Chinese Govt accused of hacking Australian Bureau of Meteorology

Computer circuit board and cd rom

Guest essay by Eric Worrall

News in Australia this week, the Chinese government has been accused of hacking the computers of Australia’s Bureau of Meteorology, with claims that the source of the hack has been tracked to a Chinese Army building in Shanghai. The Chinese government has strongly denied responsibility for the cyber attack.

According to the Australian ABC;

China is being blamed for a major cyber attack on the computers at the Bureau of Meteorology, which has compromised sensitive systems across the Federal Government.

Key points:

ABC told there is little doubt the “massive” breach came from China Motivation for attack could be commercial, strategic or both

Bureau provides critical information to a host of agencies, including link to Defence Department Could “take years and cost hundreds of millions of dollars to fix”

Multiple official sources have confirmed the recent attack, and the ABC has been told it will cost millions of dollars to plug the security breach, as other agencies have also been affected.

The bureau owns one of Australia’s largest supercomputers and provides critical information to a host of agencies.

Its systems straddle the nation, including one link into the Department of Defence at Russell Offices in Canberra.

Cyber attacks on government agencies are routine and the “adversaries” range from thrill-seeking hackers, through to criminals and foreign states.

But the ABC has been told this is a “massive” breach and one official said there was little doubt where it came from.

Beyond that, the bureau provides a gateway to other agencies.

“They’re looking for the weakest link and so if you go into an agency, which may have a level of security clearance, but perhaps not as high as central parts of the national security community, maybe there are weaknesses they can exploit which will enable them to then move into other, more highly-valued targets,” Mr Jennings said.

Read more: http://www.abc.net.au/news/2015-12-02/china-blamed-for-cyber-attack-on-bureau-of-meteorology/6993278

The fact that the hack has been traced to a Chinese army building doesn’t mean that the people in the building knew anything about the hack. Its common practice amongst hackers to use other computers as catspaws, as proxies for their attacks, as decoys to conceal the true source of the hack. To trace the hack further, Australian authorities would themselves have to attempt to hack the Chinese army, to see exactly what was happening to the computers which launched the attack – which would open a whole new can of worms.

Western governments, such as US federal agencies, have an atrocious track record for protecting systems from cyber infiltrators. There is evidence the Chinese government has major problems managing their computer infrastructure, with widespread disobedience to official policy directives. So it is entirely plausible that the Chinese government are victims of the hackers, rather than the perpetrators.

If the Chinese government were behind the attack, the assumption is that the Chinese government were trying to use the Bureau of Meteorology to attack other linked systems. It is reasonable to suggests the hackers were targeting a different agency – links between associated computer systems are often very insecure, cybersecurity people tend to secure the front door, but often leave the back doors hanging wide open (sometimes because nobody told them the links exist). Leapfrogging from one system into the heart of another system is a well known attack strategy.

But what if the Chinese government, or whoever was behind the hack, actually were just interested in the Australian Bureau of Meteorology? China might want to know what is really happening to global climate. One thing for sure, they would have a difficult time getting straight answers about Australian weather records via legitimate channels. Perhaps they just wanted to see the raw data, and the secret algorithms the BOM uses, to apply their highly questionable homogenisation adjustments.

0 0 votes
Article Rating
63 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
December 3, 2015 6:55 pm

When can we read their emails?

Paul Westhaver
December 3, 2015 6:55 pm

“were just interested in the Australian Bureau of Meteorology?”
I really can’t think of a more boring server to hack. Maybe online insurance actuary tables?
The Chinese must have a lot of people with nothing but time to kill.

MarkW
Reply to  Paul Westhaver
December 4, 2015 9:00 am

You could make a lot of money by getting hold of an insurance companies actuary tables.

Erny72
Reply to  Paul Westhaver
December 5, 2015 4:12 pm

Hit the nail on the head there Paul.
Who in their right mind gives a flying frack about the BoM’s massaged data?
Maybe it’s tempting for some to dream that the Chinese Gumment is trying for a down under version of climategate, but I don’t believe for a moment that they’re that obsessed with incompetantly fiddled temperature data. Indeed, just open the BBC website and see how even the keepers of the faith don’t appear to give a rat’s fat asymptote about the Paris hot-air fest and you can see the world has collectively lost interest in gullible warming.
Once Barry Kabana gets shanghaied out of the white house, we’ll be well into the end game of this pointless misdirection and can start concerning our collective selves with real issues facing our electorates.

December 3, 2015 7:00 pm

Oh that’s just funny.
If true, hilarious.
If a complete fabrication, hilarious.
It a total accident, hilarious.
If on purpose, hilarious squared.
If….almost any scenario by which it did or didn’t happen…can’t breath…sides hurt….may pass out….

