It’s official. Foreign spies compromised Australia’s government networks last year, and they got at us through our weather division.
The Australian Cyber Security Centre has confirmed that a 2015 attack on servers at Australia’s Bureau of Meteorology was conducted by a “foreign intelligence service.” The attack saw two computers on the BOM’s network infected with remote access malware, allowing the attacker to search for, and copy, an “unknown quantity of documents.”
“This information is likely to have been stolen by the adversary,” the ACSC said in its 2016 threat report [PDF], released today.
While the ABC has previously reported sources that say China was behind the attack, the minister assisting the Prime Minister on Cyber Security, Dan Tehan, said the government would not be naming the source.
While an attack on the home of Australia’s rain radars might seem an unusual place to start, it was potentially an easy point of access for foreign spies to infiltrate a government network.
As the ACSC notes, the security controls in place at the BOM “were insufficient to protect the network from more common threats associated with cybercrime” and the ACSC estimates that all passwords on the BOM network were already compromised by the time it began its investigation.
But the BOM is not alone.
Between January 1, 2015, and June 30, 2016, the Australian Signals Directorate — the intelligence wing of the government’s Department of Defence — responded to 1,095 “serious” incidents on government systems. The ACSC says government networks are “regularly targeted by the full breadth of cyber adversaries” and that foreign states represent the biggest threat.
So while security is getting beefed up at the Bureau, presumably to better conceal the work of its secretive weather machine division, it certainly won’t be the last time the Australian Government is targeted.