Guest essay by Eric Worrall
News in Australia this week, the Chinese government has been accused of hacking the computers of Australia’s Bureau of Meteorology, with claims that the source of the hack has been tracked to a Chinese Army building in Shanghai. The Chinese government has strongly denied responsibility for the cyber attack.
According to the Australian ABC;
China is being blamed for a major cyber attack on the computers at the Bureau of Meteorology, which has compromised sensitive systems across the Federal Government.
ABC told there is little doubt the “massive” breach came from China Motivation for attack could be commercial, strategic or both
Bureau provides critical information to a host of agencies, including link to Defence Department Could “take years and cost hundreds of millions of dollars to fix”
Multiple official sources have confirmed the recent attack, and the ABC has been told it will cost millions of dollars to plug the security breach, as other agencies have also been affected.
The bureau owns one of Australia’s largest supercomputers and provides critical information to a host of agencies.
Its systems straddle the nation, including one link into the Department of Defence at Russell Offices in Canberra.
Cyber attacks on government agencies are routine and the “adversaries” range from thrill-seeking hackers, through to criminals and foreign states.
But the ABC has been told this is a “massive” breach and one official said there was little doubt where it came from.
Beyond that, the bureau provides a gateway to other agencies.
“They’re looking for the weakest link and so if you go into an agency, which may have a level of security clearance, but perhaps not as high as central parts of the national security community, maybe there are weaknesses they can exploit which will enable them to then move into other, more highly-valued targets,” Mr Jennings said.
Read more: http://www.abc.net.au/news/2015-12-02/china-blamed-for-cyber-attack-on-bureau-of-meteorology/6993278
The fact that the hack has been traced to a Chinese army building doesn’t mean that the people in the building knew anything about the hack. Its common practice amongst hackers to use other computers as catspaws, as proxies for their attacks, as decoys to conceal the true source of the hack. To trace the hack further, Australian authorities would themselves have to attempt to hack the Chinese army, to see exactly what was happening to the computers which launched the attack – which would open a whole new can of worms.
Western governments, such as US federal agencies, have an atrocious track record for protecting systems from cyber infiltrators. There is evidence the Chinese government has major problems managing their computer infrastructure, with widespread disobedience to official policy directives. So it is entirely plausible that the Chinese government are victims of the hackers, rather than the perpetrators.
If the Chinese government were behind the attack, the assumption is that the Chinese government were trying to use the Bureau of Meteorology to attack other linked systems. It is reasonable to suggests the hackers were targeting a different agency – links between associated computer systems are often very insecure, cybersecurity people tend to secure the front door, but often leave the back doors hanging wide open (sometimes because nobody told them the links exist). Leapfrogging from one system into the heart of another system is a well known attack strategy.
But what if the Chinese government, or whoever was behind the hack, actually were just interested in the Australian Bureau of Meteorology? China might want to know what is really happening to global climate. One thing for sure, they would have a difficult time getting straight answers about Australian weather records via legitimate channels. Perhaps they just wanted to see the raw data, and the secret algorithms the BOM uses, to apply their highly questionable homogenisation adjustments.