China Blamed For Attack On Australian Bureau of Meteorology (abc.net.au) 44
New submitter ElectronF sends news that officials within the Australian government are blaming China for an attack on computer systems at the Bureau of Meteorology. "The bureau owns one of Australia's largest supercomputers and provides critical information to a host of agencies. Its systems straddle the nation, including one link into the Department of Defence at Russell Offices in Canberra." China has denied involvement, saying, "We have stressed that cyber security needs to be based on mutual respect. We believe it is not constructive to make groundless accusations or speculation." The Bureau's systems are still fully operational, though officials say the breach will require significant investment to recover from.
"the breach will require significant investment" (Score:1)
Re: (Score:3)
Yeah, you're right. But I tend to believe this claim anyway. Some of the things China is blamed for they actually do.
OTOH, it's not clear that this was an action by the Chinese government. (The summary didn't say that was even claimed.) And if it were, it's not clear that it would be the policy of the government rather than some loose cannon. (I assume they've got just as many as we do.)
The reported response, however, seems more PR than anything else. (Again, just based on the summary.) This shouldn'
Attacking the *Met* Office? (Score:2)
Why in the hell would a foreign government want to attack that? It's not like Australian B-17s and B-24s need to know when there's clear weather.
Re:Attacking the *Met* Office? (Score:4, Insightful)
Guess you didn't read the article. It can be a pathway to juicier targets. Also, China doesn't like seeing smog reports they can't censor.
Re: (Score:2, Troll)
Guess you didn't read the article.
This is /. Why would you expect that I RTFA?
Re: (Score:1)
Because there are no centerfolds...
Re: (Score:2)
How the hell is that a troll? That's just how it is around here. I'm more offended if someone *does* read the article. I could never understand the Slashdot effect 'cause it sure as hell wasn't the people commenting who were clicking the links.
Isn't it interesting... (Score:3)
Re: (Score:3, Insightful)
fighter introduced by China looks an awful lot like the F-35 strike fighter produced by the US?
Dude, it's the F-35. That was a cunning plot by the Yanks to saddle China with an overpriced, underperforming aircraft to remove any future threat from their airforce.
Re: (Score:1)
But. The rumour is, that the chinese version can actually fly? Becouse some of the stupid us military requirements were cut off in chinese version?
Re: (Score:1)
Such as the stealth capability?
Re: Isn't it interesting... (Score:3, Interesting)
Re: (Score:2)
Hey now. It's not the Marine's fault. They were told that they had to use it, they had no choice. They said that VTOL is a requirement which, frankly, it is if it's to be a replacement for the Harrier. The idiots decided that, instead of allowing them to get an updated Harrier, they'd stuff VTOL into the damned F-35. The Marines would have been perfectly content with just updating the Harrier and not using the F-35 at all. If you're unaware of why VTOL is important for the Marines on a modern battlefield th
Flabbergasted (Score:5, Insightful)
"We have stressed that cyber security needs to be based on mutual respect."
Call me a pragmatist, or just call me a web programmer, but for me security is based on a healthy distrust.
Re: (Score:2, Troll)
Respect != trust. What they mean is that people shouldn't make wild, unfounded allegations without hard evidence because it creates a chilling effect and prevents cooperation. Imagine if the attack did originate from China, but from an individual or criminal group rather than the government. Having accused the Chinese government of hacking every other Tuesday for the past decade, how likely are they to now help track the real culprits down?
It also screws up the import/export market, because everyone assumes
Re: (Score:3, Insightful)
China controls this huge firewall on every connection to the greater internet. Anyone hacking from China by default has the blessings of the government, or the firewalls and people doing the monitoring would have put a stop to it.
Re: (Score:2)
All the Great Firewall does is black-hole IP traffic to certain addresses/ranges. If you're sending data to/from an address range that isn't blocked, anything goes. The only people protected from hack attempts by the Great Firewall are the people they're blocking all access to (Google, English wikipedia, Facebook and the rest of that crap).
Re: (Score:2)
You mean to tell me that the Great Firewall does not do stateful packet inspection?
