US Weather System and Satellite Network Hacked

mpicpp writes with this story about Chinese hackers breaching the federal weather network. "Hackers attacked the U.S. weather system in October, causing a disruption in satellite feeds and several pivotal websites. The National Oceanic and Atmospheric Administration, NOAA, said that four of its websites were hacked in recent weeks. To block the attackers, government officials were forced to shut down some of its services. This explains why satellite data was mysteriously cut off in October, as well as why the National Ice Center website and others were down for more than a week. During that time, federal officials merely stated a need for "unscheduled maintenance." Still, NOAA spokesman Scott Smullen insisted that the aftermath of the attack "did not prevent us from delivering forecasts to the public." Little more is publicly known about the attack, which was first revealed by The Washington Post. It's unclear what damage, if any, was caused by the hack. But hackers managed to penetrate what's considered one of the most vital aspects of the U.S. government. The nation's military, businesses and local governments all rely on nonstop reports from the U.S. weather service."

correct me please

[zlives]

so did the NOAA get hacked or just 4 of their websites.

Re:correct me please

[Immerman]

Indeed. An excellent headline, except for the fact that there's no mention of any hacked weather systems of satellite networks in the article. And it's been a long time since a hacked website was particularly newsworthy.

Re:correct me please

[X0563511]

Hacked websites never were.

It's when the databases get breached that it becomes news.

Re:correct me please

[neonv]

From the article,

The National Oceanic and Atmospheric Administration, NOAA, said that four of its websites were hacked in recent weeks. To block the attackers, government officials were forced to shut down some of its services.

... NOAA makes satellite data and imagery available through the Web as well as file transfer networks for downloads.

It was just the web sites, not satellites. This is far overblown.

Re:correct me please

[__aaltlg1547]

You didn't read the linked article, "Hackers attacked the U.S. weather system in October, causing a disruption in satellite feeds..."

Re:correct me please

[SomeoneFromBelgium]

Both. I regularly hack them to make sure I have good weather while on holliday!

Re:correct me please

[AK+Marc]

Sounds like that's consistent with disrupting public NOAA websites where the satellite feeds are displayed, reported by bad journalism.

Re:correct me please

[zlives]

i just use a coin and get the same results.

LOL

If the NSA weren't so distracted by its mass surveillance of innocent US citizens it may have been able to prevent this from happening.

Re:LOL

[mars-nl]

I was thinking exactly this (except that I was thinking about "citizens", not "US citizens").

But really, why not stop complaining about China hacking US systems (usually with no evidence) and start getting to asses risks and fix your leaky systems. If billions of dollars poured into the NSA to eavesdrop on people were instead used for finding and fixing vulnerabilities, the USA would be a lot safer.

Re:LOL

The NSA is unfortunately a necessary agency because every other country of note has agencies that have espionage programs targeting the US. The hysteria over some of the NSA programs and methods have made it look like the US is the only country with an active foreign intelligence service. Has anyone noticed that all the countries who loudly expressed their dismay over some the the NSA programs have went mute? I guess their intelligence services pulled the loud mouths aside and told them their intelligence services were actually cooperating and sharing information with the NSA so it's probably best you shut up. On the domestic side has there been any evidence of just one person whose rights have been violated by the NSA?

Re:LOL

On the domestic side has there been any evidence of just one person whose rights have been violated by the NSA?

No one, no. Millions. Remember that guy Snowden? Solid, cross-checkable documented proof. Not just evidence, proof.

That's why the NSA is a 4-letter word these days. Because they forgot that their mission was to protect the people of the USA when they started routinely spying on the people of the USA.

Re:LOL

On the domestic side has there been any evidence of just one person whose rights have been violated by the NSA?

Hard to know when all such surveillance orders come with gag orders. But I'm sure you already knew this.

Re:LOL

[uncqual]

My kingdom for mod points (I had them a few hours ago :()

Commerce relies on the web feeds directly or indirectly (it may just be a contractor deciding if they will do Job A today [inside] or Job B today [Outside painting]). It would be nice if the government shutdown the data feed with message/press release "We have been compromised by hackers and are striving to harden our systems. Meanwhile, we have shutdown the feed. Please track our every four hour posts (or more frequently) at aaa.bbb.gov for updates on progress).