Peterg
December 3, 2015 7:01 pm

I would like to get my hands on some of their data products for better gliding weather predictions. But at $2000 per annum, a bit beyond my hobbyist inclinations.
You never know, might have better info than that available in China.

John Robertson
December 3, 2015 7:03 pm

Wow.
That is almost as original as the CRU lameness.
“We accidentally lost the data,blah blah blah…”
BOM,”The Chinese hacked us, all is lost.And what ever you find corrupted, must have been the chinese”

ozspeaksup
Reply to  John Robertson
December 4, 2015 4:16 am

have to admit my response on hearing it was similar to Davidmhoffer and johnrobinson
dog ate my homework..coverup for data removals or fudges
china?
I dont think so really
I do think it may have been one of our frenemies, stirring trouble.

goreisapsychoticmalcontent
Reply to  ozspeaksup
December 5, 2015 2:06 pm

Perhaps even more sinister – “Oooh, we can’t allow access to data any more ’cause we need to secure the systems. Data now only available to official government agencies and certain select clients.”

December 3, 2015 7:05 pm

The Chinese just cast a very wide net with password guessing attacks (I see these all the time in my logs). Whether you are hacked depends on how strong your login authentication is.

simple-touriste
Reply to  co2isnotevil
December 3, 2015 8:25 pm

So no ssh private key auth for REMOTE login on GOVERNMENT computers?

Reply to  simple-touriste
December 3, 2015 8:38 pm

The US government is still running obsolete versions of windows (even DOS!) in many places. The US government IT operations for securing employee access to data are remarkable primitive compared to best practices used at places like Google or Facebook.

Owen in GA
Reply to  simple-touriste
December 4, 2015 5:44 am

co2isnotevil,
Especially in some of the labs. When Microsoft changed all the driver schemas between various releases of Windows, many pieces of critical one-off lab equipment suddenly became unsupported. I had one lab that had computers running three flavors of Unix and everything from DOS to Windows XP (it has been 10 years so they probably have added Windows 7, 8 and 10 now). The equipment manufacturers didn’t have anyone on staff from the original project to update the drivers either as the equipment was of the one-off contract type of thing. I seem to remember a plan to secure the lab that included placing the old equipment on a dedicated ring with the ring controller as a modern operating system acting as the gateway to the rest of the network. Very complicated topology and probably still hackable, but maybe hard enough to make it not worth someone’s time.

DD More
Reply to  simple-touriste
December 4, 2015 10:06 am

notEvil & Owen, what do you expect from a buyer who paid $2.1 billion for a webpage enrollment system, so far, . Did Obamacare say for just a few dollars more they may be able to get it to work too?

Patrick MJD
December 3, 2015 7:09 pm

The ABC have nothing better to do…the BoM hacked? LMAO.. And Nick will be along 3, 2, 1…tell us why!

Reply to  Patrick MJD
December 3, 2015 7:43 pm

“And Nick will be along 3, 2, 1…tell us why!”
Well, OK, though it may be some hours before you can read it. The key phrase is:
“The bureau owns one of Australia’s largest supercomputers and provides critical information to a host of agencies.”
That information is not just meteorology. Lots of other government computing is done on their system.

Reply to  Nick Stokes
December 3, 2015 8:16 pm

That information is not just meteorology. Lots of other government computing is done on their system.
Such as?
http://www.bom.gov.au/inside/eiab/reports/ar14-15/doc/2.4-information-system-and-services.pdf
Doesn’t list any computing services being provided to other government entities other than making data available. Do you know something they aren’t making public?

Patrick MJD
Reply to  Nick Stokes
December 3, 2015 9:57 pm

I can tell you none of “ServiceFirst” (That includes pretty much all of the New South Wales Govvn’t services like “Fair Trading” and the like) computing is done on this computer. LOL! Nick, you are always good for a laugh!

Reply to  Nick Stokes
December 3, 2015 10:12 pm

Well, Nick might be correct after all.
The main page:
http://www.bom.gov.au/?ref=hdr
Has a link to “Defense Services” which goes to a password protected site.
Now normally one doesn’t put a link to one’s “Defense Services” on a public site, password protected or not. Could be a honey pot I suppose. But certainly would get the attention of hackers.

Michael
December 3, 2015 7:32 pm

The Chinese apparently wanted inaccurate information. The Australian military encourage them so they get this parasite out of their systems. Its absurd to say that the Chinese military didn’t know about it- they are the high tech government hackers in the world.

RockyRoad
Reply to  Michael
December 3, 2015 7:57 pm

…they’ve had more practice than anybody else.

Peter Miller
Reply to  Michael
December 4, 2015 10:19 am

You’ve got it all wrong, the Chinese were so impressed with the BOM’s data manipulation techniques that they felt they had to have it themselves.
So now the Chinese know exactly how the BOM manipulates its climate datasets, but we still don’t.

