{"id":23725,"date":"2015-12-03T15:27:59","date_gmt":"2015-12-03T04:27:59","guid":{"rendered":"http:\/\/www.aspistrategist.ru\/?p=23725"},"modified":"2015-12-03T19:49:43","modified_gmt":"2015-12-03T08:49:43","slug":"the-bom-infiltration","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/the-bom-infiltration\/","title":{"rendered":"The BoM hack: infiltration and attribution"},"content":{"rendered":"<p><a href=\"http:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2015\/12\/5420955825_2b8c2ca36a_z1.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"505\" class=\"aligncenter size-full wp-image-23732\" src=\"http:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2015\/12\/5420955825_2b8c2ca36a_z1.jpg\" alt=\"\" srcset=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2015\/12\/5420955825_2b8c2ca36a_z1.jpg 640w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2015\/12\/5420955825_2b8c2ca36a_z1-205x162.jpg 205w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/><\/a>The Wednesday <a href=\"http:\/\/www.abc.net.au\/news\/2015-12-02\/china-blamed-for-cyber-attack-on-bureau-of-meteorology\/6993278\" target=\"_blank\">hacking of the Bureau of Meteorology (BoM<\/a>) by apparent \u2018Chinese\u2019 actors was another example, if one was needed, of the persistent threat to Australian computer networks, both government and private sector. It\u2019s a stark reminder that Australia needs to continually up its game and shines a firm spotlight on the Government\u2019s Cyber Review and what it will deliver. Cyber incidents aren\u2019t uncommon; in its unclassified threat assessment the Australian Cyber Security Centre stated that it had to respond to 1,131 cyber security incidents involving Australian Government networks and other networks of national importance during 2014, equating to an average of three per day. So in many ways it\u2019s surprising that more incidents of this nature aren\u2019t receiving greater publicity.<\/p>\n<p>We should be circumspect in our attribution of this incident to China. Making a firm attribution case is time consuming and often filled with difficulty in making an absolute judgement. Masking the true origins of a cyber incident is easy\u2014states often use proxies or compromised computers in other jurisdictions to cover their tracks. As such, more detail is required before we can categorically state that China was the source.<\/p>\n<p>A plausible reason for any group to have hacked into the BoM network is an interest in BoM\u2019s customers. BoM provides predictive weather services to a range of Government and private sector clients, and in some cases, will have direct linkages into their networks to deliver their most up to date forecasts and weather data. Those private sector clients include aviation, energy, mining, offshore platforms and marine industries, all of whom would be of interest to a state-based hacker.<\/p>\n<p>This provides an avenue of exploitation for a person or group to access more sensitive networks. That isn\u2019t an uncommon modus operandi\u2014why try to break down complex cyber defences when you can go in via the weakest link? Examples of this stretch back over 10 years: <a href=\"http:\/\/content.time.com\/time\/nation\/article\/0,8599,1098371,00.html\" target=\"_blank\">Titan Rain<\/a>, a US Government codename for a series of attacks on government military systems which took place from 2003-06, is a prime example. Defence contractors were targeted as an easier avenue into Pentagon networks and led to extensive sensitive data extraction.<\/p>\n<p>Another possibility is that whoever hacked into the BoM could be seeking information on Australia\u2019s negotiating position at the Paris climate talks, which would use the data collected and analysed by BoM on Australia and the region\u2019s weather and climate. It\u2019s been observed that cyber espionage activities often increase immediately prior to major international bilateral and multilateral discussions. In a report released earlier this year, cyber security firm FireEye identified a cyber espionage group dubbed <a href=\"https:\/\/www.fireeye.com\/blog\/threat-research\/2015\/04\/apt_30_and_the_mecha.html\" target=\"_blank\">APT30<\/a>, which specifically targeted <a href=\"http:\/\/www.telegraph.co.uk\/technology\/internet-security\/11532477\/China-accused-of-decade-long-cyber-espionage-campaign-in-Asia.html\" target=\"_blank\">Southeast Asian and Indian officials<\/a> holding key political, economic and military information. FireEye believes APT30 is a state backed group from China, and noted that its activity peaked around important regional summits, particularly ASEAN meetings. Similarly, <em>The <a href=\"http:\/\/www.nytimes.com\/2015\/11\/25\/world\/middleeast\/iran-hackers-cyberespionage-state-department-social-media.html\" target=\"_blank\">New York Times<\/a><\/em><a href=\"http:\/\/www.nytimes.com\/2015\/11\/25\/world\/middleeast\/iran-hackers-cyberespionage-state-department-social-media.html\"> recently reported<\/a> on Iranian backed hackers who identified and targeted US State Department officials involved in implementing the nuclear deal with Iran.