On the other hand, try getting off the "no fly list" if you're a consultant with an unfortunate name (perhaps including Mohammad) who NEEDs to fly.

The US government needs to get their priorities straight and focus on important stuff and be more transparent. Hint -- some dude smoking weed or selling it to their buddy probably isn't as important as securing critical government networks.

Re:LOL

[uncqual]

Really? In a world where responsible US web sites need to implement some sort of "we haven't gotten a national security letter in the last x seconds" sentinel in order to maintain their customers' trust and their own moral integrity?

Yes, the NSA is a necessary agency. Your local police are also a necessary agency - but surely you don't think your local police agency should be able to shoot and kill anyone that they think might be suspicious "because they are a necessary agency".

*EFFECTIVE* JUDICIAL OVERSIGHT AND PUBLIC TRANSPARENCY ARE CRITICAL TO SUCH AGENCIES IN A FREE COUNTRY.

Re:LOL

[dcw3]

Clearly another apologist. Yes, lets blame those who got hacked, and pretend there's no problem with China's state operated hacking.

Re:LOL

[jfengel]

Well... while there sure as hell is a problem of China's state-operated hacking, it's not going away any time soon. We're not going to war over it (either physically or economically) and any treaty we signed to deal with it wouldn't be worth the paper it's written on. While I'd love to see the Chinese at least commit to removing the line item in their budget that says, "30 gazillion yuan for breaking into American computers", they'd surely just rename it and the actual hackers would do no more than change the project number on their time cards.

So yeah, you have to harden your web sites, and start thinking about our protocols in ways designed to make it easy to recognize and divert hackers, because the hackers aren't going away. We can blame them all we like, and be right, but that and $2.99 will get you a tall latte.

Re:LOL

[AK+Marc]

The NSA is unfortunately a necessary agency because every other country of note has agencies that have espionage programs targeting the US.

No, not really. 3 guys in a basement reading Obaba's Medium posts and Republican tweets isn't an "espionage program". And really, most foreign governments don't do much more than read public information to make guesses and inferences from them. The only countries that routinely invaded other countries with CIA/KGB/FSB/MI6 operatives are referenced in those acronyms.

Re:LOL

[mars-nl]

I'm not saying there are no hack attempts coming from Chinese IP-addresses, but the proof that this is "state operated hacking" is thin or non-existent. I wonder why all the headlines always talk about China. Is there no problem with cybercriminals from Russia, Ukraine, or even from the USA? Doesn't all economic espionage go both ways? This China bashing looks like a media campaign to create a new big bad cyber enemy to distract from actual problems (like lack of NOAA funding), to get new privacy-destroying legislation to "secure the homeland" passed, to get funding for NSA, to get good deals for government contractors. Maybe I'm just paranoid...

Meanwhile the US government spends billions of tax money to employ the smartest hackers they can find. If they all would be employed to create secure software, secure networks, find and fix leaks in existing software, there would be no hacking problem. But somehow this is not a priority. If only one NSA guy was employed at NOAA to make sure their web servers are patched and hardened, this would not have happened. There will always people trying to hack your systems, no matter how hard you scream it's unfair.

False weather forecasting?

I mean, who would even notice.

Re:False weather forecasting?

[nospam007]

"I mean, who would even notice."

The hackers will ruin the weather and make it rain all the time, obviously.
They'll stop only after the payment of a ransom.

Re:False weather forecasting?

[sconeu]

We could use some of that in CA.

Re:False weather forecasting?

I can get a better weather forecast by standing on a hill and pissing in the wind.

Re:False weather forecasting?

[ShaunC]

Early this morning, someone re-issued an old tornado watch from 2010, which was apparently distributed over official channels (not EAS, though). Everyone who saw it and possesses half a brain knew it was obviously a mistake of some kind, of course that didn't stop the news from making a big deal out of it.

Re:False weather forecasting?

[hey!]

I mean, who would even notice.

If you're old enough, you might remember a time when that joke was funny.

I was 14 years old when the GOES-1 satellite was launched. At the time the most powerful computer in the world was probably the CDC 7600, which ran at 34 MHz, had 64 Kilobytes of RAM, and delivered 10 MFLOPS. Today the highest end desktop delivers over 100 GigaFLOPS, and supercompuyters deliver into the PetaFLOPS -- that's eight orders of magnitude faster.

So until I was a teenager forecasts were essentially done by hand without computers or sattelites, and these early forecasts had an interesting property: the next day's forecast was not significantly more accurate than assuming tommorow's weather would be like today's. In my experience, today's three day forecasts are more accurate than next day forecasts were back then. In the early 70s we'd maybe get two days of warning that a storm like Sandy might hit our region, and we wouldn't know for sure until hours before it made landfall. With Sandy the track was predicted within fifty miles accuracy five days ahead.

We can still complain about next day's forecast because we're now expecting hourly predictions. We're holding weather forecasts to the standard that we can almost set our watch by them -- or at least our sundial. The problem with that is that at any given moment it might be raining in one spot and not raining in another spot a mile away. But I have a feeling that that kind of pinpoint geographic precision is coming someday.

It's important to remember these advances didn't happen because the problem was easy; they're an immense human accomplishment. When GOES-11 failed three years ago I remember having an argument with a young guy who claimed that the government shouldn't be in the weather satellite business, and (I am not making this up) if it wants satellite weather maps it should get them off the Internet like everyone else.

Re:False weather forecasting?

[Eunuchswear]

At the time the most powerful computer in the world was probably the CDC 7600, which ran at 34 MHz, had 64 Kilobytes of RAM, and delivered 10 MFLOPS.

No, it had 64K words. 60 bit words. That's 640K bytes (6 bit bytes of course).

Re:False weather forecasting?

[Eunuchswear]

No, it had 64K words. 60 bit words. That's 640K bytes (6 bit bytes of course).

6 bit bytes! Why?

Science doesn't need lower case.

Re:False weather forecasting?

[hey!]

No, it had 64K words. 60 bit words. That's 640K bytes (6 bit bytes of course).

6 bit bytes! Why?

Science doesn't need lower case.

Because they had to chisel them out of rock.

Re:False weather forecasting?

[Eunuchswear]

No, not out of rock, out of iron. (Each bit was a ferromagnetic donut, hand threaded onto three or four copper wires).

It's obviously a conspiracy

[BenSchuarmer]

to fake data for global warming or keep us from finding out about chem trails or keep us from finding out about space aliens or something like that.

I Told you So

[Kozar_The_Malignant]

See, there is no global warming. It's those liberal, Obama-loving hackers. If it wasn't for them, it would be 75 F outside in Denver right now.

More funding please

[aslashdotaccount]

I just don't see how it's so easy to accomplish these insurgencies when lesser systems managed by organisations with smaller funding are able to keep their systems better protected. It's not like we don't already know 99++% of the possible attack vectors, and not like the US government won't have enough bandwidth to fend off any sort of DoS attack.

Perhaps we'll soon get wind of an appropriation bill floated by the meteorological agencies...

Re:More funding please

well you see when a hacker driving at 88mph connects to 1.21jiggawatts of energy he/she is able to hack multiple websites no matter the protection because they are moving back in time to add vulnerabilities to the system before they are born... or something like that

Re:More funding please

so now we need funding to go back in time and fix it before it happens again... Get in me belly, err GIMME MONEY.

ALERT ALERT movie reference changed by time bandits

Re:More funding please

[ColdWetDog]

It is very easy to see how this happens. "US Government" computers don't come from the same pile. There is no centralized, underground server farm protected by SEAL teams and NSA contractors, powered by triply redundant nuclear reactors and run through six proxies. It is thousands of separate systems run by agencies how often are pretty strapped for cash, often have systems that haven't been updated in decades and often run by people who don't live and breath security.

So it's no real surprise that NOAA (which could be a poster child for those underfunded, overstretched agencies) got hacked. Probably happens more times than anybody knows. Certainly is happening more times than anybody is saying.

Re:More funding please

[aslashdotaccount]

I really don't think it should be too hard to find talented young people who can become security experts with the right push. And it shouldn't take an army of people to provide this push given all the cheap information propagation means that the Internet has afforded us.

As for cost of security systems, how expensive would it be to setup 6 layers of proxies or multiple firewalls using Linux? My mobile phone would probably handle the screening and NAT tasks for an agency with 1000s of employees.

Re:More funding please

Seems that you are both limited in your security knowledge and critical thinking skills at this time. I'll handle the unintentionally inflammatory second statement first. If they can't afford security experts now, then how are they going to keep security experts that they create? Secondly, nested proxies aren't significantly useful. If traffic can get through, potential attacks can too. Similarly, why would you need multiple firewalls for one system? Either unwanted external traffic gets blocked or it doesn't. Back to back proxies and firewalls are as good as a house with ten serial front doors that use the same key. Finally, the comment on your phone. Well, it better be a damn good phone that just so happens to use server-grade hardware and has several GB ports. By the bye it would in all likelihood be PAT. NAT is all but dead in external AD boundaries for organizations.

Re:More funding please

[Eunuchswear]

There is no centralized, underground server farm protected by SEAL teams and NSA contractors, powered by triply redundant nuclear reactors and run through six proxies

Don't give them ideas.

orly?

[slashmydots]

"Still, NOAA spokesman Scott Smullen insisted that the aftermath of the attack "did not prevent us from delivering forecasts to the public."
Picking temperatures and precipitation states out of a hat and then telling people it technically is delivering a forecast. Note that he never said "accurate."

chi.com slant annoyance

[noshellswill]

Time to hurt the chi.com mandarins ... take away their money by closing off all imports. I'd also level North Korea as a **message** .. but that's just me.

Re:chi.com slant annoyance

[ColdWetDog]

You can't do that. I haven't got my new iPhone yet.

It's Superman III all over again!

[RevWaldo]

They're trying to destroy the coffee crops!

.

Re:It's Superman III all over again!

No, its skynet preparing for its preventive strike.

Well at least...

[ls671]

Well at least no plane crashed because it flew into an undetected storm...

Propaganda

There is no country that engages in so much propaganda and spying on monumental levels as the U.S; if it comes out of the mouth of the U.S government, be skeptical.

Re:Propaganda

[praxis]

There is no country that engages in so much propaganda and spying on monumental levels as the U.S; if it comes out of the mouth of the U.S government, be skeptical.

You should travel the world more.

Re:Propaganda

[aslashdotaccount]

Perhaps to Maldives, if y'all want to know what propaganda really means.

List is growing of APT successes

They all happened more-or-less simultaneously, too.

They hacked out weather network

[xaotikdesigns]

Does this mean that hackers are now in control of our weather?

How long until Hurrican "Hitler did nothing wrong" hits land?

Always the Chinese Hackers

No Evidence what so ever that it is Chinese hackers, but we have a hunch so we'll report it as fact.

Re:Always the Chinese Hackers

[aslashdotaccount]

That's what Balotelli said...

Great American firewall for China??

[kualla]

Maybe the USA needs to build a firewall that blocks all of China.... What I don't get, is how do we always know it is China, when all they need to do is use some VPN's and proxies to hide their location? They can break into satellites and every damn other thing, yet they don't take 2 seconds to hide their trail. Makes me think China is an easy scape-goat, otherwise China is giving a big middle finger to the US... Or maybe another country wants the USA to get pissed at China, by making the attacks all look like they are coming from China.

Dysfunctional NOAA

[PineHall]

It seems that NOAA's administration has become dysfunctional. They should have notified Commerce Department Inspector General immediately but they did not. I wonder why they felt they had to shut down a variety of data feeds. Minimal impact they claim but there was definitely an impact. Money has been tight for them but Congress gave them $25 million for a new supercomputer. That was 18 months ago and it looks like nothing has been done on that front. They will lose the money in September 2015 if they don't do something. You can sign a petition asking the Whitehouse to get them to spend the money for that needed supercomputer.