Paul Bamford
December 3, 2015 7:44 pm

Six months ago the BOM spent $77 Million of taxpayers money to buy Australia’s largest computer (1.6 peta-flops) and they are now saying this one’s wrecked, can we have a new one please.. They need a sign on the front of it saying “Move along Please, Nothing to see Here”!

Marcus
December 3, 2015 7:45 pm

3,2,1….All the hard drives crashed because of the Chinese hackers so we can’t show anyone all the manipulated data you are requesting !!!!

Marcus
Reply to  Marcus
December 3, 2015 7:47 pm

. . And of course all Emails have ” accidentally ” been deleted ……oops, sorry !!!

simple-touriste
Reply to  Marcus
December 3, 2015 8:02 pm

Worse, the hackers have run their own “homogenization”.

Leonard Lane
Reply to  Marcus
December 3, 2015 10:46 pm

Marcus I think you hit the nail on the head.

RockyRoad
December 3, 2015 7:56 pm

So the Chinese deny responsibility?? Well, that also makes them liars.

simple-touriste
December 3, 2015 7:58 pm

Probably a false flag to launch a war on climate (science).
/s

Marcus
December 3, 2015 8:00 pm
FJ Shepherd
December 3, 2015 8:09 pm

BOM has a reputation to make cooling temperature trends warmer. Perhaps they want to find out how the Australians do it.

philincalifornia
December 3, 2015 8:15 pm

Don’t worry if the data’s gone. Just make some more sh!t up to replace it. They can probably sneak in a .1 or .2 degree rise.

December 3, 2015 8:55 pm

The Chinese must be cheesed off at the outlandish high $ quotes the BOM gives to people like them and me wanting to access data.

Alex
December 3, 2015 8:57 pm

https://en.wikipedia.org/wiki/IP_address_spoofing.
Why in hell would the Chinese be interested in Australian secrets?(giggle). Australia’s military are so large and scary. Australia is a ‘major player’ in world politics. Turncoat will you tell you that.
Somebody in China was probably looking for vifeos of cats afraid of cucumbers and accidentally got BOM

Alex
Reply to  Alex
December 3, 2015 8:58 pm

videos

Dawtgtomis
December 3, 2015 9:11 pm

Can anybody fill me in on any remaining entities that the Chinese govt hasn’t been accused of hacking?

Alex
Reply to  Dawtgtomis
December 3, 2015 9:12 pm

the penguins in the Antarctic

simple-touriste
Reply to  Dawtgtomis
December 3, 2015 9:18 pm

North Korea not China officially “pirated” a movie and put it online in order to suppress it (what?).

Alex
Reply to  simple-touriste
December 3, 2015 9:22 pm

you are an idiot if you don’t understand that

Alex
Reply to  simple-touriste
December 3, 2015 9:23 pm

The north koreans are masters at chess. They think one move ahead

Lewis P Buckingham
Reply to  Dawtgtomis
December 3, 2015 10:14 pm

Pizza Hut.

Alex
December 3, 2015 9:32 pm

Unfortunately Australia announces with glee that they are worth hacking. Pathetic.

Mike McMillan
Reply to  Alex
December 4, 2015 12:47 am

That’s about on a par with some local folks here who robbed a Family Dollar store.

Dawtgtomis
Reply to  Mike McMillan
December 4, 2015 9:08 am

Jeez, do we live close, or is that trending?

schitzree
Reply to  Mike McMillan
December 4, 2015 9:32 pm

Happened to several Family Dollar stores in my area recently. From what I’ve heard it’s some kind of nation wide thing. Don’t ask me why Family Dollars. ^¿^

tango
December 3, 2015 9:44 pm

all they will find is a dogs breakfast I would like to be a fly on the wall to watch the hackers scratching all there hair out

December 3, 2015 9:51 pm

I can only hope that while the Chinese were in there rootling about in the Australian BOM network that they took the opportunity to permanently delete the fraudulent “corrections” that the Australian BOM has made to the authentic record of temperature in Australia.

Lewis P Buckingham
December 3, 2015 10:39 pm

The password for defence services must be soft, it has not changed for 6 years seven months.
‘Australian Government – Bureau of Meteorology
Skip navigation Home | About Us | Contacts | Requests | Help | Feedback | Site Map
Defence Meteorological Services
Warnings
Charts |
Satellite |
Radar |
Exercises
Operations |
Planning |
Regional |
Navy |
Army |
Air Force |
Please Note: The password for this site will change on 25 May 2009. Please contact 02 6262 7316 or dmsu@bom.gov.au for new details.’
Its unlikely the Chinese were after this.
This attack could be part of the usual process by the Chinese Government whereby small pieces of information are collected from thousands of sources by many individuals.
These are then processed to determine the strengths and weaknesses of potential adversaries and trading partners or rivals.
They could, through their hack, get hold of all email correspondence, giving the humour and tenor
of climate discussions behind the scenes.
Areas of interest would be effectiveness of early warning, response by the military in time and quality to instructions, independent of their origin. Quality of oversight of key competencies. Reliability of such reportage and cost effectiveness of purchasing it.
It would be interesting to see what their underlying business plan projections are for wheat,beef and dairy in Australia, coupled with price of land and returns.
It would appear that the continent is warming, but rainfall in the top end is increasing.
This El Nino has confounded expert opinion as to the likelihood so far of drought.
This would be part of the intelligence process to learn from the mistakes of the forecasters in Australia by studying their methodology from within.

