Slashdot Mirror

← Back to Stories (view on slashdot.org)

China Blamed For Attack On Australian Bureau of Meteorology (abc.net.au)

Posted by Soulskill on from the stormy-weather dept.

New submitter ElectronF sends news that officials within the Australian government are blaming China for an attack on computer systems at the Bureau of Meteorology. "The bureau owns one of Australia's largest supercomputers and provides critical information to a host of agencies. Its systems straddle the nation, including one link into the Department of Defence at Russell Offices in Canberra." China has denied involvement, saying, "We have stressed that cyber security needs to be based on mutual respect. We believe it is not constructive to make groundless accusations or speculation." The Bureau's systems are still fully operational, though officials say the breach will require significant investment to recover from.

28 of 44 comments (clear)

  1. "the breach will require significant investment" by calexontheroad66 · · Score: 1

    Yu Ming properly securing your network.

  2. Attacking the *Met* Office? by Nutria · · Score: 1

    Why in the hell would a foreign government want to attack that? It's not like Australian B-17s and B-24s need to know when there's clear weather.

    --
    "I don't know, therefore Aliens" Wafflebox1
    1. Re:Attacking the *Met* Office? by fustakrakich · · Score: 4, Insightful

      Guess you didn't read the article. It can be a pathway to juicier targets. Also, China doesn't like seeing smog reports they can't censor.

      --
      “He’s not deformed, he’s just drunk!”
    2. Re:Attacking the *Met* Office? by Nutria · · Score: 1, Troll

      Guess you didn't read the article.

      This is /. Why would you expect that I RTFA?

      --
      "I don't know, therefore Aliens" Wafflebox1
    3. Re:Attacking the *Met* Office? by fustakrakich · · Score: 1

      Because there are no centerfolds...

      --
      “He’s not deformed, he’s just drunk!”
    4. Re:Attacking the *Met* Office? by KGIII · · Score: 1

      How the hell is that a troll? That's just how it is around here. I'm more offended if someone *does* read the article. I could never understand the Slashdot effect 'cause it sure as hell wasn't the people commenting who were clicking the links.

      --
      "So long and thanks for all the fish."
  3. Isn't it interesting... by mitcheli · · Score: 2

    "We have stressed that cyber security needs to be based on mutual respect. We believe it is not constructive to make groundless accusations or speculation." Then why do you keep doing it? Respect is earned, not given. Isn't it interesting that the brand new stealth fighter introduced by China looks an awful lot like the F-35 strike fighter produced by the US? And that the release was a short time after the release of the F-35.. which took decades to design?

    --
    Select from tblFriends where interesting >= 4;
    1. Re:Isn't it interesting... by Anonymous Coward · · Score: 3, Insightful

      fighter introduced by China looks an awful lot like the F-35 strike fighter produced by the US?

      Dude, it's the F-35. That was a cunning plot by the Yanks to saddle China with an overpriced, underperforming aircraft to remove any future threat from their airforce.

    2. Re:Isn't it interesting... by Anonymous Coward · · Score: 1

      But. The rumour is, that the chinese version can actually fly? Becouse some of the stupid us military requirements were cut off in chinese version?

    3. Re: Isn't it interesting... by DMJC · · Score: 2, Interesting

      Nah not stealth, just the shitty vtol those idiot marines put in. Jack of all trades master of none and too many cooks make for a dud plane.

    4. Re: Isn't it interesting... by KGIII · · Score: 1

      Hey now. It's not the Marine's fault. They were told that they had to use it, they had no choice. They said that VTOL is a requirement which, frankly, it is if it's to be a replacement for the Harrier. The idiots decided that, instead of allowing them to get an updated Harrier, they'd stuff VTOL into the damned F-35. The Marines would have been perfectly content with just updating the Harrier and not using the F-35 at all. If you're unaware of why VTOL is important for the Marines on a modern battlefield then I'd submit you may not know enough to opine.

      The fault is not that the Marines need VTOL. The fault is that the idiots insisted that putting it into a F-35 was a viable choice - and not something the Marines had/have control over. By not listening to the Marines, who clearly expressed a desire to have an updated Harrier - not even an entirely new aircraft, you get this as a result. That you blame this on the Marines is a bit telling.

      --
      "So long and thanks for all the fish."
  4. Flabbergasted by Errol+backfiring · · Score: 4, Insightful

    "We have stressed that cyber security needs to be based on mutual respect."

    Call me a pragmatist, or just call me a web programmer, but for me security is based on a healthy distrust.

    --
    Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
    1. Re:Flabbergasted by AmiMoJo · · Score: 1, Troll

      Respect != trust. What they mean is that people shouldn't make wild, unfounded allegations without hard evidence because it creates a chilling effect and prevents cooperation. Imagine if the attack did originate from China, but from an individual or criminal group rather than the government. Having accused the Chinese government of hacking every other Tuesday for the past decade, how likely are they to now help track the real culprits down?

