BOM hack pinned on someone foreign
The Australian Cyber Security Centre (ACSC) has attributed last year’s Bureau of Meteorology (BoM) hack to a foreign power.
This week’s 2016 Australian Cyber Security Centre Threat report (available here in PDF form) says a foreign power was running malware on the BoM’s computer system in order to copy sensitive documents and break into other government networks.
The BoM’s computers are some of the most connected in government, with a broad range of departments referring to it for data on an almost constant basis.
“ASD (Australian Signals Directorate) identified the presence of particular Remote Access Tool (RAT) malware popular with state-sponsored cyber adversaries, amongst other malware associated with cyber crime,” the report reads.
“The RAT has also been used to compromise other Australian government networks.”
The report said the foreign intelligence service that installed the well-known CryptoLocker program, among other malware, to steal sensitive information.
The BoM infection was just one of 1095 serious cyber assaults in the 18 months to June 30 this year.
ACSC noted the government’s dismal lack of security controls to prevent cyber crime.
“Security controls in place were insufficient to protect the network from more common threats associated with cybercrime,” the report said
“CryptoLocker ransomware found on the network represented the most significant threat to the bureau's data retention and continuity of operations.
“ASD identified evidence of the adversary searching for and copying an unknown quantity of documents from the bureau's network.
“This information is likely to have been stolen by the adversary.”
Media reports have pinned the attacks on China, but the Minister Assisting the Prime Minister for Cyber Security, Dan Tehan, would not say which foreign state was behind it.
According to the ACSC report; “At this point in time, terrorists are more likely to embarrass governments, impose financial costs, and achieve propaganda victories by compromising and affecting poorly secured networks.”