Leonard Lane
Reply to  Lewis P Buckingham
December 3, 2015 10:51 pm

Or maybe the Chinese were looking for government & private coal strategies and data so they could get a better deal on coal imports.

Alex
Reply to  Lewis P Buckingham
December 3, 2015 11:03 pm

Sounds like our friends the americans who would be happy to bring any government down if it suits their purpose. The chinese are babes in the woods compared to our best friend and ally THE USA.
Pine Gap. The sphincter of Australia. The US does the penetration and we provide the lubricant. By American standards that is an equal partnership. Long live the USA.

ozspeaksup
Reply to  Alex
December 4, 2015 4:35 am

uh huh..agreement by me on that 😉

Charles Nelson
December 3, 2015 11:58 pm

This sounds very much like a ” load of old bollocks ” to me.
Where do these stories come from?

Martin A
December 4, 2015 12:14 am

“take years and cost hundreds of millions of dollars to fix”
S.L.B.T.M.
Don’t they have a backup process in place?

Reply to  Martin A
December 4, 2015 5:02 pm

Am I missing something? The systems are said to be “fully operational”. So while data may have been copied, I haven’t heard that any information was lost. The money would be needed for hardening, and for searching for malware that might have been installed. Some of their systems are supposed to be available all the time, making it difficult to shut them down. The BoM most likely didn’t think they’d be a target, so probably spent the minimum on protecting themselves.

Oldseadog
December 4, 2015 12:46 am

Maybe they just wanted to see if they could do it.
If they could get into BOM then where would they try next?
Or maybe they just wanted everyone to know that in fact they can probably look at anything they want.

rtj1211
December 4, 2015 12:49 am

Well, as the CIA/NSA hacks all over the world, I’m sure they’ll hack some meteorology bureaux, if they think there’s actually anything worth hacking there.
The western media always make out that it’s the big bad enemy who do all the spying.
Truth? We do 95% of it…….

keeffromlondon
December 4, 2015 12:57 am

For those of you interested in how an attack like the one reported works, there was a very interesting report published by Mandiant in 2013. Mandiant are now part of Fireeye, and an IT Security specialist. Mandiant dubbed the attack APT1 (Advanced Persistent Threat 1). The report details the attack and has a good overview of the Chinese Army’s cyber capabilities, including its sheer scale. See http://intelreport.mandiant.com/ where the report can be downloaded.
Cleaning up after an APT-style intrusion is difficult and expensive. Simply restoring from last back up won’t work; you would have to go back to before the attack started (weeks; months, years of data loss?).

Steve B
December 4, 2015 2:25 am

Who the hell would want to hack the BOM computers? There is nothing of interest there. I reckon it is an excuse for getting caught changing raw data.

ozspeaksup
December 4, 2015 4:37 am

so we spent 77 mil and the suplier the software dudes etc..and the govt person approving it
NONE of whom installed security enough?
heads SHOULD roll and someone be paying for it.
NOT the bloody taxpayers again
next week govvy auctions ad
PC going cheap..best offer over 50$

G. Karst
December 4, 2015 9:29 am

Let’s hope they release the data and E-mails concerning adjustments. The Chinese prefer a hack over FOI requests. Hacking results do not pass through filters. Another climategate type disclosure could really kill this climate religion. GK

December 4, 2015 11:06 am

Thanks, Eric Worrall. Perhaps China wants to see the raw data?

tadchem
December 4, 2015 11:07 am

Hacker’s, regardless of their origin, sneak into computer systems for only two reasons: to take something away or to leave something behind. Given that the ABM system is primarily used for playing weather-related video games, the most marketable asset it would hold would be users’ personal data, including whatever is embedded in their emails.
I can’t imagine that Anonymous would care to tweak (and likely improve) their modelling software, and their databases have been pre-tweaked to the point of near-uselessness anyway..

December 5, 2015 1:58 am

There is no truth in the rumour that due to budget constraints the BOM has taken over the Defence Dept. Our military will of course retain the usual sections- infantry, armour, transport, catering, and of course, Intelligence- which, with the combined resources of BOM and Defence, will still be the smallest such unit in the world. 🙂

%d bloggers like this: