China Blamed For Attack On Australian Bureau of Meteorology

New submitter ElectronF sends news that officials within the Australian government are blaming China for an attack on computer systems at the Bureau of Meteorology. "The bureau owns one of Australia's largest supercomputers and provides critical information to a host of agencies. Its systems straddle the nation, including one link into the Department of Defence at Russell Offices in Canberra." China has denied involvement, saying, "We have stressed that cyber security needs to be based on mutual respect. We believe it is not constructive to make groundless accusations or speculation." The Bureau's systems are still fully operational, though officials say the breach will require significant investment to recover from.

"the breach will require significant investment"

[calexontheroad66]

Yu Ming properly securing your network.

Problem Solved

That's one way to fix your climate problems -- just attack those who make the claims.

Re:It's a way of life over there.

You're talking about Americans, yes?

Duh, should have used Carbonite . . .

You've got to back it up, if you want to get it back.

Attacking the *Met* Office?

[Nutria]

Why in the hell would a foreign government want to attack that? It's not like Australian B-17s and B-24s need to know when there's clear weather.

Re:Attacking the *Met* Office?

[fustakrakich]

Guess you didn't read the article. It can be a pathway to juicier targets. Also, China doesn't like seeing smog reports they can't censor.

Re:Attacking the *Met* Office?

[Nutria]

Guess you didn't read the article.

This is /. Why would you expect that I RTFA?

Re:Attacking the *Met* Office?

[fustakrakich]

Because there are no centerfolds...

Re:Attacking the *Met* Office?

[KGIII]

How the hell is that a troll? That's just how it is around here. I'm more offended if someone *does* read the article. I could never understand the Slashdot effect 'cause it sure as hell wasn't the people commenting who were clicking the links.

Isn't it interesting...

[mitcheli]

"We have stressed that cyber security needs to be based on mutual respect. We believe it is not constructive to make groundless accusations or speculation." Then why do you keep doing it? Respect is earned, not given. Isn't it interesting that the brand new stealth fighter introduced by China looks an awful lot like the F-35 strike fighter produced by the US? And that the release was a short time after the release of the F-35.. which took decades to design?

Re:Isn't it interesting...

fighter introduced by China looks an awful lot like the F-35 strike fighter produced by the US?

Dude, it's the F-35. That was a cunning plot by the Yanks to saddle China with an overpriced, underperforming aircraft to remove any future threat from their airforce.

Re:Isn't it interesting...

But. The rumour is, that the chinese version can actually fly? Becouse some of the stupid us military requirements were cut off in chinese version?

Re:Isn't it interesting...

[Coren22]

Such as the stealth capability?

Re: Isn't it interesting...

[DMJC]

Nah not stealth, just the shitty vtol those idiot marines put in. Jack of all trades master of none and too many cooks make for a dud plane.

Re: Isn't it interesting...

[KGIII]

Hey now. It's not the Marine's fault. They were told that they had to use it, they had no choice. They said that VTOL is a requirement which, frankly, it is if it's to be a replacement for the Harrier. The idiots decided that, instead of allowing them to get an updated Harrier, they'd stuff VTOL into the damned F-35. The Marines would have been perfectly content with just updating the Harrier and not using the F-35 at all. If you're unaware of why VTOL is important for the Marines on a modern battlefield then I'd submit you may not know enough to opine.

The fault is not that the Marines need VTOL. The fault is that the idiots insisted that putting it into a F-35 was a viable choice - and not something the Marines had/have control over. By not listening to the Marines, who clearly expressed a desire to have an updated Harrier - not even an entirely new aircraft, you get this as a result. That you blame this on the Marines is a bit telling.

Re:It's a way of life over there.

Talking about everybody, you moron. We're all the same, doing whatever we can get away with. But yes, China is a primitive culture in regards to respect, most every place outside Western Europe and Canada and Australia is just as primitive, just stealing and killing what they can. Bunch a fucking savages with their voodoo. Life is so cheap for them.

Flabbergasted

[Errol+backfiring]

"We have stressed that cyber security needs to be based on mutual respect."

Call me a pragmatist, or just call me a web programmer, but for me security is based on a healthy distrust.

Re:Flabbergasted

[AmiMoJo]

Respect != trust. What they mean is that people shouldn't make wild, unfounded allegations without hard evidence because it creates a chilling effect and prevents cooperation. Imagine if the attack did originate from China, but from an individual or criminal group rather than the government. Having accused the Chinese government of hacking every other Tuesday for the past decade, how likely are they to now help track the real culprits down?

It also screws up the import/export market, because everyone assumes all Huwawei gear has Chinese government backdoors and all Cisco gear has US government backdoors. That may actually be true, but the point that endlessly repeating it to damage the other side is, well, damaging, stands up.

Re:Flabbergasted

[Coren22]

China controls this huge firewall on every connection to the greater internet. Anyone hacking from China by default has the blessings of the government, or the firewalls and people doing the monitoring would have put a stop to it.

Re:Flabbergasted

[_merlin]

All the Great Firewall does is black-hole IP traffic to certain addresses/ranges. If you're sending data to/from an address range that isn't blocked, anything goes. The only people protected from hack attempts by the Great Firewall are the people they're blocking all access to (Google, English wikipedia, Facebook and the rest of that crap).

Re:Flabbergasted

[KGIII]

You mean to tell me that the Great Firewall does not do stateful packet inspection?

Re:Flabbergasted

[_merlin]

It does packet inspection of incoming DNS response packets, i.e. if a client in China makes a DNS request to a server outside China the result may be intercepted/modified. I think it also does some kind of deep packet inspection to flag possible SSL VPNs becoming popular, but that isn't used for real-time blocking, only to give the administrators potential addresses to blacklist. For all the talk about it, the Great Firewall doesn't really do a lot of blocking at all.

Chinese ISPs often block more than the Great Firewall itself. For example on of my friends is on an ISP that blocks egress to foreign residential broadband IP address ranges by default. This is supposedly so that when one of their customers gets infected with malware it can't attack residential broadband customers outside China. They will turn this off for a customer on request, though.

Re:Flabbergasted

[KGIII]

Then, perhaps, they can see the sources (and track, presumably) after the fact? There's a great deal of evidence that points to this being either condoned or perpetrated by the Chinese government - with a whole host of anecdotes (which actually *are* a form of data) as well as some more material evidence such as originating IP address spaces and their allocations.

Thank you for the information. I'd have figured it to be more real time as well as more locked down as opposed to closing it afterwards. I figured they went with something more akin to whitelisting as opposed to blacklisting. Given the scope, and some thinking, I can see why they might not take on such an overwhelming task but China's come a long ways since I was a child (born in 57).

As an aside; My VPN has an exit server in China. I've spent a fair amount of time pondering why that would be the case. The only thing I can come up with is that it might be because someone would want something to appear to come from within the confines of the Great Wall. I'm also curious as to why the Chinese government would allow such and, needless to say, I don't make use of it as a general rule but I have used it to see if I could access a few sites out of curiosity.

Again, thanks. I'd also understood that the Great Firewall doesn't do nearly as much as it once did from reading a few things here and there. I figure it's probably maintained more or less to keep track of things after the fact. I am also quite certain that the Chinese government does a lot of the things they're accused of doing but probably not all of them. They're an awfully convenient group of people to blame, perhaps too convenient but I may be moving into tinfoil-hat-territory.

Re:Flabbergasted

[_merlin]

Yeah, I'm sure the operators of the Great Firewall could identify sources of hacks and DDoS after the fact, but it's just not within the scope of their responsibilities. They're just there to enforce government policies that most of them don't even agree with, it's just a day job. They're not going to go out of their way to make China friendlier to the rest of the Internet.

VPN exit points in China are most useful for businesses outside China doing business with Chinese customers or suppliers. It lets you check what your web presence looks like from inside China. Many things that people take for granted don't work from inside China, e.g. lots of sites suck in JavaScript frameworks from Google APIs, but this doesn't work from China because Google APIs servers are blocked. You can test for these kinds of issues by browsing via the Chinese VPN exit point.

I'd say the Great Firewall does more now that it used to. A decade ago, there wasn't really a Great Firewall as such, and ISPs were responsible for blocking what the government told them to, so you got different behaviour on different ISPs. Some ISPs would redirect you to a "this is blocked" page, others would give "connection reset by peer", while still others would black-hole traffic. At least now the government deploys the filtering and sets the policies now, so you get consistent behaviour across ISPs.

Yeah, some hacking comes from China. Some of it is just botnets of pwned PCs that could be operated from anywhere. That part of it isn't any worse per capita than anywhere else in the world. The Chinese government probably has some offensive hacking capability, and I wouldn't want to be on the receiving end of it. It's probably used for very targeted attacks on high-value targets. But I don't think half the things blamed on China really come from China at all.

