Guest essay by Eric Worrall
News in Australia this week, the Chinese government has been accused of hacking the computers of Australia’s Bureau of Meteorology, with claims that the source of the hack has been tracked to a Chinese Army building in Shanghai. The Chinese government has strongly denied responsibility for the cyber attack.
According to the Australian ABC;
China is being blamed for a major cyber attack on the computers at the Bureau of Meteorology, which has compromised sensitive systems across the Federal Government.
Key points:
ABC told there is little doubt the “massive” breach came from China Motivation for attack could be commercial, strategic or both
Bureau provides critical information to a host of agencies, including link to Defence Department Could “take years and cost hundreds of millions of dollars to fix”
Multiple official sources have confirmed the recent attack, and the ABC has been told it will cost millions of dollars to plug the security breach, as other agencies have also been affected.
The bureau owns one of Australia’s largest supercomputers and provides critical information to a host of agencies.
Its systems straddle the nation, including one link into the Department of Defence at Russell Offices in Canberra.
Cyber attacks on government agencies are routine and the “adversaries” range from thrill-seeking hackers, through to criminals and foreign states.
But the ABC has been told this is a “massive” breach and one official said there was little doubt where it came from.
…
Beyond that, the bureau provides a gateway to other agencies.
“They’re looking for the weakest link and so if you go into an agency, which may have a level of security clearance, but perhaps not as high as central parts of the national security community, maybe there are weaknesses they can exploit which will enable them to then move into other, more highly-valued targets,” Mr Jennings said.
Read more: http://www.abc.net.au/news/2015-12-02/china-blamed-for-cyber-attack-on-bureau-of-meteorology/6993278
The fact that the hack has been traced to a Chinese army building doesn’t mean that the people in the building knew anything about the hack. Its common practice amongst hackers to use other computers as catspaws, as proxies for their attacks, as decoys to conceal the true source of the hack. To trace the hack further, Australian authorities would themselves have to attempt to hack the Chinese army, to see exactly what was happening to the computers which launched the attack – which would open a whole new can of worms.
Western governments, such as US federal agencies, have an atrocious track record for protecting systems from cyber infiltrators. There is evidence the Chinese government has major problems managing their computer infrastructure, with widespread disobedience to official policy directives. So it is entirely plausible that the Chinese government are victims of the hackers, rather than the perpetrators.
If the Chinese government were behind the attack, the assumption is that the Chinese government were trying to use the Bureau of Meteorology to attack other linked systems. It is reasonable to suggests the hackers were targeting a different agency – links between associated computer systems are often very insecure, cybersecurity people tend to secure the front door, but often leave the back doors hanging wide open (sometimes because nobody told them the links exist). Leapfrogging from one system into the heart of another system is a well known attack strategy.
But what if the Chinese government, or whoever was behind the hack, actually were just interested in the Australian Bureau of Meteorology? China might want to know what is really happening to global climate. One thing for sure, they would have a difficult time getting straight answers about Australian weather records via legitimate channels. Perhaps they just wanted to see the raw data, and the secret algorithms the BOM uses, to apply their highly questionable homogenisation adjustments.
When can we read their emails?
“were just interested in the Australian Bureau of Meteorology?”
I really can’t think of a more boring server to hack. Maybe online insurance actuary tables?
The Chinese must have a lot of people with nothing but time to kill.
You could make a lot of money by getting hold of an insurance companies actuary tables.
Hit the nail on the head there Paul.
Who in their right mind gives a flying frack about the BoM’s massaged data?
Maybe it’s tempting for some to dream that the Chinese Gumment is trying for a down under version of climategate, but I don’t believe for a moment that they’re that obsessed with incompetantly fiddled temperature data. Indeed, just open the BBC website and see how even the keepers of the faith don’t appear to give a rat’s fat asymptote about the Paris hot-air fest and you can see the world has collectively lost interest in gullible warming.
Once Barry Kabana gets shanghaied out of the white house, we’ll be well into the end game of this pointless misdirection and can start concerning our collective selves with real issues facing our electorates.
Oh that’s just funny.
If true, hilarious.
If a complete fabrication, hilarious.
It a total accident, hilarious.
If on purpose, hilarious squared.
If….almost any scenario by which it did or didn’t happen…can’t breath…sides hurt….may pass out….
I would like to get my hands on some of their data products for better gliding weather predictions. But at $2000 per annum, a bit beyond my hobbyist inclinations.
You never know, might have better info than that available in China.
Wow.
That is almost as original as the CRU lameness.
“We accidentally lost the data,blah blah blah…”
BOM,”The Chinese hacked us, all is lost.And what ever you find corrupted, must have been the chinese”
have to admit my response on hearing it was similar to Davidmhoffer and johnrobinson
dog ate my homework..coverup for data removals or fudges
china?
I dont think so really
I do think it may have been one of our frenemies, stirring trouble.
Perhaps even more sinister – “Oooh, we can’t allow access to data any more ’cause we need to secure the systems. Data now only available to official government agencies and certain select clients.”