      It also screws up the import/export market, because everyone assumes all Huwawei gear has Chinese government backdoors and all Cisco gear has US government backdoors. That may actually be true, but the point that endlessly repeating it to damage the other side is, well, damaging, stands up.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    2. Re:Flabbergasted by Coren22 · · Score: 2, Insightful

      China controls this huge firewall on every connection to the greater internet. Anyone hacking from China by default has the blessings of the government, or the firewalls and people doing the monitoring would have put a stop to it.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    3. Re:Flabbergasted by _merlin · · Score: 1

      All the Great Firewall does is black-hole IP traffic to certain addresses/ranges. If you're sending data to/from an address range that isn't blocked, anything goes. The only people protected from hack attempts by the Great Firewall are the people they're blocking all access to (Google, English wikipedia, Facebook and the rest of that crap).

    4. Re:Flabbergasted by KGIII · · Score: 1

      You mean to tell me that the Great Firewall does not do stateful packet inspection?

      --
      "So long and thanks for all the fish."
    5. Re:Flabbergasted by _merlin · · Score: 1

      It does packet inspection of incoming DNS response packets, i.e. if a client in China makes a DNS request to a server outside China the result may be intercepted/modified. I think it also does some kind of deep packet inspection to flag possible SSL VPNs becoming popular, but that isn't used for real-time blocking, only to give the administrators potential addresses to blacklist. For all the talk about it, the Great Firewall doesn't really do a lot of blocking at all.

      Chinese ISPs often block more than the Great Firewall itself. For example on of my friends is on an ISP that blocks egress to foreign residential broadband IP address ranges by default. This is supposedly so that when one of their customers gets infected with malware it can't attack residential broadband customers outside China. They will turn this off for a customer on request, though.

    6. Re:Flabbergasted by KGIII · · Score: 1

      Then, perhaps, they can see the sources (and track, presumably) after the fact? There's a great deal of evidence that points to this being either condoned or perpetrated by the Chinese government - with a whole host of anecdotes (which actually *are* a form of data) as well as some more material evidence such as originating IP address spaces and their allocations.

      Thank you for the information. I'd have figured it to be more real time as well as more locked down as opposed to closing it afterwards. I figured they went with something more akin to whitelisting as opposed to blacklisting. Given the scope, and some thinking, I can see why they might not take on such an overwhelming task but China's come a long ways since I was a child (born in 57).

      As an aside; My VPN has an exit server in China. I've spent a fair amount of time pondering why that would be the case. The only thing I can come up with is that it might be because someone would want something to appear to come from within the confines of the Great Wall. I'm also curious as to why the Chinese government would allow such and, needless to say, I don't make use of it as a general rule but I have used it to see if I could access a few sites out of curiosity.

      Again, thanks. I'd also understood that the Great Firewall doesn't do nearly as much as it once did from reading a few things here and there. I figure it's probably maintained more or less to keep track of things after the fact. I am also quite certain that the Chinese government does a lot of the things they're accused of doing but probably not all of them. They're an awfully convenient group of people to blame, perhaps too convenient but I may be moving into tinfoil-hat-territory.

      --
      "So long and thanks for all the fish."
    7. Re:Flabbergasted by _merlin · · Score: 2

      Yeah, I'm sure the operators of the Great Firewall could identify sources of hacks and DDoS after the fact, but it's just not within the scope of their responsibilities. They're just there to enforce government policies that most of them don't even agree with, it's just a day job. They're not going to go out of their way to make China friendlier to the rest of the Internet.

      VPN exit points in China are most useful for businesses outside China doing business with Chinese customers or suppliers. It lets you check what your web presence looks like from inside China. Many things that people take for granted don't work from inside China, e.g. lots of sites suck in JavaScript frameworks from Google APIs, but this doesn't work from China because Google APIs servers are blocked. You can test for these kinds of issues by browsing via the Chinese VPN exit point.

      I'd say the Great Firewall does more now that it used to. A decade ago, there wasn't really a Great Firewall as such, and ISPs were responsible for blocking what the government told them to, so you got different behaviour on different ISPs. Some ISPs would redirect you to a "this is blocked" page, others would give "connection reset by peer", while still others would black-hole traffic. At least now the government deploys the filtering and sets the policies now, so you get consistent behaviour across ISPs.

      Yeah, some hacking comes from China. Some of it is just botnets of pwned PCs that could be operated from anywhere. That part of it isn't any worse per capita than anywhere else in the world. The Chinese government probably has some offensive hacking capability, and I wouldn't want to be on the receiving end of it. It's probably used for very targeted attacks on high-value targets. But I don't think half the things blamed on China really come from China at all.

