Australian weather hack sparks storm in a China teacup

Chinese rumoured to be behind massive hack attack on Australian weather agency but China denies any involvement.

Tea cup: eye of the storm of just hot air?
Tea cup: eye of the storm of just hot air?

According to a report by the Australia Broadcasting Corporation (ABC), the national Bureau of Meteorology (BoM) has been hacked following what is being described as a "massive attack".

The BoM owns one of the biggest supercomputers in Australia, and ABC reckons "multiple official sources" are saying the targeted attack was Chinese in origin. At the same time, official sources have yet to confirm or deny that the hack actually happened, what was specifically targeted and what, if any, data was compromised as a result. Instead, the BoM is simply stating that it does not comment on matters of security.

Meanwhile, the BBC reports that a Chinese Foreign Ministry spokeswoman, Hua Chunying, has denied any involvement. China "firmly opposes and cracks down on all forms of cyber-attacks" she said, adding that "groundless accusations and speculation are not constructive".

Nonetheless if, as ABC is reporting, "other agencies have also been affected" then this could prove to be embarrassing to both the Australian and Chinese governments alike. The Chinese have, after all, just signed an accord with the United States regarding cyber attacks and this could be seen as simply business as usual away from US boundaries.

It could also be seen, however, as espionage rather than cyber-crime: meteorological data plays a vital role when it comes to military actions. Indeed, SCMagazineUK.com understands that the BoM supercomputer has a direct link to the Department of Defence in Canberra. So while the attack motivation could be commercial, if it was state-sponsored and initiated by China then it could also be strategic.

It could, of course, be both commercial and strategic. Suspected Chinese hacking attacks have something of a history when it comes to going down this double whammy route after all. If, as seems likely, there has been a compromise of some sort at the BoM then one thing is for sure: questions will be asked as to how something that forms part of the Australian critical national infrastructure was found wanting in terms of security defences.

We asked Emily Orton, a director at machine learning security specialists Darktrace why she thought a weather bureau might be targeted by nation state hackers? "There are no rules of what is or isn't targeted," she told us. “If you have data of any value, anywhere, you can rest assured that it will attract hackers, whether it is to make money on the dark web, or if it is a part of a strategically-orchestrated attack by a nation state."

Hacking a weather bureau may seem unconventional but like power stations and water treatment plants, weather stations can also be considered part of critical national infrastructure, Orton said. "Having accurate weather forecast affects the planning of military operations, flight routes of commercial aircraft and shipping schedules," she pointed out.

But what value would there be in exfiltrating that data? Robert Arandjelovic, director of security strategy at Blue Coat admits the value of access to weather data may have limited perceived strategic value, but adds, "There could be value in the resources that were compromised, such as access to the Bureau's analytics capabilities or heavy support for brute-force data decryption."

Then there's the weather forecasting data itself, which might be re-purposed for other uses to gain a political or commercial advantage. "Weather statistics are already heavily used in politics, especially when relating it to global warming," Arandjelovic told SCMagazineUK.com, adding, "Therefore altering data and having this at the base of new official reports could potentially have an effect on political decisions, such as results of elections, which could dramatically change the political landscape in areas where the environmental movement is important."

Gavin Reid, VP of threat intelligence at Lancope, agrees that weather centres such as the BoM are very much on the attack radar and should be considered part of our critical national infrastructure. "With the cost of doing collection, analysis and forecasting" he told us "weather is a very useable commodity." And, as Guidance Software's UK General Manager Nick Pollard says "any agency with any relationship to federal and especially defence operations must be considered critical infrastructure. This certainly underscores the importance of evaluating the security of every touchpoint in an entire digital ecosystem."

Stephen Coty, the chief security evangelist at Alert Logic, was a lot more specific when SC asked him why a nation state might be interested in hacking weather data. "With China in the process of building islands out of sand and ocean," he told us, "everyone is looking for alternative sources of energy. There might be some interesting information that might assist in those plans."

Coty went on to gesture in the direction of projects that the Meteorology Bureau is working on such as the Community Atmosphere Biosphere Land Exchange model (CABLE) used to calculate the fluxes of momentum, energy, water and carbon between the land surface and the atmosphere and the Wave Energy Atlas project that is developing an online national wave energy atlas to allow users to better assess the feasibility of wave power projects.

Werner Thalmeier, who heads up security at Radware for EMEA, doesn't think we should get ahead of ourselves just yet. This incident could be nothing but a storm in a China teacup after all. "Can you say there is a trend yet?" Thalmeier pondered, "probably not."

However, you do have to consider that last winter the US was targeted in a similar way and this, says Thalmeier, "will no doubt prompt governments to consider the inclusion of weather in the critical infrastructure framework for national security and citizen safety, and in particular the provision of appropriate security mitigation measures."

Coty agrees, adding that another target will be government research facilities located on university campuses around the world. "Universities are some of the most vulnerable environments," Coty says. "Now I think the organisation needs to maintain their security and infrastructure as they, in some cases, do a better job than the government."

One thing is for sure, as Darren Anstee, chief security technologist at Arbor Networks concludes: "This attack again raises questions around which assets need the highest levels of protection and monitoring, given potential interdependencies and shared data. Our adversaries our smart, they are good at hiding what they are doing and we need tools that allow our security resources to most effectively use their capabilities to counter these opponents..."