The Chinese just cast a very wide net with password guessing attacks (I see these all the time in my logs). Whether you are hacked depends on how strong your login authentication is.
So no ssh private key auth for REMOTE login on GOVERNMENT computers?
The US government is still running obsolete versions of windows (even DOS!) in many places. The US government IT operations for securing employee access to data are remarkable primitive compared to best practices used at places like Google or Facebook.
co2isnotevil,
Especially in some of the labs. When Microsoft changed all the driver schemas between various releases of Windows, many pieces of critical one-off lab equipment suddenly became unsupported. I had one lab that had computers running three flavors of Unix and everything from DOS to Windows XP (it has been 10 years so they probably have added Windows 7, 8 and 10 now). The equipment manufacturers didn’t have anyone on staff from the original project to update the drivers either as the equipment was of the one-off contract type of thing. I seem to remember a plan to secure the lab that included placing the old equipment on a dedicated ring with the ring controller as a modern operating system acting as the gateway to the rest of the network. Very complicated topology and probably still hackable, but maybe hard enough to make it not worth someone’s time.
notEvil & Owen, what do you expect from a buyer who paid $2.1 billion for a webpage enrollment system, so far, . Did Obamacare say for just a few dollars more they may be able to get it to work too?
The ABC have nothing better to do…the BoM hacked? LMAO.. And Nick will be along 3, 2, 1…tell us why!
“And Nick will be along 3, 2, 1…tell us why!”
Well, OK, though it may be some hours before you can read it. The key phrase is:
“The bureau owns one of Australia’s largest supercomputers and provides critical information to a host of agencies.”
That information is not just meteorology. Lots of other government computing is done on their system.
That information is not just meteorology. Lots of other government computing is done on their system.
Such as?
http://www.bom.gov.au/inside/eiab/reports/ar14-15/doc/2.4-information-system-and-services.pdf
Doesn’t list any computing services being provided to other government entities other than making data available. Do you know something they aren’t making public?
I can tell you none of “ServiceFirst” (That includes pretty much all of the New South Wales Govvn’t services like “Fair Trading” and the like) computing is done on this computer. LOL! Nick, you are always good for a laugh!
Well, Nick might be correct after all.
The main page:
http://www.bom.gov.au/?ref=hdr
Has a link to “Defense Services” which goes to a password protected site.
Now normally one doesn’t put a link to one’s “Defense Services” on a public site, password protected or not. Could be a honey pot I suppose. But certainly would get the attention of hackers.
The Chinese apparently wanted inaccurate information. The Australian military encourage them so they get this parasite out of their systems. Its absurd to say that the Chinese military didn’t know about it- they are the high tech government hackers in the world.
…they’ve had more practice than anybody else.
You’ve got it all wrong, the Chinese were so impressed with the BOM’s data manipulation techniques that they felt they had to have it themselves.
So now the Chinese know exactly how the BOM manipulates its climate datasets, but we still don’t.
Six months ago the BOM spent $77 Million of taxpayers money to buy Australia’s largest computer (1.6 peta-flops) and they are now saying this one’s wrecked, can we have a new one please.. They need a sign on the front of it saying “Move along Please, Nothing to see Here”!
3,2,1….All the hard drives crashed because of the Chinese hackers so we can’t show anyone all the manipulated data you are requesting !!!!
. . And of course all Emails have ” accidentally ” been deleted ……oops, sorry !!!
Worse, the hackers have run their own “homogenization”.
Marcus I think you hit the nail on the head.
So the Chinese deny responsibility?? Well, that also makes them liars.
Probably a false flag to launch a war on climate (science).
/s
http://video.foxnews.com/v/4638172410001/selfie-of-the-year-brothers-snap-pic-with-bald-eagle/?intcmp=ob_article_footer_video&intcmp=obnetwork
Unfortunately, 10 minutes later it was chopped up by a ” Green ” wind turbine !!
BOM has a reputation to make cooling temperature trends warmer. Perhaps they want to find out how the Australians do it.
Don’t worry if the data’s gone. Just make some more sh!t up to replace it. They can probably sneak in a .1 or .2 degree rise.
The Chinese must be cheesed off at the outlandish high $ quotes the BOM gives to people like them and me wanting to access data.
https://en.wikipedia.org/wiki/IP_address_spoofing.
Why in hell would the Chinese be interested in Australian secrets?(giggle). Australia’s military are so large and scary. Australia is a ‘major player’ in world politics. Turncoat will you tell you that.
Somebody in China was probably looking for vifeos of cats afraid of cucumbers and accidentally got BOM
videos
Can anybody fill me in on any remaining entities that the Chinese govt hasn’t been accused of hacking?
the penguins in the Antarctic
North Korea not China officially “pirated” a movie and put it online in order to suppress it (what?).
you are an idiot if you don’t understand that
The north koreans are masters at chess. They think one move ahead
Pizza Hut.
Unfortunately Australia announces with glee that they are worth hacking. Pathetic.
That’s about on a par with some local folks here who robbed a Family Dollar store.
Jeez, do we live close, or is that trending?
