Daily Bulletin

Daily Bulletin

The Conversation

  • Written by The Conversation Contributor
imageTrouble at the BOMflickr Tatters, CC BY-SA

The ABC is reporting that there has been a “massive” breach of computer systems at the Australian Bureau of Meteorology (BOM). The hack of computer systems at the BOM is believed to have originated from China and the ABC has quoted an expert as saying: “It could take years and cost hundreds of millions of dollars to fix”.

The BOM has not denied the breach but has stated that:

The Bureau’s systems are fully operational and the Bureau continues to provide reliable, ongoing access to high quality weather, climate, water and oceans information to its stakeholders.

Unfortunately, little is known about what computers were hacked, nor what was actually done by the hackers. This in turn makes it hard to say definitively what will need to be done to clean up after the hack and more importantly, stop it happening again.

What could realistically have been hacked?

The Bureau of Meteorology, like any government agency, will have a network of desktop computers and servers that are used for their day-to-day business. These systems are the easiest targets because access can be obtained by “phishing” for user names and passwords directly from employees. This hacking approach was used by Chinese hackers in their infiltration of the New York Times in 2013.

It is possible, but less likely, that the hackers were also able to access the BOM’s latest supercomputer, a A$77 million Cray computer that is handling the agency’s ever growing processing power needs. The reason that supercomputers are safer is that access to the computer is rarely direct and interactive. Programs are usually run on the computer by way of another computer that schedules them. This makes direct access harder.

The storage sites attached to the supercomputer that contains the massive amounts of data collected by the BOM could have been targeted but this data alone would not necessarily have been very interesting and much harder to move out of these locations without detection.

Finally, the BOM is connected through to other government agencies, including those involved in defence and security and so hackers could have got access to systems or networks that would allow them access beyond the Bureau’s systems.

What would the hackers have been after?

If the hackers were state-sponsored Chinese hackers such as the People’s Liberation Army Unit 61398, then the target of the hack would have been wide-ranging but possibly focused on information related to Australian defence and security services and capabilities. The Bureau of Meteorology provides environmental monitoring services to these agencies in addition to its role of providing weather information to the public.

The hackers could also have been after other intellectual property including software source code for the systems that the Bureau uses to model weather and make predictions. This would potentially be something of the greatest value to the Chinese because they could use this information to greatly improve their own capabilities.

If the hackers had been simply been cyber criminals, they would have been more interested in getting information about individuals or anything that could be potentially leveraged into a financial gain at some later stage.

What would the damage have been?

The main damage relating to a cyber attack is not usually as a result of any specific damage done by the hackers during their forays through the systems. The damage is actually the cost of work that is needed to investigate and record what has happened, to then make sure that the hackers have not left behind any software that is continuing to spy or providing hackers with renewed access, and finally to plug whatever holes the hackers used to gain access in the first place.

For most systems, this means either re-installing all of the software from scratch or restoring from a backup that is known to be safe. For the supercomputer, this is slightly harder because the system is in continuous use and can’t be taken offline for extended periods of time.

The costs of doing all of this come from the cost of people’s time, especially consultants. Whether this amounts to “hundreds of millions of dollars” as reported by the ABC is doubtful.

If the hack was done by the Chinese PLA, then it is unlikely that whatever security mechanisms are put in place will be completely effective in stopping a recurrence of this attack. Even less likely to have an effect is the recent agreement between US and Chinese leaders to not engage in corporate espionage of each other’s countries.

As reported by The Register, President Obama and President Xi Jinping managed to announce the deal without betraying the scepticism they both must have harboured that it would actually stop any hacking.

Authors: The Conversation Contributor

Read more http://theconversation.com/cyber-breach-at-the-bureau-of-meteorology-the-who-what-and-how-of-the-hack-51670

Writers Wanted

The Conversation


Did BLM Really Change the US Police Work?

The Black Lives Matter (BLM) movement has proven that the power of the state rests in the hands of the people it governs. Following the death of 46-year-old black American George Floyd in a case of ...

a Guest Writer - avatar a Guest Writer

Scott Morrison: the right man at the right time

Australia is not at war with another nation or ideology in August 2020 but the nation is in conflict. There are serious threats from China and there are many challenges flowing from the pandemic tha...

Greg Rogers - avatar Greg Rogers

Prime Minister National Cabinet Statement

The National Cabinet met today to discuss Australia’s COVID-19 response, the Victoria outbreak, easing restrictions, helping Australians prepare to go back to work in a COVID-safe environment an...

Scott Morrison - avatar Scott Morrison

Business News

How To Create A Better Impression With Your Business Card

There’s no doubt that done well, business cards can deliver a lot for a brand. The problem, then, is that there aren’t very many good business cards out there! This is hardly the fault of the bu...

News Company - avatar News Company

Key Strategies to Effectively (and legally) Monetize your Intellectual Property

Let’s be frank: Your intellectual property can potentially make you a lot of money. What is intellectual property? Well, there isn’t necessarily a single definition for this important term but a...

Anton Quintos - avatar Anton Quintos

6 Ways to Help Your Home Based Business Join the Big League

Most of us dream of leaving our tired 9 to 5 jobs, taking ownership over our careers, and starting our own gigs. Up until now, small home-based businesses have proved to be a perfect launching p...

Diana Smith - avatar Diana Smith

News Company Media Core

Content & Technology Connecting Global Audiences

More Information - Less Opinion