Re:Flabbergasted

[KGIII]

That makes sense though I thought the original Great Firewall was a bit more effective? I am probably mistaken and I haven't given this one iota of scholarly effort but I have read a bunch on it over the years. So, forgive me for couching this by saying the following was/is my understanding and that I may be incorrect. If that's acceptable then read on! ;-) (My ego is not that frail. What is posted below is simply phrased the way it is for simplicity, more recounting what I'd been given to understand. Keep that in mind.)

This is going to be a small novella, you have been warned. You're certainly not obligated to read it but it'd help if you did - if you're planning on responding.

In the past it was on an individual ISP level and there were few ISPs. I'd say that this was in the mid-late 1990s time frame and much of the internet was still limited to academia. Few ISPs were not fully State owned and operated. This expanded and businesses were also given access and the government trained many people in the fields of computer science. Again, the ISPs were still largely owned and operated *entirely* by the State and in a very restrictive fashion - enough to put the Firewall of today to shame.

Then, as things progressed, there were a lot of technological changes as well as policy changes. I'm not sure so much as the policy writ large changed so much as the enforcement of said policy changed. During this time, profit was also something that was allowed to a greater extent. There were even new-found freedoms and tech was progressing at such a rate that there was little time/ability to filter everything. (I think this might be where you come into the story.)

This expanded and ubiquity was increased as China also began to have a, all things being equal, a middle class of sorts. More and more people became educated, more and more people were able to access the internet, and more and more people were skilled in the arcane knowledge known as computer science or some subset of that science. There was also, for a brief (on a larger time-scale) bit of free-flowing information and the government lost a bit of control.

Now, earlier on, things were much more akin to a straight up whitelist. If the government did not, explicitly, grant access than access was not allowed. It was during the early 2000s where this began to change and led into what we'll call the IT-middle-ages which seemed to last until just a few years ago, with a peak of maybe 2008. During these IT-middle ages there was less whitelisting than there was blacklisting. In other words, for the most part, you could go anywhere unless the government had specifically made it a point to tell the now more numerous ISPs that such-and-such a site was required to be blocked via technological means.

During this time, it might be fair to say that the Great Firewall did not exist as such but was more like the actual Great Wall in that it is not one large, constant, continual thing but individual walls that may even overlap, have been built with different materials, and served different functions in different ways. Actually, I think that's a fair and accurate analogy.

Now, since the rise of the Age of IT Enlightenment, there has been a more formal boundary declared, yet again, and the Great Firewall is becoming a bit more like the one that was in existence during the IT Dark Ages of the late 1990s and early 2000s. The tech and "need" is such that the Great Firewall has reached a point where it's somewhere between the PR version (in the West) and the real version that it was during the IT-middle-ages and, perhaps, growing stronger or more effective on a regular basis.

I'd certainly not speculate on the number of attacks that are overtly or covertly perpetuated by State actors, by independent actors, or by businesses acting on their own. I'd also not speculate on the number of attacks that are simply blamed on China because they're easy to blame. It's not like most people are going to believe a denial. I'd also mentio

Re:It's a way of life over there.

Go fuck yourself.

Proof?

[Crowd+Computing]

I keep reading news about Chinese state-sponsored network attacks. Is there actually independent, third-party, non-government proof about this? I can think of a scenario where the IPs all come from China but the attacker is from some place else. Wouldn't it be possible the IPs come from compromised computers? How do yu distinguish a state-sponsored attack from an attack by the Chinese equivalent of Anonymous?

Re:Proof?

The people that track down these events are security researchers doing it for prestige and networking opportunities to land contracts.

Or just making shit up for publicity / covering up what a shit job was done securing it in the first place by blaming the China bogeyman.

Re:It's a way of life over there.

It's called propaganda. The story is a lie. The Obama administration and a bunch of rich bankers are intentionally causing rifts between us and China/Russia/North Korea.

China has no interest in the weather reporting agency.

Attack!

"China Blamed For Attack On Australian Bureau of Meteorology"

My first thought was, how did the Chinese get the Australians to think the rocks they were throwing were meteors?

Re:Chinese blamed for ...

[HiThere]

Yeah, you're right. But I tend to believe this claim anyway. Some of the things China is blamed for they actually do.

OTOH, it's not clear that this was an action by the Chinese government. (The summary didn't say that was even claimed.) And if it were, it's not clear that it would be the policy of the government rather than some loose cannon. (I assume they've got just as many as we do.)