  5. Proof? by Crowd+Computing · · Score: 2

    I keep reading news about Chinese state-sponsored network attacks. Is there actually independent, third-party, non-government proof about this? I can think of a scenario where the IPs all come from China but the attacker is from some place else. Wouldn't it be possible the IPs come from compromised computers? How do yu distinguish a state-sponsored attack from an attack by the Chinese equivalent of Anonymous?

    1. Re:Proof? by Anonymous Coward · · Score: 2, Insightful

      The people that track down these events are security researchers doing it for prestige and networking opportunities to land contracts.

      Or just making shit up for publicity / covering up what a shit job was done securing it in the first place by blaming the China bogeyman.

  6. Attack! by Anonymous Coward · · Score: 1

    "China Blamed For Attack On Australian Bureau of Meteorology"

    My first thought was, how did the Chinese get the Australians to think the rocks they were throwing were meteors?

  7. Re:Chinese blamed for ... by HiThere · · Score: 2

    Yeah, you're right. But I tend to believe this claim anyway. Some of the things China is blamed for they actually do.

    OTOH, it's not clear that this was an action by the Chinese government. (The summary didn't say that was even claimed.) And if it were, it's not clear that it would be the policy of the government rather than some loose cannon. (I assume they've got just as many as we do.)

    The reported response, however, seems more PR than anything else. (Again, just based on the summary.) This shouldn't be surprising. I bet China's government is even more labyrinthine than ours.

    --

    I think we've pushed this "anyone can grow up to be president" thing too far.
  8. obvious to anyone in the security field by raymorris · · Score: 3, Informative

    To anyone who does information security, the fact that the Chinese government has the world's largest offensive infosec program is as obvious as the fact that the sun shines during the day time. Most attacks come from China, from behind the great firewall, with a large percentage of sophisticated attacks coming from IPs allocated to the Chinese military.

    One particular facility is especially notable, it is a Chinese military installation that is listed as secret - its purpose is not published, a huge amount of attacks come from this facility, and they hire comp sci graduates. Now either ALL the compsci grads have had all of their computers controlled by Russian hackers for years and admins at this secret military facility haven't noticed gigabits of attacks constantly coming out of the facility, or they are the ones initiating the attacks.

    It is not at all unusual for US networks to block all access from some very large IP ranges from China because these IPs have been a major, major source of attacks for -years-.

    Speaking of government sources, if you speak infornally to the government people tasked with defense of US networks, chat with them in the smoking area by the loading dock, you'll find they are very afraid of what China is doing; the US is far outmatched in this area.

    If you compare the US Navy vs China it is clear the US capability is far superior. For infosec (or"cyber"), it's the same but in reverse. You don't need top-secret clearance to see that the US Navy is the world's largest by far and the Chinese cyber command is by the world's largest.

  9. For all the crap the NSA is accused of... by MikeRT · · Score: 3, Interesting

    "We have stressed that cyber security needs to be based on mutual respect. We believe it is not constructive to make groundless accusations or speculation."

    Attacking public systems like this is not one of the things they're much known for doing or even aiding and abetting. One has to wonder what China would do if suddenly the NSA and GCHQ were to take the kid gloves off and do to Chinese industry and civilian agencies what they've been doing to ours.

    The only real electronic escalation would be attack on critical systems aimed at killing people. Once Chinese state-backed hackers start doing that, it's only a matter of time before the federal government escalates it into a formal war. So the question is, what does it take to get "mutual respect."

  10. Why a public facing network again and again? by AHuxley · · Score: 2

    Why would Australia put any interesting part of its Department of Defence on an open network facing system? If its so important dont connect it to the outside world...
    Thats what vaults and air gapped networks are for. Then only cleared staff can use an internal network as to their security clearances.
    All the out sourcing, public private partnerships, privitization just invited everybody on the world facing "internet" deeper into once very secure gov and mil networks.
    If "critical information" is so very secret, keep it secret and dont allow to be stored, created, updated on open, public facing networks.
    How about some real, working, in use Australian only developed encryption? So when the public facing networks have issues, the rest of the world gets nothing?
    What is with nations around the world and their mil/gov that a generation of well paid gov/mil experts over the past decade cannot understand about the public internet and keeping a nations data secure?

    --
    Domestic spying is now "Benign Information Gathering"
    1. Re:Why a public facing network again and again? by Kellamity · · Score: 1
      High chance the only thing that is linked is the Microsoft Exchange server so people can chat to each other on Lync. The Windows XP version, because Defence have still not been upgraded.

      At least if it's going to rain, the Chinese won't be left in the dark!

  11. Now China must pay 1 gazillion dolliroos in fines. by dsmatthews9379 · · Score: 1

    Just for the cost of a new supercomputer to tell us what a rock on a string can indicate just as well. https://en.wikipedia.org/wiki/...