within Dassault. Neray said the tendency of weapons producers to share design information with suppliers and sub-contractors makes it likely that the perpetrator was an outsider.

"In the automotive and aviation industries, companies frequently have to share design information with partners -- for example, parts suppliers,” he said. “[These] organizations have to open up their data sources to external access, so they open a hole in their firewalls to let partners have access to design data. That provides an opportunity for hackers to take control of that avenue and get to sensitive data."

Neray also noted that many companies “do not monitor this access pattern, so they have no way of knowing if access was suspicious or unauthorized.”

"That's why this kind of theft could go on for many years, as it appears to have been the case here," he said, adding that the only way to thwart these types of intrusions is "by monitoring and analyzing access to sensitive data on a continual basis and by looking for access patterns that are either suspicious or violations of policy."

Paul Velusamy, vice president of marketing for database security vendor Vaau, had a different take on the data theft.

"It sounds like [the hacker is] an insider," he told SCMagazineUS.com. "He was probably given temporary access to certain resources to work on a project and, when the project was done, those access permissions were never revoked."

Regular monitoring and enforcing of security policies can eliminate such losses, Velusamy added. These policies should include mandating access and identity audits in which managers are required to review and revoke employees' access rights on a regular schedule. More and more companies, particularly those in the financial services, health care and retail markets, are beginning to deploy access control and identity management products, he noted.

However, "we haven't seen defense and government agencies adopt it widely yet," he said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.