The reported response, however, seems more PR than anything else. (Again, just based on the summary.) This shouldn't be surprising. I bet China's government is even more labyrinthine than ours.

obvious to anyone in the security field

[raymorris]

To anyone who does information security, the fact that the Chinese government has the world's largest offensive infosec program is as obvious as the fact that the sun shines during the day time. Most attacks come from China, from behind the great firewall, with a large percentage of sophisticated attacks coming from IPs allocated to the Chinese military.

One particular facility is especially notable, it is a Chinese military installation that is listed as secret - its purpose is not published, a huge amount of attacks come from this facility, and they hire comp sci graduates. Now either ALL the compsci grads have had all of their computers controlled by Russian hackers for years and admins at this secret military facility haven't noticed gigabits of attacks constantly coming out of the facility, or they are the ones initiating the attacks.

It is not at all unusual for US networks to block all access from some very large IP ranges from China because these IPs have been a major, major source of attacks for -years-.

Speaking of government sources, if you speak infornally to the government people tasked with defense of US networks, chat with them in the smoking area by the loading dock, you'll find they are very afraid of what China is doing; the US is far outmatched in this area.

If you compare the US Navy vs China it is clear the US capability is far superior. For infosec (or"cyber"), it's the same but in reverse. You don't need top-secret clearance to see that the US Navy is the world's largest by far and the Chinese cyber command is by the world's largest.

For all the crap the NSA is accused of...

[MikeRT]

"We have stressed that cyber security needs to be based on mutual respect. We believe it is not constructive to make groundless accusations or speculation."

Attacking public systems like this is not one of the things they're much known for doing or even aiding and abetting. One has to wonder what China would do if suddenly the NSA and GCHQ were to take the kid gloves off and do to Chinese industry and civilian agencies what they've been doing to ours.

The only real electronic escalation would be attack on critical systems aimed at killing people. Once Chinese state-backed hackers start doing that, it's only a matter of time before the federal government escalates it into a formal war. So the question is, what does it take to get "mutual respect."

Re:For all the crap the NSA is accused of...

More than one network admin I've known takes a somewhat brutal, but quite effective approach. All traffic from Chinese and Eastern European IP addresses is dropped at the edge firewall. It's not perfect, but makes it much harder for them to break in.

Re:For all the crap the NSA is accused of...

"We have stressed that cyber security needs to be based on mutual respect. We believe it is not constructive to make groundless accusations or speculation."

Attacking public systems like this is not one of the things they're much known for doing or even aiding and abetting. One has to wonder what China would do if suddenly the NSA and GCHQ were to take the kid gloves off and do to Chinese industry and civilian agencies what they've been doing to ours.

The only real electronic escalation would be attack on critical systems aimed at killing people. Once Chinese state-backed hackers start doing that, it's only a matter of time before the federal government escalates it into a formal war. So the question is, what does it take to get "mutual respect."

What intellectual property could the USA hope to possibly steal from China? China's entire high tech industry from telecommunications to biotech is based on ripping off companies from the USA and Europe.

Just checking

The good people of China. They just scanning he computer for keyword "thermonuclear"

Hackers to Cyber soldiers

There are probably a few talented hackers wanting to fill their attack resume for that steady government job in the Red Army.

Why a public facing network again and again?

[AHuxley]

Why would Australia put any interesting part of its Department of Defence on an open network facing system? If its so important dont connect it to the outside world...
Thats what vaults and air gapped networks are for. Then only cleared staff can use an internal network as to their security clearances.
All the out sourcing, public private partnerships, privitization just invited everybody on the world facing "internet" deeper into once very secure gov and mil networks.
If "critical information" is so very secret, keep it secret and dont allow to be stored, created, updated on open, public facing networks.
How about some real, working, in use Australian only developed encryption? So when the public facing networks have issues, the rest of the world gets nothing?
What is with nations around the world and their mil/gov that a generation of well paid gov/mil experts over the past decade cannot understand about the public internet and keeping a nations data secure?

Re:Why a public facing network again and again?

[Kellamity]

High chance the only thing that is linked is the Microsoft Exchange server so people can chat to each other on Lync. The Windows XP version, because Defence have still not been upgraded.

At least if it's going to rain, the Chinese won't be left in the dark!

Re:It's a way of life over there.

Tard is as tard does.

Now China must pay 1 gazillion dolliroos in fines.

[dsmatthews9379]

Just for the cost of a new supercomputer to tell us what a rock on a string can indicate just as well. https://en.wikipedia.org/wiki/...