CyberCrimeSecuritySecurity Management

‘Foreign Intelligence Service’ Hacked Aussie Weather Computer

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Google + Linkedin Subscribe to our newsletter Write a comment

Official report blames ‘foreign intelligence service’ for hack on Aussie weather supercomputer

A hack on the Australian Bureau of Meteorology was carried out by a ‘foreign intelligence service’, according to an official report on the matter.

The Australian Bureau of Meteorology (BoM) was reportedly hacked last year, and it has one of the largest supercomputers down under, providing valuable scientific research.

Spy Hack

This research can include weather and water supply information, and other climate related data. Consequently the BoM works closely with the Australian military as well as commercial airlines and shipping firms.

According to an official report from the Australian Cyber Security Centre (ACSC ), its researchers had uncovered the presence of “Remote Access Tool (RAT) malware popular with state-sponsored cyber adversaries”, after it detected “suspicious activity” on two computers belonging to BoM.

“The RAT had also been used to compromise other Australian government networks,” said the report, which also found evidence of the attacker searching for and copying an unknown quantity of documents from the Bureau’s network.”

“ASD recovered a password dumping utility used by the adversary and identified the malicious use of at least one legitimate domain administrator account,” said the report. “ASD identified at least six further hosts on the Bureau’s network that the adversary attempted to access, including domain controllers and file servers. The presence of password dumping utilities and complete access by the adversary to domain controllers suggested all passwords on the Bureau’s network were already compromised at the time of the investigation.”

hacking with a laptop in hotel roomIt also found evidence of the use of network scanning and time stamp modification tools, which helped the attacker hide his tools on hosts.

The sophistication of the attack led the report to conclude foreign spies were behind the attack, but it did not name any country in particular.

“In this instance, the ACSC attributed the primary compromise to a foreign intelligence service, however, security controls in place were insufficient to protect the network from more common threats associated with cybercrime,” it noted. “CryptoLocker ransomware found on the network represented the most significant threat to the Bureau’s data retention and continuity of operations.”

“The ACSC continues to work with the Bureau of Meteorology to implement a number of further, specific recommendations to mitigate future compromise,” it added.

Repercussions Needed

The report, which examines the overall state of Australian cyber defences, also warned that there needed to be penalties for countries found guilty of hacking.

“The absence of effective repercussions following past cyber attacks internationally will embolden some states to continue developing and using cyber capabilities as a coercive tool,” the report stated. “A continued lack of international consensus on proportionate and appropriate responses to offensive cyber activity makes the threshold for response ambiguous, raising the risks of miscalculation.”

Australian institutions have been hacked before, with fingers of blame often pointed at China. Last year the top intelligence official in the US named China as the “leading suspect” in cyber attacks on American Government personnel databases.

The Australian government has also banned Chinese firms such as Huawei from supplying networking equipment for national infrastructure.

Huawei offered to open up its source code and equipment for inspection by Australian authorities in an attempt to show it had no hidden code.

Are you a security pro? Try our quiz!