Happened to several Family Dollar stores in my area recently. From what I’ve heard it’s some kind of nation wide thing. Don’t ask me why Family Dollars. ^¿^
all they will find is a dogs breakfast I would like to be a fly on the wall to watch the hackers scratching all there hair out
I can only hope that while the Chinese were in there rootling about in the Australian BOM network that they took the opportunity to permanently delete the fraudulent “corrections” that the Australian BOM has made to the authentic record of temperature in Australia.
The password for defence services must be soft, it has not changed for 6 years seven months.
‘Australian Government – Bureau of Meteorology
Skip navigation Home | About Us | Contacts | Requests | Help | Feedback | Site Map
Defence Meteorological Services
Warnings
Charts |
Satellite |
Radar |
Exercises
Operations |
Planning |
Regional |
Navy |
Army |
Air Force |
Please Note: The password for this site will change on 25 May 2009. Please contact 02 6262 7316 or dmsu@bom.gov.au for new details.’
Its unlikely the Chinese were after this.
This attack could be part of the usual process by the Chinese Government whereby small pieces of information are collected from thousands of sources by many individuals.
These are then processed to determine the strengths and weaknesses of potential adversaries and trading partners or rivals.
They could, through their hack, get hold of all email correspondence, giving the humour and tenor
of climate discussions behind the scenes.
Areas of interest would be effectiveness of early warning, response by the military in time and quality to instructions, independent of their origin. Quality of oversight of key competencies. Reliability of such reportage and cost effectiveness of purchasing it.
It would be interesting to see what their underlying business plan projections are for wheat,beef and dairy in Australia, coupled with price of land and returns.
It would appear that the continent is warming, but rainfall in the top end is increasing.
This El Nino has confounded expert opinion as to the likelihood so far of drought.
This would be part of the intelligence process to learn from the mistakes of the forecasters in Australia by studying their methodology from within.
Or maybe the Chinese were looking for government & private coal strategies and data so they could get a better deal on coal imports.
Sounds like our friends the americans who would be happy to bring any government down if it suits their purpose. The chinese are babes in the woods compared to our best friend and ally THE USA.
Pine Gap. The sphincter of Australia. The US does the penetration and we provide the lubricant. By American standards that is an equal partnership. Long live the USA.
uh huh..agreement by me on that 😉
This sounds very much like a ” load of old bollocks ” to me.
Where do these stories come from?
“take years and cost hundreds of millions of dollars to fix”
S.L.B.T.M.
Don’t they have a backup process in place?
Am I missing something? The systems are said to be “fully operational”. So while data may have been copied, I haven’t heard that any information was lost. The money would be needed for hardening, and for searching for malware that might have been installed. Some of their systems are supposed to be available all the time, making it difficult to shut them down. The BoM most likely didn’t think they’d be a target, so probably spent the minimum on protecting themselves.
Maybe they just wanted to see if they could do it.
If they could get into BOM then where would they try next?
Or maybe they just wanted everyone to know that in fact they can probably look at anything they want.
Well, as the CIA/NSA hacks all over the world, I’m sure they’ll hack some meteorology bureaux, if they think there’s actually anything worth hacking there.
The western media always make out that it’s the big bad enemy who do all the spying.
Truth? We do 95% of it…….
For those of you interested in how an attack like the one reported works, there was a very interesting report published by Mandiant in 2013. Mandiant are now part of Fireeye, and an IT Security specialist. Mandiant dubbed the attack APT1 (Advanced Persistent Threat 1). The report details the attack and has a good overview of the Chinese Army’s cyber capabilities, including its sheer scale. See http://intelreport.mandiant.com/ where the report can be downloaded.
Cleaning up after an APT-style intrusion is difficult and expensive. Simply restoring from last back up won’t work; you would have to go back to before the attack started (weeks; months, years of data loss?).
Who the hell would want to hack the BOM computers? There is nothing of interest there. I reckon it is an excuse for getting caught changing raw data.
so we spent 77 mil and the suplier the software dudes etc..and the govt person approving it
NONE of whom installed security enough?
heads SHOULD roll and someone be paying for it.
NOT the bloody taxpayers again
next week govvy auctions ad
PC going cheap..best offer over 50$
Let’s hope they release the data and E-mails concerning adjustments. The Chinese prefer a hack over FOI requests. Hacking results do not pass through filters. Another climategate type disclosure could really kill this climate religion. GK
Thanks, Eric Worrall. Perhaps China wants to see the raw data?
Hacker’s, regardless of their origin, sneak into computer systems for only two reasons: to take something away or to leave something behind. Given that the ABM system is primarily used for playing weather-related video games, the most marketable asset it would hold would be users’ personal data, including whatever is embedded in their emails.
I can’t imagine that Anonymous would care to tweak (and likely improve) their modelling software, and their databases have been pre-tweaked to the point of near-uselessness anyway..
There is no truth in the rumour that due to budget constraints the BOM has taken over the Defence Dept. Our military will of course retain the usual sections- infantry, armour, transport, catering, and of course, Intelligence- which, with the combined resources of BOM and Defence, will still be the smallest such unit in the world. 🙂