ACSC Report – Australian Bureau of Meteorology hacked by foreign spies

A report published by the Australian Cyber Security Centre confirmed the Australian Bureau of Meteorology hack was powered by foreign cyber spies.

In December 2015 the Australian Broadcasting Corporation (ABC) revealed that a supercomputer operated by Australialian Bureau of Meteorology (BoM) was hit by a cyber attack. The Bureau of Meteorology is Australia’s national weather, climate, and water agency, it is the analog of the USA’s National Weather Service.

The supercomputer of the Australian Bureau of Meteorology targeted by the hackers is also used to provide weather data to defence agencies, its disclosure could give a significant advantage to a persistent attacker for numerous reasons.

Initial media reports blamed China for the cyber attack, in 2013 Chinese hackers were accused by authorities of stealing the top-secret documents and projects of Australia’s new intelligence agency headquarters.

“China is being blamed for a major cyber attack on the computers at the Bureau of Meteorology, which has compromised sensitive systems across the Federal Government.” states the ABC. “The bureau owns one of Australia’s largest supercomputers and provides critical information to a host of agencies. Its systems straddle the nation, including one link into the Department of Defence at Russell Offices in Canberra.”

The systems at the Bureau of Meteorology elaborate a huge quantity of information and weather data that are provided to various industries, including the military one.

The consequence of a cyber attack on such kind of systems could represent a menace to the homeland security.

Now new information was disclosed by the government’s Australian Cyber Security Centre that Wednesday published a report on the incident. The experts at Australian Cyber Security Centre attributed “the primary compromise to a foreign intelligence service,” they did not provide any information of the culprit.

“We don’t narrow it down to specific countries, and we do that deliberately,” said the minister for cybersecurity, Dan Tehan. “But what we have indicated is that cyber espionage is alive and well,” he told ABC News 24. “We have to make sure that we’re taking all the steps necessary to keep us safe, because the threat is there. The threat is real. Cybersecurity is something that we, as a nation, have to take very seriously.”

The report confirms the presence of a malware in the system of the Australian Bureau of Meteorology. The national cyber security agency, Australian Signals Directorate (ASD), detected a Remote Access Tool (RAT) malware “popular with state-sponsored cyber adversaries,” and confirmed that the same malicious code was used to compromise other Australian government networks in the past.

“ASD identified evidence of the adversary searching for and copying an unknown quantity of documents from the Bureau’s network. This information is likely to have been stolen by the adversary.” reads the report.

Another interesting aspect of the report is the opinion of the experts of the terrorist cyber threat, they explained that cyber capabilities of terrorists remain rudimentary.

“Apart from demonstrating a savvy understanding of social media and exploiting the internet for propaganda purposes, terrorist cyber capabilities generally remain rudimentary and show few signs of improving significantly in the near future,” states the report.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Australian Bureau of Meteorology, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]