<\/p>\n<p>While a pre-summit infiltration on a national weather service may seem like a peculiar espionage target, this isn\u2019t the first time that such an institution has been in the cross-hairs. In December last year, the US government\u2019s National Weather Service (NWS) was <a href=\"https:\/\/www.washingtonpost.com\/local\/chinese-hack-us-weather-systems-satellite-network\/2014\/11\/12\/bef1206a-68e9-11e4-b053-65cea7903f2e_story.html?utm_source=Daily+Skimm&amp;utm_campaign=0baafef74b-daily_skimm_west&amp;utm_medium=email&amp;utm_term=0_74efee6205-0baafef74b-25076145\" target=\"_blank\">compromised<\/a> by external attackers. Like our own BoM, the NWS <a href=\"http:\/\/www.nws.noaa.gov\/tg\/\" target=\"_blank\">provides<\/a> climate, water, and weather data, and forecasts and warnings to the public and several government and non-government customers. More interestingly, the infiltration took place three months before the UN\u2019s massive <a href=\"http:\/\/www.bbc.com\/news\/science-environment-30468048\" target=\"_blank\">Lima Climate talks<\/a>. The summit saw 194 country delegations descend on the Peruvian capital to thrash out an agreement on climate change, and was one of the largest negotiations of its type.<\/p>\n<p>Four months before the US NWS compromise, alarm bells were ringing in New Zealand when someone tried to <a href=\"http:\/\/www.stuff.co.nz\/technology\/60075949\/niwa-supercomputer-hacked\" target=\"_blank\">infiltrate<\/a> a supercomputer based at the National Institute for Water and Atmospheric Research in Wellington. The computer, worth $12.7m, dubbed FitzRoy, is one of the most sophisticated computers in the world dedicated solely to environmental research and forecasting. New Zealand\u2019s National Cyber Security Centre was called in by Prime Minister John Key to discover what the attackers were after, but were unable to find a <a href=\"http:\/\/www.stuff.co.nz\/technology\/60078243\/pm-asks-for-briefing-on-niwa-hacking\" target=\"_blank\">logical explanation<\/a>.<\/p>\n<p>It could be the case that Australia has fallen victim to a group with similar intentions in the lead up to the Paris talks with the aim of collecting as much information possible on Australia\u2019s negotiating position, and its basis in climate data, to influence the outcome of the talks. However it would be expected that other countries around the world would be similarly targeted, and if this is the case, it hasn\u2019t been widely reported.<\/p>\n<p>Regardless of who the perpetrator is behind the BoM infiltration, it\u2019s easy to logically deduce several reasons why such an organisation presents an appealing infiltration target. Hopefully this serves as a wake up call for all government agencies, regardless of the size or classification level of their work, that their information and networks are valuable to foreign actors, and as such, they should do their upmost to protect them.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Wednesday hacking of the Bureau of Meteorology (BoM) by apparent \u2018Chinese\u2019 actors was another example, if one was needed, of the persistent threat to Australian computer networks, both government and private sector. It\u2019s a &#8230;<\/p>\n","protected":false},"author":49,"featured_media":23749,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[1528,391,169,728],"class_list":["post-23725","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-cop21","tag-cyber","tag-cyber-crime","tag-hacking"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>The BoM hack: infiltration and attribution | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/the-bom-infiltration\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The BoM hack: infiltration and attribution | The Strategist\" \/>\n<meta property=\"og:description\" content=\"The Wednesday hacking of the Bureau of Meteorology (BoM) by apparent \u2018Chinese\u2019 actors was another example, if one was needed, of the persistent threat to Australian computer networks, both government and private sector. It\u2019s a ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/the-bom-infiltration\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2015-12-03T04:27:59+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2015-12-03T08:49:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2015\/12\/Screen-Shot-2015-12-03-at-7.28.12-PM.png\" \/>\n\t<meta property=\"og:image:width\" content=\"515\" \/>\n\t<meta property=\"og:image:height\" content=\"411\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Tobias