China blamed for 'massive' hack of Australia's weather bureau

An unnamed government official flat-out blamed China for hacking Australia's Bureau of Meteorology in a report that claimed, 'It could take years and cost hundreds of millions of dollars to fix.'

China hacked Australia weather bureau
U.S. Air Force photo by Edward Aspera Jr.

Whoa, Five Eyes, you're slipping again with your almighty surveillance machine, as Australia's Bureau of Meteorology (BoM) was the victim of a "massive" cyberattack.

Whodunit and how?

The Australian Broadcasting Corporation (ABC) first reported BoM being hacked, which was immediately blamed on China. Unsurprisingly, China denied the "groundless accusations." Oh what fun it must be at the global climate talks, as the nations' head honchos must play nice.

Nevertheless, an unnamed government official told ABC News, "It's China." It's unclear if that is the same unnamed source who claimed, "It could take years and cost hundreds of millions of dollars to fix."

One official, Australian Strategic Policy Institute executive director Peter Jennings, went on record to say there is evidence that points at China as being behind the hack. "We certainly know that among the most active intelligence gatherers is Chinese intelligence," Mr. Jennings said. "So what we understand of the Chinese attack on the BoM is entirely consistent with what we know of how Chinese intelligence operates."

"The motivation for the attack on the bureau could be commercial, strategic or both," Jenning claimed. "They're looking for the weakest link and so if you go into an agency, which may have a level of security clearance, but perhaps not as high as central parts of the national security community, maybe there are weaknesses they can exploit which will enable them to then move into other, more highly-valued targets."

The Register did some digging and came up with "one well-placed source" with the claim that a "remote code execution took place at the BoM." Other sources were unwilling to touch the subject even off-the-record.

Eddie Sheehy, chief executive of cybersecurity company Nuix, told The Australian, "Pointing fingers like that could get you in the wrong place because anyone could be using infected Chinese computers to mask their own identity." He added that anyone can purchase attackers-for-hire and the BoM could have potentially been infiltrated years ago.

Why would anyone go after the BoM supercomputer?

Back in March, BoM chief executive Dr. Robert Vertessy told Radio National that the BoM had evolved "from what was once just a straight weather service to what I would call now a more broad-based environmental intelligence agency."

ABC added:

The Bureau is a critical national resource and another state would place a high value on its intellectual property and scientific research. In the event of a conflict, compromising Australia's ability to accurately forecast weather would affect the operation of military and commercial aircraft. Beyond that, the bureau provides a gateway to other agencies.

The BoM released a statement saying it "does not comment on security matters. Like all government agencies, we work closely with the Australian Government security agencies. The Bureau's systems are fully operational and the Bureau continues to provide reliable, on-going access to high quality weather, climate, water and oceans information to its stakeholders."

Years and hundreds of millions to fix?

ZDNet previously reported that each Bureau supercomputer usually has a lifecycle of about six years, as it receives a "mid-life upgrade" to boost running speeds. Then, in October, the Bureau was reportedly in phase one of upgrading to a $77 million Cray XC40 supercomputer; Computerworld noted that the "1660 teraflop supercomputer" will "eventually have its speed boosted to 5 petaflops." The first phase of the project is due to be completed mid-2016, with 2019 earmarked as the completion of the final phase.

Costs could easily pile up during a cybersecurity investigation, but if the project is less than two months old, how could it "could take years and cost hundreds of millions of dollars to fix"?

New! Download the State of Cybercrime 2017 report