Re:Dysfunctional NOAA

[Impy+the+Impiuos+Imp]

"Unscheduled maintenance" sounds like something China would say when they had problems.

Star Wars

Next they will hack the satellites with the nukes.

Real damage

[mars-nl]

From the article:

The impact of the hack was real: Scientists at Atmospheric and Environmental Research in Lexington, Massachusetts were unable to send a preliminary report about weather patterns to traders and investors earlier this year.

So some traders did not bring an umbrella and got wet walking from their BMW to their office? Why can't they look out of the window like everybody else?

Chinese or...

...Maybe the oil industry, desperate to fake "evidence" that climate change isn't happening?

Obligatory XKCD

[Somebody+Is+Using+My]

XKCD did it first
(Seriously, is there a geek-topic that guy hasn't written a cartoon about?)

Re:Obligatory XKCD

[TangoMargarine]

It's a wonder he hasn't done one yet about people posting "obligatory xkcd" strips everywhere.

Smog? What smog?

All you see looking at China is blue skies --- no, wait, that's a blue screen ...

Re:It's Pedantman III all over again!

It's preventative.

some captain midnight the weather channel!

[Joe_Dragon]

best to do it in middle of there fine reality shows

NOAA websites hacked ..

[lippydude]

What Operating System did these NOAA websites run on?

Scarce information

[manu0601]

TFA contains nothing about how they broke in (through US control center or through their own antenna?) and how they were evicted from the satellite.

"Hackers attacked the U.S. weather system"

No, they did not hack the weather.....

Think TERRYRISTS controlling the WEATHER

But what happens when the CYBER TERRYRISTS control the weather and send hurricanes? The wind could catch the flag waving Americans, and wrap the flags around their heads, turning them into terrorists too.

This is just the start people!

I saw it on Fox, so it must be true!

Actually

It was Americans using Chinese owned computers.

Tech sites sure are stupid uninformed speculating niggers.

Then again the majority of the stories written by the Associated press affiliated site are written by the CIA.

Facts

Quite Unclear

Please explain what constitutes a "hack" on NOAA websites.

In fact the "data" at NOAA web sites are all wrong. So. Why would a foreign government or any hacker-group want to waste time with anything NOAA!

NOAA is just a failure.

We should move on and forget NOAA.

Re:It's Pedantman III all over again!

It's either.

In Canada

In Canada we use what is known as a weather stick for forecasting. If the stick is wet it is raining. If the stick is white it is snowing. If the stick can not be seen then it is night time.

Acts of war

These hacks sponsored by the Russian and/or Chinese governments are acts of war.

Bogeymen in them thar satterlites!

Look, if we want to prevent this sort of thing, we need to stop scaring ourselves with stolen words.

Write what you know, without vaguely scary words of bad vagueness, thanks.

weather models actually impacted

[Lord+Satri]

Not true, not "just websites" were impacted. I work for a non-US national meteorological center. Those recent hacks meant for us that important satellite data that was usually provided by the NOAA suddenly stopped being accessible, having real impacts on weather forecasting quality. It took a few days to find alternatives. We learned and are in the process of making certain that such a situation does not happen once again. In other words, for some major 'foreign' weather forecasting operations, the impacts were real and important, not overblown as you state.

Unrelated, Slashdot's commenting system sucks in mobile devices... We can't quote or even see the original comments while replying... And the comment box doesn't resize while replying, we can't even review our own replies! Lots of room for improvement...

We quarantine infectious diseases don't we?

[INT_QRK]

It's time to quarantine malicious actor countries. We need to study innovative means, methods, and architectures to isolate, contain or somehow filter extremely maliciously behaving countries. A "Great Firewall of China" is becoming a more and more obvious need.

We're doomed

[Chelloveck]

Crap! The Chinese have hacked into the weather satellites. Now they control the CIA's Weather Dominator and will be able to make the polar vortex a permanent feature over North America! Oh well, at least this will expose "global warming" hoax that the Obama administration has been perpetrating with it. So much for giving this country the climate of his native Kenya.

hack-a-day

[j_l_larson]

lately