Re: (Score:2)
It does packet inspection of incoming DNS response packets, i.e. if a client in China makes a DNS request to a server outside China the result may be intercepted/modified. I think it also does some kind of deep packet inspection to flag possible SSL VPNs becoming popular, but that isn't used for real-time blocking, only to give the administrators potential addresses to blacklist. For all the talk about it, the Great Firewall doesn't really do a lot of blocking at all.
Chinese ISPs often block more than the
Re: (Score:2)
Then, perhaps, they can see the sources (and track, presumably) after the fact? There's a great deal of evidence that points to this being either condoned or perpetrated by the Chinese government - with a whole host of anecdotes (which actually *are* a form of data) as well as some more material evidence such as originating IP address spaces and their allocations.
Thank you for the information. I'd have figured it to be more real time as well as more locked down as opposed to closing it afterwards. I figured
Re: (Score:3)
Yeah, I'm sure the operators of the Great Firewall could identify sources of hacks and DDoS after the fact, but it's just not within the scope of their responsibilities. They're just there to enforce government policies that most of them don't even agree with, it's just a day job. They're not going to go out of their way to make China friendlier to the rest of the Internet.
VPN exit points in China are most useful for businesses outside China doing business with Chinese customers or suppliers. It lets you
Re: (Score:1)
That makes sense though I thought the original Great Firewall was a bit more effective? I am probably mistaken and I haven't given this one iota of scholarly effort but I have read a bunch on it over the years. So, forgive me for couching this by saying the following was/is my understanding and that I may be incorrect. If that's acceptable then read on! ;-) (My ego is not that frail. What is posted below is simply phrased the way it is for simplicity, more recounting what I'd been given to understand. Keep
Proof? (Score:3)
Re: (Score:2, Insightful)
The people that track down these events are security researchers doing it for prestige and networking opportunities to land contracts.
Or just making shit up for publicity / covering up what a shit job was done securing it in the first place by blaming the China bogeyman.
obvious to anyone in the security field (Score:4, Informative)
To anyone who does information security, the fact that the Chinese government has the world's largest offensive infosec program is as obvious as the fact that the sun shines during the day time. Most attacks come from China, from behind the great firewall, with a large percentage of sophisticated attacks coming from IPs allocated to the Chinese military.
One particular facility is especially notable, it is a Chinese military installation that is listed as secret - its purpose is not published, a huge amount of attacks come from this facility, and they hire comp sci graduates. Now either ALL the compsci grads have had all of their computers controlled by Russian hackers for years and admins at this secret military facility haven't noticed gigabits of attacks constantly coming out of the facility, or they are the ones initiating the attacks.
It is not at all unusual for US networks to block all access from some very large IP ranges from China because these IPs have been a major, major source of attacks for -years-.
Speaking of government sources, if you speak infornally to the government people tasked with defense of US networks, chat with them in the smoking area by the loading dock, you'll find they are very afraid of what China is doing; the US is far outmatched in this area.
If you compare the US Navy vs China it is clear the US capability is far superior. For infosec (or"cyber"), it's the same but in reverse. You don't need top-secret clearance to see that the US Navy is the world's largest by far and the Chinese cyber command is by the world's largest.
Attack! (Score:1)
"China Blamed For Attack On Australian Bureau of Meteorology"
My first thought was, how did the Chinese get the Australians to think the rocks they were throwing were meteors?
Comment removed (Score:4, Interesting)
Why a public facing network again and again? (Score:3)
Thats what vaults and air gapped networks are for. Then only cleared staff can use an internal network as to their security clearances.
All the out sourcing, public private partnerships, privitization just invited everybody on the world facing "internet" deeper into once very secure gov and mil networks.
If "critical information" is so very secret, keep it secret and dont allow to be stored, created, updated on open, public facing networks.
How about some real, working, in use Australian only developed encryption? So when the public facing networks have issues, the rest of the world gets nothing?
What is with nations around the world and their mil/gov that a generation of well paid gov/mil experts over the past decade cannot understand about the public internet and keeping a nations data secure?
Re: (Score:1)
At least if it's going to rain, the Chinese won't be left in the dark!
Now China must pay 1 gazillion dolliroos in fines. (Score:1)