Feakin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tobias Feakin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI&#039;s analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/the-bom-infiltration\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2015\/12\/Screen-Shot-2015-12-03-at-7.28.12-PM.png\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2015\/12\/Screen-Shot-2015-12-03-at-7.28.12-PM.png\",\"width\":515,\"height\":411},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/the-bom-infiltration\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/the-bom-infiltration\/\",\"name\":\"The BoM hack: infiltration and attribution | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/the-bom-infiltration\/#primaryimage\"},\"datePublished\":\"2015-12-03T04:27:59+00:00\",\"dateModified\":\"2015-12-03T08:49:43+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/84f461839f3f37e79509040ae4eeedcd\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/the-bom-infiltration\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/the-bom-infiltration\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/the-bom-infiltration\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The BoM hack: infiltration and attribution\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/84f461839f3f37e79509040ae4eeedcd\",\"name\":\"Tobias Feakin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a8346dd3562a4d00483b16ff7e8b8df6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a8346dd3562a4d00483b16ff7e8b8df6?s=96&d=mm&r=g\",\"caption\":\"Tobias Feakin\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/tobias-feakin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The BoM hack: infiltration and attribution | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/the-bom-infiltration\/","og_locale":"en_US","og_type":"article","og_title":"The BoM hack: infiltration and attribution | The Strategist","og_description":"The Wednesday hacking of the Bureau of Meteorology (BoM) by apparent \u2018Chinese\u2019 actors was another example, if one was needed, of the persistent threat to Australian computer networks, both government and private sector. It\u2019s a ...","og_url":"https:\/\/www.aspistrategist.ru\/the-bom-infiltration\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2015-12-03T04:27:59+00:00","article_modified_time":"2015-12-03T08:49:43+00:00","og_image":[{"width":515,"height":411,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2015\/12\/Screen-Shot-2015-12-03-at-7.28.12-PM.png","type":"image\/png"}],"author":"Tobias Feakin","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Tobias Feakin","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI&#039;s analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/the-bom-infiltration\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2015\/12\/Screen-Shot-2015-12-03-at-7.28.12-PM.png","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2015\/12\/Screen-Shot-2015-12-03-at-7.28.12-PM.png","width":515,"height":411},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/the-bom-infiltration\/","url":"https:\/\/www.aspistrategist.ru\/the-bom-infiltration\/","name":"The BoM hack: infiltration and attribution | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/the-bom-infiltration\/#primaryimage"},"datePublished":"2015-12-03T04:27:59+00:00","dateModified":"2015-12-03T08:49:43+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/84f461839f3f37e79509040ae4eeedcd"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/the-bom-infiltration\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/the-bom-infiltration\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/the-bom-infiltration\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"The BoM hack: infiltration and attribution"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/84f461839f3f37e79509040ae4eeedcd","name":"Tobias Feakin","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/a8346dd3562a4d00483b16ff7e8b8df6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a8346dd3562a4d00483b16ff7e8b8df6?s=96&d=mm&r=g","caption":"Tobias Feakin"},"url":"https:\/\/www.aspistrategist.ru\/author\/tobias-feakin\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/23725"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/49"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=23725"}],"version-history":[{"count":7,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/23725\/revisions"}],"predecessor-version":[{"id":23735,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/23725\/revisions\/23735"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/23749"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=23725"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=23725"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=23725"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}